[Bug 1579540] Re: smbclient 4.3.9 can't connect WITH password to OSX share due to NTLMSSP "short signature" & workarounds don't fix

Marc Deslauriers marc.deslauriers at canonical.com
Tue May 10 15:14:42 UTC 2016 

Perhaps OS X doesn't support the ipc signing changes required to fix
Badlock.

Could you try adding the following to your /etc/samba/smb.conf, in the
[global] section, and then rebooting?:

client ipc signing = disabled

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1579540

Title:
  smbclient 4.3.9 can't connect WITH password to OSX share due to
  NTLMSSP "short signature" & workarounds don't fix

Status in samba package in Ubuntu:
  Confirmed

Bug description:
  This bug may be related to the security fixes in Samba 4.3.8 which
  have broken Samba in a number of scenarios, and #1572301 (OSX clients
  can't connect) and #1572876 (smbclient can't connect to Windows shares
  without password).

  However I didn't see a bug files for Samba as client to a share WITH
  password.

  I'm using Ubuntu 16.04 LTS as my client (in a VM on the Mac),
  connecting to Mac OSX 10.9 which is serving my home directory to the
  Ubuntu client.  I haven't changed the samba configuration files from
  defaults in any way.

  The client is running version 2:4.3.9+dfsg-0ubuntu0.16.04.1 of
  smbclient, libsmbclient, libwbclient, samba-common and samba-libs.

  The symptoms if I enter the correct password:

      $ smbclient //Jamies-Macbook-Pro.local/jamie -U jamie
      WARNING: The "syslog" option is deprecated
      Enter jamie's password:
      NTLMSSP packet check failed due to short signature (0 bytes)!
      NTLMSSP NTLM2 packet check failed due to invalid signature!
      session setup failed: NT_STATUS_ACCESS_DENIED

  The options suggested in #1572876 do change the authentication result,
  but don't make access to the share possible:

      $ smbclient //Jamies-Macbook-Pro.local/jamie -U jamie \
          --option='client use spnego = no' \
          --option='client ntlmv2 auth = no' \
          --option='client ipc max protocol = NT1'
      WARNING: The "syslog" option is deprecated
      Enter jamie's password:
      protocol negotiation failed: NT_STATUS_NOT_SUPPORTED

  The SMB server is working fine when the client is Linux kernel CIFS.
  Unfortunately for me, OSX SMB server doesn't support the POSIX
  extensions so file permissions are all the same, which is what
  motivated me to try smbclient and see if the server does better with
  SMB2/SMB3.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1579540/+subscriptions

More information about the foundations-bugs mailing list