[Bug 1579540] Re: smbclient 4.3.9 can't connect WITH password to OSX share due to NTLMSSP "short signature" & workarounds don't fix

rduke15 1579540 at bugs.launchpad.net
Wed Nov 22 17:11:14 UTC 2017 

For smbclient, you may need to add

    --option="ntlmssp_client:force_old_spnego = yes"

For me, this now lists shares on a Mac OSX server:

    smbclient -U$user%$password -L $mac_osx_host
--option="ntlmssp_client:force_old_spnego = yes"

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1579540

Title:
  smbclient 4.3.9 can't connect WITH password to OSX share due to
  NTLMSSP "short signature" & workarounds don't fix

Status in samba package in Ubuntu:
  Confirmed

Bug description:
  This bug may be related to the security fixes in Samba 4.3.8 which
  have broken Samba in a number of scenarios, and #1572301 (OSX clients
  can't connect) and #1572876 (smbclient can't connect to Windows shares
  without password).

  However I didn't see a bug files for Samba as client to a share WITH
  password.

  I'm using Ubuntu 16.04 LTS as my client (in a VM on the Mac),
  connecting to Mac OSX 10.9 which is serving my home directory to the
  Ubuntu client.  I haven't changed the samba configuration files from
  defaults in any way.

  The client is running version 2:4.3.9+dfsg-0ubuntu0.16.04.1 of
  smbclient, libsmbclient, libwbclient, samba-common and samba-libs.

  The symptoms if I enter the correct password:

      $ smbclient //Jamies-Macbook-Pro.local/jamie -U jamie
      WARNING: The "syslog" option is deprecated
      Enter jamie's password:
      NTLMSSP packet check failed due to short signature (0 bytes)!
      NTLMSSP NTLM2 packet check failed due to invalid signature!
      session setup failed: NT_STATUS_ACCESS_DENIED

  The options suggested in #1572876 do change the authentication result,
  but don't make access to the share possible:

      $ smbclient //Jamies-Macbook-Pro.local/jamie -U jamie \
          --option='client use spnego = no' \
          --option='client ntlmv2 auth = no' \
          --option='client ipc max protocol = NT1'
      WARNING: The "syslog" option is deprecated
      Enter jamie's password:
      protocol negotiation failed: NT_STATUS_NOT_SUPPORTED

  The SMB server is working fine when the client is Linux kernel CIFS.
  Unfortunately for me, OSX SMB server doesn't support the POSIX
  extensions so file permissions are all the same, which is what
  motivated me to try smbclient and see if the server does better with
  SMB2/SMB3.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1579540/+subscriptions

More information about the foundations-bugs mailing list