Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

STATUS_ACCESS_DENIED - cannot connect. Does the SambaLibrary not support Windows Server 2016 default file share? #20

Closed
nddipiazza opened this issue Apr 13, 2019 · 6 comments
Closed

STATUS_ACCESS_DENIED - cannot connect. Does the SambaLibrary not support Windows Server 2016 default file share? #20

nddipiazza opened this issue Apr 13, 2019 · 6 comments

Comments

@nddipiazza
Copy link

nddipiazza commented Apr 13, 2019
edited
Loading

I'm running on an app that uses the SMBLibrary with Mono framework on Mac OSX.

Mono JIT compiler version 5.10.1.47 (2017-12/8eb8f7d5e74 Fri Apr 13 20:18:12 EDT 2018)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
	TLS:           normal
	SIGSEGV:       altstack
	Notification:  kqueue
	Architecture:  amd64
	Disabled:      none
	Misc:          softdebug 
	Interpreter:   yes
	LLVM:          yes(3.6.0svn-mono-master/8b1520c8aae)
	GC:            sgen (concurrent by default)

Hi. I have a little SambaFetcher web app that I use to connect to smb when the smbj library doesn't work.

I have noticed that on a Windows Server 2016 default windows share, I cannot connect to the SmbTree.

Here is my code https://github.com/nddipiazza/SambaFetcher/tree/SambaLibrary

When I connect I get a blocking error:

STATUS_ACCESS_DENIED

I'm definitely entering the right credentials.

Is this because of Smb3? Is there some limitation that I'm hitting here with the SambaLibrary?

Here is a wireshark packet capture: https://drive.google.com/open?id=1fSxzgIjZX9mu77t4CbR1zHOEt7XnGNCw

First a response comes back:

NT Status: STATUS_MORE_PROCESSING_REQUIRED (0xc0000016)

then comes back a

NT Status: STATUS_ACCESS_DENIED (0xc0000022)

Trying to figure out what i need to do to get this to authenticate. When I was working on this a few months ago it was working fine, no sure what i'm messing up.
@TalAloni
Copy link
Owner

Hi,
Assuming you are entering the right credentials and use the correct authentication parameters, the only thing left is message signing (either SMB signing or NTLM MIC), which SMB2Client does not currently support.
IIRC SMB signing was not required to connect to Windows Server in the past, but perhaps Microsoft changed this in a later update)

@nddipiazza
Copy link
Author

nddipiazza commented Apr 13, 2019 via email
edited
Loading

@nddipiazza
Copy link
Author

Is it a huge change to add this? I can imagine some of my higher security customers will end up wanting this.
I know you turn out changes like magic on this thing so I figured I'd ask

@TalAloni
Copy link
Owner

The infrastructure was already in place, so it was only a few lines of code to add SMB signing to the SMB2 client. I've tested it briefly and pushed it to master.

@nddipiazza
Copy link
Author

dude... you are amazing!!

@nddipiazza
Copy link
Author

Confirmed. Works as expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TalAloni @nddipiazza