David Wuertele
2003-Dec-17 18:35 UTC
[Samba] smbclient null-password behavior differs between 3.0 and 2.2.8a
When I made the move to 3.0, I noticed that smbclient no longer works
with null passwords. Am I missing something? I read the FAQ, which
suggests that the server is rejecting the null password. But I know
that null passwords work fine for the 2.2.8a client, so the server is
not the issue. The FAQ recommends "smbclient -L host -U%", but I
don't want to set the username to null. I want a non-null username
with a null password.
I traced the packets on the two smbclients, and I see several
differences. The command I ran was:
smbclient //g4-box-1/dood -I 192.168.5.90 -U dood
I used the same command on both 2.2.8a and 3.0 systems. Here are the
differences I saw in the packets:
1. client sends "Extended Security Negotiation: Extended security
negotiation is supported" on 3.0, but not on 2.2.8a
2. 2.2.8a client sends ANSI Password, Unicode Password, and
uppercased-account name. Meanwhile, 3.0 client doesn't send
either passwords, and sends a lowercased-account name. I think
this is actually the key here.
3. the "primary domain" sent by 2.2.8a is the client's default
domain, while the "primary domain" sent by 3.0 is the domain of
the share being accessed
4. 2.2.8a sends "SMB Command: Session Setup AndX (0x73)" and gets
response "NT Status: STATUS_SUCCESS (0x00000000)"
3.0 sends same command and gets response
"NT Status: STATUS_LOGON_FAILURE (0xc000006d)"
Any suggestions how to get 3.0 to work with null passwords?
Thanks,
Dave
David Wuertele
2003-Dec-17 19:22 UTC
[Samba] Security mode 0x03: smbclient-2.2.8a sends password, 3.0 doesn't
I'm having trouble accessing a share using smbclient-3.0. The same share (served by a samba server on linux) is accessible from the same account using smbclient-2.2.8a. Here is the command I'm using to access the share: smbclient '//adventure/dood' -I 192.168.5.11 -U dood The server's smb.conf file includes the following three lines: security = user encrypt passwords = yes null passwords = yes If I change the 'encrypt passwords' to '= no', smbclient-3.0 works fine. The problem is that I have the exact same problem on hosts over which I have no control of the smb.conf file, for example Mac OS X 10.3. 10.3 appears to have the same behavior as my linux samba host with the above three lines in the smb.conf. When I analyze the packets sent between the client and the server, I see the following difference in the frames (see attatchments for full frame decode): samba-2.2.8a sending encrypted null password: < Byte Count (BCC): 69 < ANSI Password: 4C0154EFEF076CCBAE3A6256E351DF5A... < Unicode Password: B30B73818904C5A7111948521702F985... < Account: DOOD < Primary Domain: ABCD samba-3.0 sending no password:> Byte Count (BCC): 26 > Account: dood > Primary Domain: WORKGROUPNote that the primary domain is also different: 3.0 uses the default domain WORKGROUP, while 2.2.8a uses the default domain of the client ("ABCD"). What can I do on the CLIENT side to make smbclient-3.0 send the encrypted null password? Thanks, Dave