NTLM/JCIFS : How to obtain all the SIDs for an user using JCIFS

Posted on 2008-11-12
Last Modified: 2013-12-09
After authenticating an user via NTLM, how can I obtain the SID from the User, not the SID from the Domain?

Note the code snippet. I can obtain the Domain SID from the NtlmPasswordAuthentication object but I cannot get the current user domain SID which is what I would like to get to fetch all the group SIDs related to it.

I have also tried to obtain other SIDs on the code but this does not work too.

Anyway yo use JNDI to do that?
try {

    UniAddress myDomain = getPrimaryDomain(ip);

    NTLMAuth = new NtlmPasswordAuthentication(domainName,userName,password);

    SmbSession.logon(myDomain, NTLMAuth);

    // after loging in, here's how to get the SID for the Domain

    jcifs.smb.SID mySid = jcifs.smb.SID.getServerSid(hostName, NTLMAuth);

  // this returns something like 

  // Sid Domain SID: S-1-5-21-796745780-2711697408-451074171

  // trying to resolve SIDs this way DOES NOT work

  SID[] sids = new SID[10];

    sids[0] = mySid; // assigns domain SID???


    jcifs.smb.SID.resolveSids(hostName, NTLMAuth, sids);


    for (int i = 0; i < sids.length; i++ ) {

	    System.out.println("Sids["+i+"] Type: " +sids[i].getType());


    // Second attempt, fails as well

    String sidDomainId = ""+mySid.getDomainSid();

    SID domsid = new SID(sidDomainId);

    int rid = 1120;

    int count = 150;


    SID[] sids = new SID[count];

    for (int i = 0; i < sids.length; i++) { 

	    sids[i] = new SID(domsid, rid++);


    SID.resolveSids("ts0", null, sids);

    for (int i = 0; i < sids.length; i++) {

	    System.out.println("My SIDs "+sids[i].toString());



  } catch (SmbException smbe) {

	  System.out.println("Failed to Authenticate: "+smbe.getMessage()+" NTStatus: "+smbe.getNtStatus());

  } catch (Exception e) {

	  System.out.println("Failed to Authenticate: "+e.getMessage());


Open in new window

Question by:CarlosScheidecker
    1 Comment
    LVL 1

    Accepted Solution

    I've used LDAP for this. Not ideal but was a temporary fix. Also talked to one of the JCIFS developer and he told me that this feature is not complete.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Suggested Solutions

    With the withdrawal of support for Windows Server 2003 this summer, many clients face the issue of moving away from their 2003 installs. There are a few options out there that many people/companies are selling. But the clients I have, haven't wanted…
    Introduction This article is the first of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article explains our test automation goals. Then rationale is given for the tools we use to a…
    Viewers will learn about if statements in Java and their use The if statement: The condition required to create an if statement: Variations of if statements: An example using if statements:
    This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now