Kerberised CIFS / SMB Extended Security

Does anyone have any info when kerberised CIFS or SMB extended security is likely to be introduced into the S7000 series?
I had some info from a Sun Engineer that fixes relating to this would be coming in 2009.Q4 (which became 2010.Q1)
Example CR's related to this are:
6791642
6791165
6791210
Amongst others.
Does anyone know if this is on the radar for a future release of the 7000 series appliance kit?
Alan

Hi Alan
I just wondered if the lack of kerberised CIFS or SMB extended security is causing a problem I've been trying to get around.
We have a share set up on our 7310, to host MSI packages to be deployed via a Windows Server 2008 R2 group policy object, the packages are failing to install with errors pointing to permission problems. I've checked through the permissions and all seems well, with the computer account having full access to the share.
The packages deploy fine when they are hosted on a Windows based server, from what I've read this could be a kerberos authentication problem or some other missing feature from the CIFS implementation on the Sun. I can connect to the share on the Sun once logged onto the Windows computer and install the packages.
Thanks
Matthew

Similar Messages

OS 10.7, SMB Connection, Change to Unicode with Extended Security on Windows Server 2008 Standard

Hi All, I've searched Google, and I've also contacted Apple Support with no luck: I want to implement unicode with extended security on Windows Server 2008 Standard server shared folders so that Lion can connect normally (i.e. Finder->Go->Connect to Server->IP Address or server name) to SMB shares and access files. I'm lacking information; has anyone actually implemented unicode with extended security? If so, how?
Thanks in advance.
Tom

Thanks for the reply aorlich. Do you mean enable file sharing on my Mac? With file sharing enabled, I still cannot get to my Windows 7 shares, although the files on my Mac do become available to Windows. Thanks again.

Jcifs.smb.SmbException: NTLMv2 requires extended security

Hi,
I'm implemeting SSO for my application deployed in tomcat using JCIFS. It was working for some time and after more sessions like > 3 its throwing error like
jcifs.smb.SmbException: NTLMv2 requires extended security (jcifs.smb.client.useExtendedSecurity must be true if jcifs.smb.lmCompatibility >= 3)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)I'm using jcifs 1.3.7 and jdk 1.5. Also my web.xml is like
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>Tomcat Documentation</display-name>
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>10.202.0.41</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.lmCompatibility</param-name>
<param-value>1</param-value>
</init-param>

<init-param>
<param-name>jcifs.util.loglevel</param-name>
<param-value>3</param-value>
</init-param>

<init-param>
<param-name>jcifs.smb.client.domain</param-name>
<param-value>DOMAINAME</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.username</param-name>
<param-value>1233</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.password</param-name>
<param-value>P@ssw0rd1</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>NtlmHttpFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<description>
Tomcat Documentation.
</description>
<servlet>
<servlet-name>test1</servlet-name>
<servlet-class>TestServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>uploadexcel</servlet-name>
<servlet-class>TestUpload</servlet-class>
</servlet>
<servlet>
<servlet-name>testServlet</servlet-name>
<servlet-class>SampleTest</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>test1</servlet-name>
<url-pattern>/test</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>uploadexcel</servlet-name>
<url-pattern>/uploadexcel</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>testServlet</servlet-name>
<url-pattern>/testServlet</url-pattern>
</servlet-mapping>

<error-page>
<exception-type>java.lang.NullPointerException</exception-type>
<location>/error.jsp</location>
</error-page>
</web-app>Please let me know whether any cofiguratio settings needs to be made
Regards,
Sukuimar

Hi,
Thanks for suggestion. After making it true i got below error.
note: NtlmPasswordAuthentication.java was java class obtanied with JIFS utility
jcifs.smb.SmbException
java.lang.NullPointerException
     at jcifs.smb.NtlmPasswordAuthentication.nTOWFv1(NtlmPasswordAuthentication.java:197)
     at jcifs.ntlmssp.Type3Message.<init>(Type3Message.java:177)
     at jcifs.smb.NtlmContext.initSecContext(NtlmContext.java:75)
     at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:347)
     at jcifs.smb.SmbSession.send(SmbSession.java:235)
     at jcifs.smb.SmbTree.treeConnect(SmbTree.java:161)
     at jcifs.smb.SmbSession.logon(SmbSession.java:171)
     at jcifs.smb.SmbSession.logon(SmbSession.java:164)
     at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:189)
     at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:121)
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
     at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
     at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
     at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
     at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
     at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
     at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
     at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
     at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
     at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
     at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
     at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
     at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
     at java.lang.Thread.run(Thread.java:595)
     jcifs.smb.NtlmContext.initSecContext(NtlmContext.java:90)
     jcifs.smb.SmbSession.sessionSetup(SmbSession.java:347)
     jcifs.smb.SmbSession.send(SmbSession.java:235)
     jcifs.smb.SmbTree.treeConnect(SmbTree.java:161)
     jcifs.smb.SmbSession.logon(SmbSession.java:171)
     jcifs.smb.SmbSession.logon(SmbSession.java:164)
     jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:189)
     jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:121)Even i tried to change it to
<init-param>
<param-name>jcifs.smb.lmCompatibility</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.useExtendedSecurity</param-name>
<param-value>false</param-value>
</init-param>
But still its giving previous error. So, should i upgrade it to 1.3.8. Also am i hitting any bug in 1.3.7 please let me know
Regards,
Sukumar
Edited by: Sukumar-Java-Beginner on Mar 30, 2009 11:39 PM

10.5 CIFS/SMB and illegal Characters - Again

http://docs.info.apple.com/article.html?artnum=107032 states that the following characters "? [ ] / \ = + ; : " , | *" cannot be used on CIFS/SMB shares with 10.4. However I can successfully use them with 10.5 on CIFS/SMB shares.
Can some one advise me if there is a way to default back to 10.4 restriction with 10.5 on CIFS/SMB shares.

Is your server bound to AD, and your PC clients as well (probably) ?
First, stop SMB.
Then, backup /etc/smb.conf
Then edit it (use nano or vi or emacs via the Terminal. If you must use the GUI then use TextWrangler.
Make sure the file permissions are preserved.
under the [global] section of /etc/smb.conf, make the following modifications (add the entry if it's not there):
security = ads
windbind separator = +
; auth methods = guest opendirectory
ie: comment out "auth methods" via the ";"
Start smb and compare. Anytime you make a change in the GUI tools, verify your edits are preserved.

10.5 CIFS/SMB and illegal Characters

Greetings All,
http://docs.info.apple.com/article.html?artnum=107032 states that the following characters "? [ ] / \ = + ; : " , | *" cannot be used on CIFS/SMB shares with 10.4. However I can successfully use them with 10.5 on CIFS/SMB shares.
Can some one advise me if there is a way to default back to 10.4 restriction with 10.5 on CIFS/SMB shares.

Is your server bound to AD, and your PC clients as well (probably) ?
First, stop SMB.
Then, backup /etc/smb.conf
Then edit it (use nano or vi or emacs via the Terminal. If you must use the GUI then use TextWrangler.
Make sure the file permissions are preserved.
under the [global] section of /etc/smb.conf, make the following modifications (add the entry if it's not there):
security = ads
windbind separator = +
; auth methods = guest opendirectory
ie: comment out "auth methods" via the ";"
Start smb and compare. Anytime you make a change in the GUI tools, verify your edits are preserved.

How JFileChooser finds the Desktop and can browse CIFS(SMB) in windows.

Hello.
I'm currently using serveral methods from FileSystemView used by JFileChooser to detect if a File is a system root, a floppy, or to find the "My Documents" folder under windows.
JFileChooser however is also able to provide a link to the desktop. How do I get that location from Java?
Further more. JFileChooser is able to browse and use resources located on the network using CIFS(SMB). I've searched through JFileChoosers source. But I can't figure out how it does this.
I'm currently writing a Folder synchronization app. As you can see in the screenshot ( http://users.telenet.be/greenhouse/Screenshot-7.png ) I'm trying to integrate the location browser (Look based on the GTK file browser) more into windows. I want my users to be able to browse CIFS just like in the JFileChooser. How do I do this?
The reason I'm writing my own browser is because the GTK one provided in Java is more then lacking. And I can provide browsing for remote resources more easily (like SFTP and SCP)
In short:
*JFileChooser however is also able to provide a link to the desktop. How do I get that location from Java?
*JFileChooser browses and uses CIFS in windows. How do I do this (without a 3th party library) the same way as JFileChooser does it?
Message was edited by:
finalbeta

JFileChooser fr = new javax.swing.JFileChooser();
        FileSystemView fw=fr.getFileSystemView();
        defaultfolder = fw.getDefaultDirectory().getPath();
       String desktopfolder;
        if(System.getProperty("os.name").startsWith("Windows")){
            for(File tmp:fw.getRoots()){
                dekstopfolder = tmp.getPath();
        }That piece of code gives the path to the desktop folder in Windows. In linux it returns root. (getRoots();) How horrible.
I hope I'm going about this the wrong way. Because this would be an ugly Java API.

Can't open Office 2011 files on CIFS/SMB shares.

I can't open Excel or Word documents if they are opened from a network CIFS/SMB share. Excel returns something like "could not open because some content is unreadable" and offers to repair the document. Word just questions if the document is corrupt and errors out too. If I drag the same document to my desktop, it opens just fine. Is something broken with SMB? I'm running the latest Yosemite (10.10) upgraded from Mavericks 10.9.5. Office 2011 is completely updated too.

I am having what I think is a intimately related problem, but which is somewhat more aggravated. I have a server set up using FreeNAS 9.3, which is configured as Windows+CIFS (SMB) in order to facilitate for Windows-based computers to join. Permissions are consequently set-up with a Windows client (a MBP running Win7 in Bootcamp). Everything works fine as far as access and file transfer goes, but using any application changes the experience.
Just to be explicit, my problem is not only related to MS Office files, but also to PDFs and PNGs (I assume it is related to ALL files, but those are the ones I have tested). The problem arises, as for you other, when I try to save from within the application after I have altered the file's content. I get different messages depending on the application, but they all share the problem of not being able to save and that they after showing that error message, change the filename on the server (in the case of Word, it becomes 'Word work file L_2.tmp').
I have tried connecting to the server using Win7 and changing the same file and that works just as intended. I have also tried setting up a dataset (folder) on the server with only AFP and Mac settings and that works fine, but as Apple shifted to SMB from Mavericks it is not that enticing to set up a server with a dying technology, which is why I insist on getting the Windows/SMB share to work.
I have also tried the tips provided in this thread:
http://arstechnica.com/civis/viewtopic.php?f=19&t=1253789
1. smb://FreeNAS
2. cifs://FreeNAS (should force SMB1)
3. smb://FreeNAS:139 (should force connection over Netbios instead of TCP/IP)
None works.
I have checked the log files /var/log/samba4/log.smbd and /var/log/messages on the server, but they do not provide any error messages in this respect.
Based on declure's suggestion, I have copied a new Word file to the server -> disconnected from the server -> reconnected using 'cifs://servername' -> opened the Word file and tried to save it -> same error message ("Word cannot save this document due to a naming or permissions error on the destination volume."). As this works in Win7 it seems as the real problem resides not with the application (or is Office for mac faulty?), but with OSX.
Any constructive suggestions would be appreciated as I really would want this to work using SMB.

UPnP Extended Security? Please Help.

Hello i was recently trying to complete this turorial:
http://www.youtube.com/watch?v=o9vJedWSyw8
as my internet is bad on black ops 2, (strict) and my Bt does not allow me to port forward properly :/
I have tried it but i got a error, so i got in touch with the author of the video and recieved this message,
"from the looks of it you are setting up the right ports, but your router isnt allowing you to forward them. This will most likely be caused by a security setting on your router. There should be some option on the games and application sharing page, that disables extended security. That should fiix the problem if you can find it."
So how can i disable this UPnP Extended Security, or Extended Security?
I have a Bt Home Hub 2.
Thanks,

Elhadi wrote:
I know how to turn it off, im trying to disable something called extended security so it lets me use portmapper
On the Home Hub 3 B you get the following screen (distorted by cut and paste) on the Port Forwarding , UPnP tab
The Home Hub 2 may not have this facility.
Wireless Broadband Home Network Port Forwarding System Basic Settings
Configuration Supported Applications UPnP DMZ Firewall
UPnP
Universal Plug and Play (UPnP) enables a wide range of applications, such as games and messaging, and devices to connect to each other and work together.
UPnP:   On
             Off
Extended UPnP Security:   On
                                      Off
                                                                                                                             Apply    Cancel
It is recommended to keep the Extended UPnP security enabled to ensure the security of your home network.

Extending security privileges

Just after a bit of advice on security...
If I build a form in LiveCycle, am I able to extend security priviliges in Acrobat to allow users of the free Reader software to password protect the form?
Or can I set the form up so that when the user comletes and saves it, it automatically password protects it?
The second option is my preferred choice, just not sure if either are possible.
Any help is much appreciated.
Thanks,
Chris

Thank you for your reply.
In that case I'll expand on what we want to achieve and hopefully someone can propose a solution.
We send our clients some forms which they complete, lock/flatten and then send back to us. We now need to ask our clients to enter their bank details onto the form. We want to make this as secure as possible and asking the client to email us back using an encrypted email isn't really viable, hence we wanted the form to password protect itself on completion/saving.
Is there anything else we could put in place to make this work?
Thanks again

Creating a CIFS/SMB share

I am looking for a way to implement a java program as a cifs share - much the way Alfresco does. I have found JCIFS and JLAN, but I am not sure if this is what I need or if there are any other packages/libraries that do the same thing. Essentially, I need/want a package the defines the protocol and allows me to tie in my own code to the function calls. We have this service with an api that allows us to list files in a directory, download them, upload them, etc. I want to map these function calls to a cifs/smb interface. I have googled and havent found much, other than JCIFS and JLAN, and from what I have read, these are full implementations of the protocol and are not customizable in the manner I need it to be. I have found books that I can purchase to learn about the CIFS protocol; however, any online references would be preferable and a package that has already been developed would be ideal.
Thanks in advance for any help

As far as I know JCIFS is a client implementation and doesn't implement the server part.
JLAN sounds exactly like what you are searching.
Note that the "customizing" to "call your methods" will be rather hard, because of the nature of the beast.
Providing non-file resources as if they were files is not as trivial a task as it sounds. There are many, many tiny border cases that you need to think about and it will be hard.
But anyway: JLAN sounds as if it provides exactly what you want (and it seems that it is what Alfresco used to implement that feature in the first place).

Extend Security FAQ Example Broken?

I have been trying out the Extend Seurity example in the Coherence FAQ here http://coherence.oracle.com/pages/viewpage.action?pageId=1343626
Basically the way it works is that the Extend proxy uses a class scheme that uses a sub-class of com.tangosol.net.cache.WrapperNamedCache to wrap the "real" cache. This sub-class can then override methods you want to secure to do an access check before forwarding the method call to the wrapped cache.
Now, this all appeared to work fine until I tried to execute queries against the cache. The queries will execute against the "wrapped" cache which resides in the storage enabled nodes of the cluster, as the Extend proxies are storage disabled. I started to get back errors that the methods I was querying on did not exist in the objects I had put into the cache.
E.G. Missing or inaccessible method: com.tangosol.util.Binary#getIntValue[]
The reason for this it turns out is that the "put" method of the WrapperNamedCache in the extend proxy gets instances of com.tangosol.util.Binary for its key and value parameters as the Extend Client has POF serialized the values to send over the wire. When WrapperNamedCache calls "put" on the real cache presumably it send these com.tangosol.util.Binary values. It then appears that these are serialized again to go over the wire to the real cache so the underlying real cache ends up containing a serialized value of a serialized value and hence my queries fail.
Is this "double" serializing due to me mis-configuring the caches, or am I stuck with it?
Obviously it is pretty impractical to de-serialize the objects in the methods of the WrapperNamedCache sub-class.
Presumably making the Extend proxies storage enabled nodes of the cluster wouldn't make any difference either.
I am beginning to give up on ever having a secure Coherence cluster as so many things related to security in Coherence seem broken.
Banging my head in frustration...
JK.

I haven't been able to get this to work, and I'm using Noah's updated code.
I'm trying to implement row-level security using the EntitledNamedCache, so basically I'll be intercepting calls to get() and checking the client's privileges against the data they're trying to read.
The problem - as Jonathan experienced - is that inside the EntitledNamedCache the super.get() call to the WrapperNamedCache returns a com.tangosol.util.Binary instead of the actual object that was put() in.
Is there a way for WrapperNamedCache.get() to return the actual object?

CIFS, not showing security properties

When attempting to view the security properties of a remote share we get an error message that says, "Unable to display security information". This happens when bringing up a remote server via UNC path, right clicking on a share or folder, and selecting the security tab. This only happens when viewing them through an optimized connection. If the domain admin remotes directly to that server, or another server at the same location, they are able to browse the properties fine.
We're using 4.1.3 and have disabled legacy WAFS services. All of our CIFS traffic is going through the CIFS accelerator. Couple of questions:
-Isn't the CIFS accelerator supposed to be transparent and pass this information along?
-Do the WAE's still need to be joined to the domain? I though this was a legacy WAFS function
-I did packet captures on both ends of the connection (and on the WAE) but didn't see anything obvious in the way of errors, any specific thing I can look for?
Thanks!

In the failed trace, note that the NT Security Descriptor Length in frame 392 is 0, whereas in the working trace it is >0. This looks like bug CSCtg28040, which is fixed in the WAAS 4.1.5f release. Can you confirm that you have installed Microsoft patch MS10-020 (KB980232)?
Thanks again for the traces.
Regards,
Zach

How to extend secure network and guest network.

Sorry if this has been covered but I couldn't find it.
I have an Airport Extreme running the 7.6.3 firmware. Once Comcast gets their act together it will be running off a static IP. I want to wirelessly extend my guest WiFi and my secure WiFi. What do I need to get this done? Do I need to get an Express for each network? Or can another Extreme repeat both networks? Eventually I hope we will have Cat5 running to the repeater's location but that could be a long way off.
Thanks!

I cannot get the web page to open when I do a search on the SMC8014, but it appears that this is a modem/router or gateway type of device.....which will not allow the Guest Network feature to be enabled on the AirPort Extreme.
I did find this, which confirms that the SMC is a modem/router or gateway....not what you want.
http://www.speedguide.net/routers/smc-smc8014-biz-business-cable-gateway--534
The solution is to find out from SMC or your Internet Service Provider whether or not the 8014 can be configured to operate in "Bridge Mode".....which would then allow you to configure the AirPort Extreme to operate as the main router on the network. This would allow the Guest Network option on the AirPort Extreme to be enabled correctly.
Or better yet.....ask your ISP for a simple modem.......not a modem/router or gateway type of device.
So assuming this is all compatable (or I get compatable equipment), I can extend both networks with 1 express or 1 extreme?
That is correct.

Extends security

Hi folks,
I'm trying to get a reasonable cluster security solution working using Kerberos. I want to be able to secure nodes joining the cluster and secure things
like Extends connections via the proxies. So far the cluster node security piece seems to be working fine (using the standard Coherence security).
To secure the Extends connection I've tried using the Oracle example solution from here [http://wiki.tangosol.com/pages/viewpage.action?pageId=1343626 |http://wiki.tangosol.com/pages/viewpage.action?pageId=1343626 ]
(even though it doesn't seem ideal due to the number of security checks) but it causes a problem when the Extends proxy node itself is
authenticated with the cluster. The example solution uses an EntitledNamedCache class that calls checkAccess() in every method. In this
checkAccess() method the code fetches the current subject from what it says is the "calling thread". The problem is that it actually returns the subject
that the Extends node used to authenticate against the rest of the cluster - not the subject associated with the Extends call. Has anyone tried something
similar and got it to work? Like I say - this only seems to be a problem if you have your Extends node authenticating with the rest of the cluster. I guess all it needs is a successful way to get the subject details from the Extends call.
Another interesting issue is that if you obtain a Subject from the Coherence Security.login(..) call and then call Security.runAs(..) the subject
is POF serialized and sent over the wire. If you obtain the same subject by using standard JAAS login, and call Security.runAs(..) it's not serialized. Odd.
I'm using Java 1.6 and Coherence 3.5.1b461. Any help/comments would be much appreciated. Many Thanks,
Reon Campbell.

Hi Reon,
The root problem seems to be that somehow the Subject is not being passed by Extend for you.
Extend will always run in the context of a Subject if one is available. The security framework (standard Coherence security) will only log in if there is no current Subject. So, if the Subject is passed by Extend, the proxy will execute the message in a Subject.doAs(). The security framework checks to see if there is a current Subject and, if so, it will use it. Otherwise it will call the configured callback handler to log in. If in EntitledNamedCache you are seeing the security framework Subject, it means no Subject was passed and the security framework called the callback handler.
Also, it shouldn't matter whether you use standard JAAS or not because the implementation of Security.login and Security.runAs just use JAAS.
Extend only passes the Subject when a Channel is created, which is the first time a cache reference is retrieved. After that, the Subject associated with the Channel will always be used. My guess, is that you are not running in the context of a Subject when you get that first cache reference. Here is some sample code:
        Subject subject = Security.login("manager", "password".toCharArray());
        NamedCache cache   = null;
        try
            cache = (NamedCache) Security.runAs(subject, new PrivilegedAction()
                public Object run()
                    NamedCache cache = getNamedCache("dist-test");
                    return cache;
        catch (Exception e)
            // failed if security exception
            e.printStackTrace();
        cache.put("key", "value");The final issue for you is that the built in SubjectPofSerializer does not serialize public or private credentials and PrincipalPofSerializer only serializes principal name, so the built in serializers will not serialize a Kerberos ticket. The only solution currently is to write a custom serializer.
Regards,
David
Coherence Development

Finder: Command K does not show all CIFS/SMB volumes on server

Greetings:
I use the Command-K to connect to a NetApp storage server in our office; if I issue this:
smb://server
or
cifs://server
I only get some of the shares and not all of them. If do the same on a Windows machine by using the command "net view \\server" it shows all the available shares.
Question: is there any limitation? Any tips, perhaps on the NetApp side?
Best regards
Claudio

We are experinceing the same issue. It appears to have limitations on the length of the share/volume name.
smbclient from the command line shows all of them but Apple+K doesn't

Kerberised CIFS / SMB Extended Security

Similar Messages

Maybe you are looking for