SMB2: Windows 7 users without passwd cannot connect

Asked by Ruud Pendavingh on 2012-12-30

Server (TESTBAK) configuration:
Ubuntu 12.10 minimal CD install
samba package version 2:3.6.6-3ubuntu5

minimalistic smb.conf contains:
[global]
workgroup = THUISNET
null paswords = yes
max protocol = SMB2
log level = 3
[Testshare]
comment = Quite volatile
path = /tmp/

Client (INTREPID, 10.39.94.9) configuration:
Windows 7 Professional 64 bit

Attempt from user RuudTrudy to browse TESTBAK fails.
/var/log/samba/log.smbd contains:
[2012/12/30 13:41:20.574134, 3] lib/access.c:338(allow_access)
  Allowed connection from 10.39.94.9 (10.39.94.9)
[2012/12/30 13:41:20.574341, 3] smbd/oplock.c:922(init_oplocks)
  init_oplocks: initializing messages.
[2012/12/30 13:41:20.574452, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks)
  Linux kernel oplocks enabled
[2012/12/30 13:41:20.574644, 3] smbd/process.c:1662(process_smb)
  Transaction 0 of length 108 (0 toread)
[2012/12/30 13:41:20.576672, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088297
[2012/12/30 13:41:20.577432, 3] ../libcli/auth/ntlmssp_server.c:348(ntlmssp_server_preauth)
  Got user=[RuudTrudy] domain=[Intrepid] workstation=[INTREPID] len1=24 len2=256
[2012/12/30 13:41:20.577597, 3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password: Checking password for unmapped user [Intrepid]\[RuudTrudy]@[INTREPID] with the new password interface
[2012/12/30 13:41:20.577661, 3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password: mapped user is: [TESTBAK]\[RuudTrudy]@[INTREPID]
[2012/12/30 13:41:20.578230, 3] passdb/lookup_sid.c:1754(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for RuudTrudy
[2012/12/30 13:41:20.578411, 3] auth/check_samsec.c:56(sam_password_ok)
  Account for user 'RuudTrudy' has no password and null passwords are allowed.
[2012/12/30 13:41:20.578761, 3] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: sam authentication for user [RuudTrudy] succeeded
[2012/12/30 13:41:20.578853, 2] auth/auth.c:309(check_ntlm_password)
  check_ntlm_password: authentication for user [RuudTrudy] -> [RuudTrudy] -> [RuudTrudy] succeeded
[2012/12/30 13:41:20.579028, 3] auth/token_util.c:438(finalize_local_nt_token)
  Failed to fetch domain sid for THUISNET
[2012/12/30 13:41:20.579166, 3] auth/token_util.c:469(finalize_local_nt_token)
  Failed to fetch domain sid for THUISNET
[2012/12/30 13:41:20.580167, 3] smbd/password.c:238(register_homes_share)
  Adding homes service for user 'RuudTrudy' using home directory: '/home/RuudTrudy'
[2012/12/30 13:41:20.580342, 2] smbd/smb2_signing.c:58(smb2_signing_sign_pdu)
  Wrong session key length 0 for SMB2 signing
[2012/12/30 13:41:20.580598, 3] smbd/server_exit.c:181(exit_server_common)
  Server exit (NT_STATUS_ACCESS_DENIED)

Wireshark shows that smbd bluntly closes the connection at this point, leaving the client clueless...
Same user on Windows XP client can connect (but that client does not use SMB2).
Removing max protocol = SMB2 obviously resolves the issue.

So my question:
Does SMB2 protocol prohibit users with empty passwords?

Regards,
Ruud Pendavingh

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu samba Edit question
Assignee:
No assignee Edit question
Last query:
2012-12-30
Last reply:
2012-12-30
N1ck 7h0m4d4k15 (nicktux) said : #1

Hi ,

try this

$ sudo smbpasswd -a USERNAME

First the {sudo} will ask for password , give it , then smb will ask for new password but leave it blank.

Where USERNAME is your actual username in Ubuntu.

Then go to Windows and disable and enable the share.. and see if works.

Thanks

Ruud Pendavingh (raue) said : #2

Hi,

The user RuudTrudy was already added using passwd AND smbpasswd.
The log shows that smbd correctly authenticates RuudTrudy with an empty password.
My question remains:

Does the SMB2 protocol prohibit users with empty passwords or is this a samab bug?

Regards,
Ruud

N1ck 7h0m4d4k15 (nicktux) said : #3

On 12/30/2012 10:45 PM, Ruud Pendavingh wrote:
> Question #217931 on samba in Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+source/samba/+question/217931
>
> Status: Answered => Open
>
> Ruud Pendavingh is still having a problem:
> Hi,
>
> The user RuudTrudy was already added using passwd AND smbpasswd.
> The log shows that smbd correctly authenticates RuudTrudy with an empty password.
> My question remains:
>
> Does the SMB2 protocol prohibit users with empty passwords or is this a
> samab bug?
>
> Regards,
> Ruud
>
Well , have you asked your self if this is a Windows bug ? :-)

If you believe is smb bug , then open a bug (close this question-solved
or linked to the bug) and developers will handle this.. They will
examine the logs or anything else (they will let you know what is
needed) and we will see.

Thanks

Can you help with this problem?

Provide an answer of your own, or ask Ruud Pendavingh for more information if necessary.

To post a message you must log in.