Bug 13072 - smbclient: cannot print to Win7/Win10 with SMB2 when "Turn OFF password protected sharing" is checked
Summary: smbclient: cannot print to Win7/Win10 with SMB2 when "Turn OFF password prote...
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: 4.7.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-07 08:20 UTC by Giulio
Modified: 2021-03-04 18:51 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Giulio 2017-10-07 08:20:38 UTC
Server is Windows 10 64bit (10.0.15063) or Windows 7 32bit
Client is smbclient-4.7.0, RHEL5.

When Windows 7 / 10 is configured with 
	"Turn _ON_ password protected sharing" checked
then everything is OK: I can print using user/pass with both SMB1 and SMB2.

When Windows 7 / 10 is configured with 
	"Turn _OFF_ password protected sharing" checked
then:
- I can print to a printer using SMB1:
	./samba-4.7.0/bin/smbclient -s /dev/null '\\192.168.1.151\text'
		 -c 'put file1' -mNT1 -Urandom%random
putting file file1 as \file1 (188.2 kb/s) (average 188.2 kb/s)

- I cannot print using SMB2:
	./samba-4.7.0/bin/smbclient -s /dev/null '\\192.168.1.151\text'
	 -c 'put file1' -mSMB2 -Urandom%random
NT_STATUS_ACCESS_DENIED opening remote file \file1
(I can still print if using a real user/pass, but this defeats the purpose of turning off password sharing)

A diff of a "-d 10" between -mNT1 and -nSMB2 is just the following
- negotiated dialect[NT1] against server[192.168.1.151]
+  negotiated dialect[SMB2_10] against server[192.168.1.151]
..
-putting file file1 as \file1 (1074.6 kb/s) (average 1074.6 kb/s)
+NT_STATUS_ACCESS_DENIED opening remote file \file1

====
Win7 is able to print to Win 10 using SMB2 (I disabled smb1 on win10 to be sure, and clicked on the printer and sent data).
Comment 1 Björn Jacke 2021-03-04 13:13:35 UTC
is this actually working with passwordless printing from Windows clients?
SMB2 disables guest access with SMB2 by default, see https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/guest-access-in-smb2-is-disabled-by-default - if you enable guest access, does that make a difference?
Comment 2 Giulio 2021-03-04 18:51:43 UTC
It works from Windows with no user/pass (see last 2 lines of bug).

===

To re-test, I just installed a fresh Win10 20H2 (A), all updated, stand-alone, no domain, no config changes (so no SMB1).
 
Installed a printer and shared it.
 
From another client Win10 (B) could not print to it (without using an username
and password, that is).
 
Then turned off password protected sharing on A, and then could print
from B to A without providing any authentication.
 
Right after A's install, the "guest account" on A was disabled; after checking
"Turn off password protected sharing" it was enabled by Windows itself.
 
I tried smbclient from Centos7/4.10.4 and still cannot print; the only way
to print is to use an user/pass existing on A.
 
This problem is only with SMB2+

So:
- smbclient cannot print w/o using a correct user/pass
- Win10 can print w/o asking any user/pass