Hi Team, samba client operations fails when I access windows server without password (only username and empty password). Windows server is set to "password off". samba-4.1.x Tree connects successfully when accessed without password (only username and empty password). samba-4.5.4 Tree connect fails with NT_STATUS_WRONG_CREDENTIAL_HANDLE error. Error is returned from. auth/ntlmssp/ntlmssp_client.c: wbc_status = wbcCredentialCache(& params, &info, &error); wbcFreeMemory(error); if (!WBC_ERROR_IS_OK(wbc_status)) { return NT_STATUS_WRONG_CREDENTIAL_HANDLE; } This issue can be reproduced always. Thanks & Regards, Shivappa
Created attachment 13254 [details] wireshark packet Wireshark data
Created attachment 13255 [details] test Log
Created attachment 13256 [details] Windows7 Settings
Somewhere you seem to activate the GENSEC_FEATURE_NTLM_CCACHE code path, by using CLI_FULL_CONNECTION_USE_CCACHE or set_cmdline_auth_info_use_ccache().
(In reply to Stefan Metzmacher from comment #4) Stefan, thanks for the info. sorry to ask again..... Honestly speaking I don't know much on this, could you please explain me more details that would be much helpful.
(In reply to Stefan Metzmacher from comment #4) Stefan, Thank you very much for the input. Since I don't run windbindd I disabled ccache during smbc_init_context(). and this fix works fine for me. Is it OK to use this way ? smbc_setOptionUseCCache(context, false); source3/libsmb/libsmb_context.c: /* * Initialize the library, etc. * * We accept a struct containing handle information. * valid values for info->debug from 0 to 100, * and insist that info->fn must be non-null. */ SMBCCTX * smbc_init_context(SMBCCTX *context){ ............... ........ if (smbc_getTimeout(context) > 0 && smbc_getTimeout(context) < 1000) smbc_setTimeout(context, 1000); context->internal->initialized = True; /* Protect access to the count of contexts in use */ if (SMB_THREAD_LOCK(initialized_ctx_count_mutex) != 0) { smb_panic("error locking 'initialized_ctx_count'"); } initialized_ctx_count++; /* Unlock the mutex */ if (SMB_THREAD_UNLOCK(initialized_ctx_count_mutex) != 0) { smb_panic("error unlocking 'initialized_ctx_count'"); + /*my change */ + smbc_setOptionUseCCache(context, false); + /*my change ends*/ TALLOC_FREE(frame); return context; } Thanks & Regards, Shivappa
(In reply to shivappa from comment #6) It's turned on by default in smbc_new_context(), so you may want to call smbc_setOptionUseCCache(..., false) after calling smbc_new_context() instead of changing smbc_init_context().
(In reply to Stefan Metzmacher from comment #7) Thank you very much Stefan. That is proper way. I set smbc_setOptionUseCCache(ctx, false) after smbc_new_context().
(In reply to shivappa from comment #8) Ok, lets close the bug...