#1140 Trigger SMB authentication to another Active directory domain error.

KeePass_2.x
closed
nobody
5
2013-07-27
2013-07-18
mpet
No

Hi,

KeePass 2.22, Windows 7/8 64bit. We have 2 triggers, one syncs via FTP, second via SMB, depending if we are on premises or not (determined by ping). The target of those triggers is the same file on the same computer. We use it this way because for some reason the FTP sync is not working through FTP inspection applied by the gateway between those 2 domains and making an exception is not available. Target computer is in domain1 and our computers with KeePass are in domain2.

I use field references for user/password in both of them (each uses different account).

Username: {REF:U@I:AA1D9646D18BE547AEF8AAA09193FE4E} - referencing domain1\account1
Password: {REF:U@P:AA1D9646D18BE547AEF8AAA09193FE4E} - refrencing the password

I double checked that the referenced account has correct password, is not locked out nor disabled and can access the SMB path from both domains and that the UUID is correct. But when KeePass runs the SMB trigger we get this error:

\172.16.0.147\E$\HostingServices\KeePassDB\KeePassDB.kdbx (domain1\account1)
The user name or password is incorrect.

But I can use Explorer / Total Commander ... to access the share \172.16.0.147\E$ from my computer in domain2 using the referenced account (domain1\account1) or other account (domain1\account2). And if I save the credentials in Windows then the SMB sync trigger works. It looks like KeePass tries to access the path which it can because of the saved credentials but if there are no saved credentials then it shows the error (domain1\ substring is ignored or not checked?). If I delete the saved credentials it still works for some time even after KeePass restart or maximum until next OS reboot. We can workaround this by saving the credentials but it looks like bug to me.

Let me know if you need more info or help with debug.

3 Attachments

Discussion

  • Paul
    Paul
    2013-07-22

    I suspect the file sync doesn't use the user/pass as it expects access to already be granted - FTP always requires user/pass. To test this you could add an action before the sync to map the connection using the user/pass.

    cheers, Paul

     
  • Dominik Reichl
    Dominik Reichl
    2013-07-27

    • status: open --> closed
     
  • Dominik Reichl
    Dominik Reichl
    2013-07-27

    {REF:U@P:AA1D9646D18BE547AEF8AAA09193FE4E}
    This field reference is replaced by the user name of the entry identified by the password AA1D... I doubt this is what you wanted.

    Instead, you probably wanted to use the password of the entry having the UUID AA1D... In this case, the correct field reference is:
    {REF:P@I:AA1D9646D18BE547AEF8AAA09193FE4E}

    Best regards,
    Dominik