PROBLEM: - smbclient 4.6.8 and up (i tested 4.6.8 4.7.0) behave in a strange way if samba 4.7.0 server has an user with BLANK password (smbpasswd -n user) -> error NT_STATUS_INVALID_PARAMETER - if server is samba 3.6.x there are no problems DETAILS: - client and server are RHEL5 - server is samba 4.7.0 - smb.conf of server at the end of this post - smbclient tested: 4.5.14, 4.6.0.rc1 4.6.8 4.7.0 SAMPLE OUTPUT: - user1 is an user with empty password (smbpasswd -n user1): - tests are made with -mNT1, using -mSMB2 is the same ==== smbclient 4.5.14: OK ================================== ./samba-4.5.14/bin/smbclient -s /dev/null -g -mNT1 -L 192.168.1.4 -Uuser1% Domain=[TEST-WG] OS=[Windows 6.1] Server=[Samba 4.7.0] Domain=[TEST-WG] OS=[Windows 6.1] Server=[Samba 4.7.0] Anonymous login successful Disk|tmp| IPC|IPC$|IPC Service (Samba 4.7.0) Anonymous login successful Server|TEST-SAMBA|Samba 4.7.0 Workgroup|TEST-WG|TEST-SAMBA ==== smbclient 4.6.0rc1: OK ================================== ./samba-4.6.0rc1/bin/smbclient -s /dev/null -g -mNT1 -L 192.168.1.4 -Uuser1% Anonymous login successful Disk|tmp| IPC|IPC$|IPC Service (Samba 4.7.0) Anonymous login successful Workgroup|TEST-WG|TEST-SAMBA ==== smbclient 4.6.8: error ================================== ./samba-4.6.8/bin/smbclient -s /dev/null -g -mNT1 -L 192.168.1.4 -Uuser1% session setup failed: NT_STATUS_INVALID_PARAMETER ==== smbclient 4.7.0: error ================================== ./samba-4.7.0/bin/smbclient -s /dev/null -g -mNT1 -L 192.168.1.4 -Uuser1% session setup failed: NT_STATUS_INVALID_PARAMETER ======================================= If new versions are more strict, then a better error would help, like NT_STATUS_LOGON_FAILURE However, I don't think this is about improved security, since it's dependent on the client and using -U% or a random non existent user is OK: ==== smbclient 4.7.0 ================================= ./samba-4.7.0/bin/smbclient -s /dev/null -g -mNT1 -L 192.168.1.4 -U% Disk|tmp| IPC|IPC$|IPC Service (Samba 4.7.0) Reconnecting with SMB1 for workgroup listing. Workgroup|TEST-WG|TEST-SAMBA ./samba-4.7.0/bin/smbclient -s /dev/null -g -mNT1 -L 192.168.1.4 -Urandom% Disk|tmp| IPC|IPC$|IPC Service (Samba 4.7.0) Reconnecting with SMB1 for workgroup listing. Workgroup|TEST-WG|TEST-SAMBA This is the smb.conf on the server: ( smbpasswd -n user1) [global] workgroup = TEST-WG netbios name = TEST-SAMBA passdb backend = smbpasswd smb passwd file = /etc/samba/smbpasswd load printers = no preferred master = yes os level = 30 null passwords = yes server string = Samba %v encrypt passwords = yes security = user map to guest = bad user guest account = ftp [tmp] path = /tmp guest ok = yes writeable = yes
Facing similar issue with libsmbclient in samba-4.7.4