locked
Problem writing to network share over CIFS when impersonating (using runas) RRS feed

  • Question

  • User-1425546785 posted

    I have a simple console application that creates a directory on a file share. It works fine creating a directory on both a remote share on a Windows server and a remote share on an EMC Celerra NAS server (using CIFS).  However if I run the same command using runas it creates the directory fine on the remote Windows share, but I get "password is not correct" when it tries to create the directory on the Celerra.  I have the same problem when using the DOS command mkdir.  Or using impersonate in the console app code instead of using runas.

      "System.IO.IOException: The specified network password is not correct."

    I am typing in the correct password.  If I type in an incorrect password, I get a different error.

      "1326: Logon failure: unknown user name or bad password."

    Operations that work:

     1. mkdir \\windows_share\dir_to_create1                        (logged in as mydomain\myuser)
     2. mkdir \\celerra_share\dir_to_create2                           (logged in as mydomain\myuser)
     3. runas /user:mydomain\myuser "mkdir \\windows_share\dir_to_create3"

    Operation that doesn't work 

     4. runas /user:mydomain\myuser "mkdir \\celerra_share\dir_to_create4"

    It seems like it is either a Global Policy setting (encrypt secure channel data, enable delegation, ...),  or a CIFS authentication issue with impersonation (or maybe a Celerra setting).

    Is there a way in C# to print out the current Global Policy settings?  I run gpedit to see what is set locally, but I think the corporate Global Policy settings might be trumping the local ones.

    Any other suggestions?

    Thanks
     

    try
    {
        bool result = LogonUser(impersonationUserName, impersonationDomain, impersonationPassword,
                                            LogonSessionType.Interactive, LogonProvider.Default, out token);
        if (result)
        {
            WindowsIdentity id = new WindowsIdentity(token);
            impersonatedUser = id.Impersonate();
            DirectoryInfo di = new DirectoryInfo(dirPath);
            if (!di.Exists)
            {
                di.Create();
            }
        }
    }
    finally
    {
        if (impersonatedUser != null)
            impersonatedUser.Undo();
        if (token != IntPtr.Zero)
            CloseHandle(token);
    }

    Monday, May 5, 2008 10:56 PM

All replies

  • User1195269249 posted

    Did you ever find a solution?

    Thursday, May 3, 2018 7:46 PM