Domain based access

[malikmani]

Hello,

I have been searching for a good library for SMB for iOS and found yours worth usable. However, I am experiencing an issue with domain based users. I am able to connect with SMB server/pc but not able to get the list of shares (it says 'Access Denied' NT_STATUS_ACCESS_DENIED).

I have checked that it is not connected with guest user as the guest variable is false.

Can you please let me know does your library have ability to connect with domain based servers?

[schamar]

Can you try to use initWithHost:netbiosName:group: directly on the SMBFileServer and pass the domain as netbiosName?

[malikmani]

@schamar I did that but it's not working either. I even passed the group as well but it's still not working.

[malikmani]

@schamar I am trying to connect to a server that have Windows Server 2012 via SMB protocol.

I am passing netbiosName as 'domain.local'. Should I have to append the hostname as well?

[schamar]

Should work as you described.

SMBFileServer* server = [[SMBFileServer alloc] initWithHost:<hostname> netbiosName:<domain> group:nil];
[server connectAsUser:<username> password:<password> completion:^(BOOL guest, NSError *error) {...}];

[malikmani]

Yes, I tried that way but it's not working with the code you mentioned.

let fileServer = SMBFileServer.init(host: “192.168.10.2”, netbiosName:“domain.local” , group: nil)

When we try with the above code it is able to connect but not able fetch the share list (Access denied) issue.

let fileServer = SMBFileServer.init(host: “HOSTNAME”, netbiosName:“domain.local” , group: nil)

When we try with this above code it is not even able to connect.

[schamar]

Can you pull the newest master and then try the new connect method with the explicit domain argument? Init the server similar to this:

let fileServer = SMBFileServer.init(host: “192.168.10.2”, netbiosName:“hostname” , group: nil)

[malikmani]

I have pulled the changes from master branch and tried with the above code but still not able to get the list of shared files.

Also, Do you think it's something related to security policy for the domain added in Windows server 2012 or later?

I tried to access the same server from windows or macOS and able to connect and get the list of file share.

[schamar]

This is very well possible. Your best bet is to check the server logs and to compare a successful listing of shares with the failed attempt in Wireshark. Filing an issue with libdsm was also a good idea, since the problem probably originates there. This is a similar issue.

[malikmani]

@schamar Thanks, for your prompt responses. I will look into the server logs and get back to you with the following update.

Also how difficult is to implement SMBv2/3 library in iOS using native library (sahlberg/libsmb2)?

[schamar]

Yes, that's our plan. We're currently contacting potentially contributing stakeholders. Work on SMB2/3 support will start in May. Unfortunately neither server discovery nor share listing is supported with that library.

[schamar]

Duplicate of #11

[malikmani]

@schamar I have debug the issue by checking the wire shark logs and got some lead on it. Actually,
when trying to access domain based it does require security signature. So I downloaded some third party app and check that they are sending 'signature' hash key in the request payload for fetching list of shares and whereas our library does not send 'signature' hash key so that is preventing it to access the listing.

Can you please look into it and see if you can send the signature key and connect to domain based system that 'require security signature' while connecting to it?

[schamar]

Ok, thank you for the details. Unfortunately this is a problem with libdsm, which does not support security signatures. See this issue I filed two years ago. While it seems MAC OS specific, it reflects the same problem. One of the reasons, why we're aiming for SMB2/3 support.