I have a very basic program that writes a file to a file share.
String sample = "this is a sample content";
NtlmPasswordAuthentication auth = new NtlmPasswordAuthentication("domain_one", "username", "password");
SmbFile sFile = new SmbFile("smb://network.share.on.domain_two/folder/sample.txt", auth);
SmbFileOutputStream sfos = new SmbFileOutputStream(sFile);
sfos.write(content.getBytes());
The authentication exception occurs on the SmbFileOutputStream initiation line. I have verified that the credentials are valid and this domain user (an AD user) does have access to the file share by mapping \\network.share.on.domain_two\folder\ as a network drive, providing credentials in the interactive mode. Also, i've tested the code by being able to successfully write files to \\network.share.on.my_laptop\folder\ where this user is also authorized and to \\network.share.on.domain_one\folder\ where user is also authorized.
I am trying to understand whether the login is failing in the case where the domain of the server is different than the domain of the user? Could the difference in domains be the reason for the authentication failure? Also, is it possible that NTLM as an authentication method, is not available on the file share where i am unable to write? If so, how can i "determine" that at the code level or at runtime? Are there any examples of documentation? And, is it possible that since i am able to login to the troubled share by mapping it as a network drive, is it possible that some restrictive NTLM settings are implemented on that network share, as described here: https://technet.microsoft.com/en-ca/itpro/windows/keep-secure/network-security-restrict-ntlm-ntlm-authentication-in-this-domain
To summarize, how can i troubleshoot this issue ?
Update: With the help of Wireshark i was able to figure out what the issue is. The server is in fact a network storage and only supports SMB2 protocol, while the JCIFS library only supports SMB1. They still attempt to negotiate the authentication over SMB1, but it fails.
Update2: The solution came from "enabling domain trust". I am looking into the exact settings that needed to be changed. Once i determine what those settings are, i will report back.
It turned out that there was no trust setup between the domains. Once the domain trust was established, the authentication worked.