Using J-Interop to create local session without credentials throws exception
Brought to you by:
vikramrc
Menu
▾
▴
Hi Vikram,
I'm using J-Interop to WMI query the machine the Java process runs on (locally, running as the "SYSTEM" user when running as a service).
I noted that I'm requested to provide a username and password and I wonder if there is a way to create a session without providing a credentials. So I noticed that there is an api for this, simply to create session without credentials JISession.createSession().
I did that but got the following exception:
SEVERE: Unable to load library: java.lang.UnsatisfiedLinkError: no ntlmauth in java.library.path
java.lang.IllegalStateException: Native SSPI library not loaded. Check the java.library.path system property.This functionality is available only under "Microsoft Windows" line of Operating systems.
at net.sourceforge.jtds.util.SSPIJNIClient.<init>(SSPIJNIClient.java:84)
at net.sourceforge.jtds.util.SSPIJNIClient.getInstance(SSPIJNIClient.java:104)
at rpc.security.ntlm.NtlmAuthentication.<init>(NtlmAuthentication.java:118)
at rpc.security.ntlm.NtlmConnection.<init>(NtlmConnection.java:44)
at rpc.security.ntlm.NtlmConnectionContext.init2(NtlmConnectionContext.java:76)
at rpc.security.ntlm.NtlmConnectionContext.init(NtlmConnectionContext.java:84)
at rpc.ConnectionOrientedEndpoint.connect(ConnectionOrientedEndpoint.java:244)
at rpc.ConnectionOrientedEndpoint.bind(ConnectionOrientedEndpoint.java:216)
at rpc.ConnectionOrientedEndpoint.rebind(ConnectionOrientedEndpoint.java:152)
at org.jinterop.dcom.transport.JIComEndpoint.rebindEndPoint(JIComEndpoint.java:38)
at org.jinterop.dcom.core.JIComServer.init(JIComServer.java:610)
at org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:496)
at org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:460)
at com.h9labs.jwbem.SWbemLocator.getSWbemLocatorInterface(SWbemLocator.java:150)
at com.h9labs.jwbem.SWbemLocator.connect(SWbemLocator.java:113)
at com.h9labs.jwbem.TestJwbem.connect(TestJwbem.java:24)
at com.h9labs.jwbem.TestJwbem.main(TestJwbem.java:91)
What about the flags of SessionSecurity and AutoRegisteration? They are 'true' on my code, is it good?
I'm currently, running the java process on Windows using a specific user (my logged-in user which has administrator credentials) but on production it will be running as a Service with SYSTEM user, will it work then?
Bests,
Shlomi.
Hi,
You need to download the ntlmauth DLL from jtds project. With this the
local session will be created using the logged-in user's credentials.
Best regards,
Vikram
On Sep 24, 2015 5:18 PM, "Shlomi Kadar Levi" shlomikl@users.sf.net wrote:
Ok, but where should I put it?
Can I place it in my user dir?
Do I need to load it from my java code?
Thanks,
Shlomi.
Please check the windows DLL loading order (folders). You can also provide
the location using -Djava.library.path and keep the DLL in that path.
On Sep 29, 2015 17:48, "Shlomi Kadar Levi" shlomikl@users.sf.net wrote:
Ok, Thank you!
Hi Vikram,
I have managed to use the dll but now I got ArrayIndexOutOfBoundsException:
java.lang.ArrayIndexOutOfBoundsException: 16
at jcifs.util.Encdec.dec_uint32le(Encdec.java:90)
at ndr.NdrBuffer.dec_ndr_long(NdrBuffer.java:146)
at ndr.NetworkDataRepresentation.readUnsignedLong(NetworkDataRepresentation.java:64)
at org.jinterop.dcom.core.JIRemoteSCMActivator$RemoteCreateInstance.read(JIRemoteSCMActivator.java:642)
at ndr.NdrObject.decode(NdrObject.java:36)
at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:137)
at rpc.Stub.call(Stub.java:113)
at org.jinterop.dcom.core.JIComServer.init(JIComServer.java:645)
at org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:496)
at org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:460)
Maybe I just think that I am using the DLL and in fact I am not?
Can you please tell me what seems to be the problem?
Please use the SVN repo at SF.net site for j-interop and create a new build
for yourself. This bug has been fixed on the trunk.
best regards,
Vikram
On Tue, Nov 3, 2015 at 2:42 PM, Shlomi Kadar Levi shlomikl@users.sf.net
wrote:
--
The Mind is a place of its own. It can make a heaven out of hell or a hell
out of heaven. Attitude is everything. No matter how adverse conditions
maybe, one has the capacity to turn things around by one's Determination,
Perseverance and Hardwork.
John Milton
(Paradise Lost)
Yes, I have just done that. Thanks.
Although, It will be great if you will create a new build with the fix and commit it to sourceforge.net.
Anyway, now I got another problem:
WARNING: Got the class not registered exception , will attempt setting entries based on status flags...
org.jinterop.dcom.common.JIException: Message not found for errorCode: 0xC0000072
at org.jinterop.winreg.smb.JIWinRegStub.winreg_OpenHKCR(JIWinRegStub.java:132)
at org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:558)
at org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:460)
at com.h9labs.jwbem.SWbemLocator.getSWbemLocatorInterface(SWbemLocator.java:150)
at com.h9labs.jwbem.SWbemLocator.connect(SWbemLocator.java:113)
at com.h9labs.jwbem.TestJwbem.connect(TestJwbem.java:24)
at com.h9labs.jwbem.TestJwbem.main(TestJwbem.java:95)
Caused by: jcifs.smb.SmbAuthException: Logon failure: account currently disabled.
at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:510)
at jcifs.smb.SmbTransport.send(SmbTransport.java:622)
at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:280)
at jcifs.smb.SmbSession.send(SmbSession.java:233)
at jcifs.smb.SmbTree.treeConnect(SmbTree.java:154)
at jcifs.smb.SmbFile.doConnect(SmbFile.java:847)
at jcifs.smb.SmbFile.connect(SmbFile.java:890)
at jcifs.smb.SmbFile.connect0(SmbFile.java:816)
at jcifs.smb.SmbFileInputStream.<init>(SmbFileInputStream.java:73)
at jcifs.smb.SmbFileInputStream.<init>(SmbFileInputStream.java:62)
at jcifs.smb.SmbFile.getInputStream(SmbFile.java:2765)
at rpc.ncacn_np.RpcTransport.attach(RpcTransport.java:91)
at rpc.Stub.attach(Stub.java:106)
at rpc.Stub.call(Stub.java:110)
at org.jinterop.winreg.smb.JIWinRegStub.winreg_OpenHKCR(JIWinRegStub.java:130)
... 6 more
Can you please explain what happened here?
Thanks.
Shlomi
Hi Vikram,
I understand why it fails, that's because it uses GUEST account when connecting using SSO mode and my GUEST account is disabled. I don't know why it uses guest because it does not behaves as expected in SSO mode.
Is there a way to use the logged-in user?
Regards,
Shlomi.
Yes please check the ntlm security settings using local security manager. I
have documented this somewhere in the forums as well.
On Nov 3, 2015 5:56 PM, "Shlomi Kadar Levi" shlomikl@users.sf.net wrote:
Thank you very much for your help and patience.