NTLM authentication fails with error "jcifs.smb.SmbException: Access is denied."

NTLM authentication fails with error "jcifs.smb.SmbException: Access is denied."

book

Article ID: KB0075759

calendar_today

Updated On:

Products Versions
Spotfire Server All Versions

Description

NTLM authentication fails

Below error is returned in the jespa.log
============
jcifs.smb.SmbException: Access is denied. 
at jespa.ntlm.Netlogon.connect(Netlogon.java:402) 
at jespa.ntlm.Netlogon.validate0(Netlogon.java:703) 
at jespa.ntlm.Netlogon.validate(Netlogon.java:864) 
at jespa.ntlm.NtlmSecurityProvider.authenticate(NtlmSecurityProvider.java:1407) 
at jespa.ntlm.NtlmSecurityProvider.acceptSecContext(NtlmSecurityProvider.java:1191) 
at com.spotfire.server.security.NtlmAuthenticator.authenticate(NtlmAuthenticator.java:334) 
==========

Issue/Introduction

NTLM authentication fails with error "jcifs.smb.SmbException: Access is denied."

Resolution

Above is generic error message but you could get the above error if the Account used for NTLM was the same as the machine name
e.g. if the machine name is e.g. ntlm-svc for domain research.example.com then the NTLM account should not be ntlm-svc$@research.example.com

Below is from the manual -

==========
Specifies the fully qualified name of the Active Directory computer account that is to be used by the NTLM authentication service. This account must be a proper computer account, created solely for the purpose of running the NTLM authentication service. It can neither be an ordinary user account, nor an account of an existing computer. Note that the local part of an Active Directory computer account name always ends with a dollar sign, and the local part of the account name (excluding the dollar sign) must not exceed 15 characters. Example: ntlm-svc$@research.example.com
===========

 

Powered by Wolken Software