Bug 10796 - rpcclient cannot authenticate with NT password hash
Summary: rpcclient cannot authenticate with NT password hash
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: 4.1.11
Hardware: All Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-09-05 18:54 UTC by Alex K
Modified: 2016-06-01 07:24 UTC (History)
2 users (show)

See Also:


Attachments
patches for 4.3.x and 4.4.x with cherry-pick information (3.26 KB, patch)
2016-05-20 20:43 UTC, Christian Ambach
jra: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alex K 2014-09-05 18:54:38 UTC
How to reproduce:

1. Try using smbclient with username and NT hash
smbclient -U myusername%878d8014606cda29677a44efa1353fc7 --pw-nt-hash -L localhost

It works. 

2. Try rpcclient with the same parameters:
rpcclient -U myusername%878d8014606cda29677a44efa1353fc7 --pw-nt-hash localhost

Cannot connect to server.  Error was NT_STATUS_LOGON_FAILURE

Easy way to generate NT hash is:
printf '%s' "mypassword" | iconv -t utf16le | openssl md4

Tested with Samba 4.1.11 on Ubuntu 12.04.
Comment 1 Christian Ambach 2016-05-11 15:11:18 UTC
Got it reproduced, looking for a fix.
Comment 2 Stefan Metzmacher 2016-05-19 10:47:29 UTC
A fix is in master, should be backport it?
Comment 3 Christian Ambach 2016-05-20 20:43:33 UTC
Created attachment 12124 [details]
patches for 4.3.x and 4.4.x with cherry-pick information
Comment 4 Jeremy Allison 2016-05-20 21:10:18 UTC
Comment on attachment 12124 [details]
patches for 4.3.x and 4.4.x with cherry-pick information

LGTM.
Comment 5 Jeremy Allison 2016-05-20 21:10:39 UTC
Reassigning to Karolin for inclusion in 4.4.next, 4.3.next.
Comment 6 Karolin Seeger 2016-05-31 11:11:28 UTC
(In reply to Jeremy Allison from comment #5)
Pushed to autobuild-v4-[4|3]-test.
Comment 7 Karolin Seeger 2016-06-01 07:24:16 UTC
(In reply to Karolin Seeger from comment #6)
Pushed to both branches.
Closing out bug report.

Thanks!