Bug 13073 - smbclient >= 4.6.8: NT_STATUS_INVALID_PARAMETER for user with empty password
smbclient >= 4.6.8: NT_STATUS_INVALID_PARAMETER for user with empty password
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools
4.7.0
All All
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-07 08:26 UTC by Giulio
Modified: 2017-10-09 21:57 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Giulio 2017-10-07 08:26:55 UTC
PROBLEM:
- smbclient 4.6.8 and up (i tested 4.6.8 4.7.0) behave in a strange way if samba 4.7.0 server has an user with BLANK password (smbpasswd -n user)
	-> error NT_STATUS_INVALID_PARAMETER
- if server is samba 3.6.x there are no problems

DETAILS:
- client and server are RHEL5
- server is samba 4.7.0 
- smb.conf of server at the end of this post
- smbclient tested:  4.5.14, 4.6.0.rc1 4.6.8 4.7.0

SAMPLE OUTPUT:
- user1 is an user with empty password (smbpasswd -n user1):
- tests are made with -mNT1, using -mSMB2 is the same

==== smbclient 4.5.14: OK ==================================
./samba-4.5.14/bin/smbclient -s /dev/null -g -mNT1 -L 192.168.1.4 -Uuser1%
Domain=[TEST-WG] OS=[Windows 6.1] Server=[Samba 4.7.0]
Domain=[TEST-WG] OS=[Windows 6.1] Server=[Samba 4.7.0]
Anonymous login successful
Disk|tmp|
IPC|IPC$|IPC Service (Samba 4.7.0)
Anonymous login successful
Server|TEST-SAMBA|Samba 4.7.0
Workgroup|TEST-WG|TEST-SAMBA

==== smbclient 4.6.0rc1: OK ==================================
./samba-4.6.0rc1/bin/smbclient -s /dev/null -g -mNT1 -L 192.168.1.4 -Uuser1%
Anonymous login successful
Disk|tmp|
IPC|IPC$|IPC Service (Samba 4.7.0)
Anonymous login successful
Workgroup|TEST-WG|TEST-SAMBA

==== smbclient 4.6.8: error ==================================
./samba-4.6.8/bin/smbclient -s /dev/null -g -mNT1 -L 192.168.1.4 -Uuser1%
session setup failed: NT_STATUS_INVALID_PARAMETER

====  smbclient 4.7.0: error ==================================
./samba-4.7.0/bin/smbclient -s /dev/null -g -mNT1 -L 192.168.1.4 -Uuser1%
session setup failed: NT_STATUS_INVALID_PARAMETER

=======================================

If new versions are more strict, then a better error would help, like
	NT_STATUS_LOGON_FAILURE

However, I don't think this is about improved security, since it's dependent on the client and using -U% or a random non existent user is OK:
====   smbclient 4.7.0 =================================
./samba-4.7.0/bin/smbclient -s /dev/null -g -mNT1 -L 192.168.1.4 -U%
Disk|tmp|
IPC|IPC$|IPC Service (Samba 4.7.0)
Reconnecting with SMB1 for workgroup listing.
Workgroup|TEST-WG|TEST-SAMBA

./samba-4.7.0/bin/smbclient -s /dev/null -g -mNT1 -L 192.168.1.4 -Urandom%
Disk|tmp|
IPC|IPC$|IPC Service (Samba 4.7.0)
Reconnecting with SMB1 for workgroup listing.
Workgroup|TEST-WG|TEST-SAMBA


This is the smb.conf on the server:
( smbpasswd -n user1)
[global]
workgroup = TEST-WG
netbios name = TEST-SAMBA
passdb backend = smbpasswd
smb passwd file = /etc/samba/smbpasswd
load printers = no
preferred master = yes
os level = 30
null passwords = yes
server string = Samba %v
encrypt passwords = yes
security = user
map to guest = bad user
guest account = ftp
[tmp]
path = /tmp
guest ok = yes
writeable = yes