?
Solved

NTLM/JCIFS : How to obtain all the SIDs for an user using JCIFS

Posted on 2008-11-12
1
Medium Priority
?
573 Views
Last Modified: 2013-12-09
After authenticating an user via NTLM, how can I obtain the SID from the User, not the SID from the Domain?

Note the code snippet. I can obtain the Domain SID from the NtlmPasswordAuthentication object but I cannot get the current user domain SID which is what I would like to get to fetch all the group SIDs related to it.

I have also tried to obtain other SIDs on the code but this does not work too.

Anyway yo use JNDI to do that?
try {
    UniAddress myDomain = getPrimaryDomain(ip);
    NTLMAuth = new NtlmPasswordAuthentication(domainName,userName,password);
    SmbSession.logon(myDomain, NTLMAuth);
    // after loging in, here's how to get the SID for the Domain
    jcifs.smb.SID mySid = jcifs.smb.SID.getServerSid(hostName, NTLMAuth);
  // this returns something like 
  // Sid Domain SID: S-1-5-21-796745780-2711697408-451074171
  // trying to resolve SIDs this way DOES NOT work
  SID[] sids = new SID[10];
    sids[0] = mySid; // assigns domain SID???
    
    jcifs.smb.SID.resolveSids(hostName, NTLMAuth, sids);
    
    for (int i = 0; i < sids.length; i++ ) {
	    System.out.println("Sids["+i+"] Type: " +sids[i].getType());
    }
 
    // Second attempt, fails as well
 
    String sidDomainId = ""+mySid.getDomainSid();
 
    SID domsid = new SID(sidDomainId);
    int rid = 1120;
    int count = 150;
    
    SID[] sids = new SID[count];
    for (int i = 0; i < sids.length; i++) { 
	    sids[i] = new SID(domsid, rid++);
    }
    SID.resolveSids("ts0", null, sids);
    for (int i = 0; i < sids.length; i++) {
	    System.out.println("My SIDs "+sids[i].toString());
    }
 
  
  } catch (SmbException smbe) {
	  System.out.println("Failed to Authenticate: "+smbe.getMessage()+" NTStatus: "+smbe.getNtStatus());
  } catch (Exception e) {
	  System.out.println("Failed to Authenticate: "+e.getMessage());
  }

Open in new window

0
Comment
Question by:CarlosScheidecker
1 Comment
 
LVL 1

Accepted Solution

by:
CarlosScheidecker earned 0 total points
ID: 23072657
I've used LDAP for this. Not ideal but was a temporary fix. Also talked to one of the JCIFS developer and he told me that this feature is not complete.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Online collaboration is quickly becoming embedded in the workplace, and its benefits are tangible. See what the current landscape looks like and what the future holds for collaboration tools and the future of work.
In this post we will learn different types of Android Layout and some basics of an Android App.
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…
Suggested Courses
Course of the Month17 days, 6 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question