Comment 4 for bug 1926119

Hi Axis,

Thanks for the detailed bug report :)

I did some digging into the issue. Here are my findings so far:

The feature is no longer supported for newer (safer) SMB protocol versions. See [1].

This issue was reported upstream (and eventually dropped) on [2], which originated from [3] where the issue is described with more details.

The regression was introduced in this upstream commit [4]. The relevant code was refactored later in [5].

While patching the code downstream may have security implications (I will bring this to upstream), a workaround exists:

run with the reported command with the following option

$ smbclient -NL localhost --option 'client use spnego = no'

Alternativelly, in the general section in smb.conf set

  client use spnego = no

For newer versions (verified in samba 4.14), you should also set the protocol. For instance

$ smbclient -NL localhost --option 'client use spnego = no' --option 'client max protocol = NT1'

Note that the "use spnego" option is deprecated since samba 4.13, and will be removed [6] (I will also bring this up upstream).

Finally, it is worth to mention that the changes which introduced this regression are related to known vulnerabilities. See [7] and [8] for further reference.

[1] https://bugzilla.samba.org/show_bug.cgi?id=12863
[2] https://bugzilla.samba.org/show_bug.cgi?id=12061
[3] https://bugzilla.samba.org/show_bug.cgi?id=11849#c14
[4] e72ad193a53e20b769f798d02c0610f91859bd38
[5] 5b8ed5009bb4868c1391841193a3911fb0681cb5
[6] https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#CLIENTUSESPNEGO
[7] https://www.samba.org/samba/security/CVE-2016-2110.html
[8] https://www.samba.org/samba/security/CVE-2016-2111.html