smbclient 4.3.9 can't connect WITH password to OSX share due to NTLMSSP "short signature" & workarounds don't fix
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
This bug may be related to the security fixes in Samba 4.3.8 which have broken Samba in a number of scenarios, and #1572301 (OSX clients can't connect) and #1572876 (smbclient can't connect to Windows shares without password).
However I didn't see a bug files for Samba as client to a share WITH password.
I'm using Ubuntu 16.04 LTS as my client (in a VM on the Mac), connecting to Mac OSX 10.9 which is serving my home directory to the Ubuntu client. I haven't changed the samba configuration files from defaults in any way.
The client is running version 2:4.3.9+
The symptoms if I enter the correct password:
$ smbclient //Jamies-
WARNING: The "syslog" option is deprecated
Enter jamie's password:
NTLMSSP packet check failed due to short signature (0 bytes)!
NTLMSSP NTLM2 packet check failed due to invalid signature!
session setup failed: NT_STATUS_
The options suggested in #1572876 do change the authentication result, but don't make access to the share possible:
$ smbclient //Jamies-
WARNING: The "syslog" option is deprecated
Enter jamie's password:
protocol negotiation failed: NT_STATUS_
The SMB server is working fine when the client is Linux kernel CIFS. Unfortunately for me, OSX SMB server doesn't support the POSIX extensions so file permissions are all the same, which is what motivated me to try smbclient and see if the server does better with SMB2/SMB3.
Status changed to 'Confirmed' because the bug affects multiple users.