• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 582
  • Last Modified:

NTLM/JCIFS : How to obtain all the SIDs for an user using JCIFS

After authenticating an user via NTLM, how can I obtain the SID from the User, not the SID from the Domain?

Note the code snippet. I can obtain the Domain SID from the NtlmPasswordAuthentication object but I cannot get the current user domain SID which is what I would like to get to fetch all the group SIDs related to it.

I have also tried to obtain other SIDs on the code but this does not work too.

Anyway yo use JNDI to do that?
try {
    UniAddress myDomain = getPrimaryDomain(ip);
    NTLMAuth = new NtlmPasswordAuthentication(domainName,userName,password);
    SmbSession.logon(myDomain, NTLMAuth);
    // after loging in, here's how to get the SID for the Domain
    jcifs.smb.SID mySid = jcifs.smb.SID.getServerSid(hostName, NTLMAuth);
  // this returns something like 
  // Sid Domain SID: S-1-5-21-796745780-2711697408-451074171
  // trying to resolve SIDs this way DOES NOT work
  SID[] sids = new SID[10];
    sids[0] = mySid; // assigns domain SID???
    
    jcifs.smb.SID.resolveSids(hostName, NTLMAuth, sids);
    
    for (int i = 0; i < sids.length; i++ ) {
	    System.out.println("Sids["+i+"] Type: " +sids[i].getType());
    }
 
    // Second attempt, fails as well
 
    String sidDomainId = ""+mySid.getDomainSid();
 
    SID domsid = new SID(sidDomainId);
    int rid = 1120;
    int count = 150;
    
    SID[] sids = new SID[count];
    for (int i = 0; i < sids.length; i++) { 
	    sids[i] = new SID(domsid, rid++);
    }
    SID.resolveSids("ts0", null, sids);
    for (int i = 0; i < sids.length; i++) {
	    System.out.println("My SIDs "+sids[i].toString());
    }
 
  
  } catch (SmbException smbe) {
	  System.out.println("Failed to Authenticate: "+smbe.getMessage()+" NTStatus: "+smbe.getNtStatus());
  } catch (Exception e) {
	  System.out.println("Failed to Authenticate: "+e.getMessage());
  }

Open in new window

0
CarlosScheidecker
Asked:
CarlosScheidecker
1 Solution
 
CarlosScheideckerAuthor Commented:
I've used LDAP for this. Not ideal but was a temporary fix. Also talked to one of the JCIFS developer and he told me that this feature is not complete.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now