Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Always getting nca_s_fault_ndr (0x000006F7) error when trying to call LocalSecurityAuthorityService::openPolicyHandle #172

Open
grishick opened this issue Jul 29, 2023 · 1 comment
Open

Always getting nca_s_fault_ndr (0x000006F7) error when trying to call LocalSecurityAuthorityService::openPolicyHandle #172

grishick opened this issue Jul 29, 2023 · 1 comment

Comments

@grishick
Copy link

grishick commented Jul 29, 2023
edited
Loading

Describe the bug
I am trying to create a Nifi processor that reads account permissions. I am able to connect and authenticate to SMB service, but I am not able to open a policy handle. This line PolicyHandle handle = service.openPolicyHandle(adServerNameorNull, Integer.parseInt(accessLevel)); always results in nca_s_fault_ndr (0x000006F7) error from Active Directory. According to Microsoft docs this error means RPC_X_BAD_STUB_DATA
To Reproduce
Steps to reproduce the behavior:

try using LocalSecurityAuthorityService::openPolicyHandle()

Code that reproduces the behavior:
This is the code:

        try (Connection connection = smbClient.connect(hostname);
            Session smbSession = connection.authenticate(ac)) {
            final RPCTransport transport = SMBTransportFactories.SRVSVC.getTransport(smbSession);
            long sessionId = smbSession.getSessionId();
            String sessionKey = smbSession.getSessionContext().getSessionKey().toString();
            getLogger().debug("Connected to SMB service. SessionId: {}, SessionKey: {}", new Object[]{sessionId, sessionKey});
            final LocalSecurityAuthorityService service = new LocalSecurityAuthorityService(transport);

            PolicyHandle handle = service.openPolicyHandle(adServerNameorNull, Integer.parseInt(accessLevel));
            String[] accountRights = service.getAccountRights(handle, accountSid);

            // add account rights to incoming flowfile and pass it to success relationship
            if (flowFile != null) {
                flowFile = session.putAttribute(flowFile, "accountRights", String.join(",", accountRights));
                session.transfer(flowFile, REL_SUCCESS);
            }
        } catch (Exception e) {
            getLogger().error("Could not establish smb connection because of error {}", new Object[]{e});
            context.yield();
            smbClient.getServerList().unregister(hostname);
            session.transfer(flowFile, REL_FAILURE);
        }

Expected behavior
openPolicyHandle should return PolicyHandle object

Environment (please complete the following information):

  • Operating System: Ubuntu 22
  • Java Version: 11
  • Library Version: 0.12.1
@jdrews417
Copy link

Try changing
final RPCTransport transport = SMBTransportFactories.SRVSVC.getTransport(smbSession);
to
final RPCTransport transport = SMBTransportFactories.LSASVC.getTransport(smbSession);

I was able to get the same error (while searching for how to do this - really need some docs), and since this is a LSA service, tried that instead and it worked. Also, is your connection to a DC? IE, is your host you are asking capable of doing the work? I had to point to our AD DC instead of the SMB File Server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@grishick @jdrews417