Bug 13301 - libsmbclient tree connect with Username and without password access to Windows server fails in samba-4.7.4
Summary: libsmbclient tree connect with Username and without password access to Window...
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: 4.7.4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Stefan Metzmacher
QA Contact: Samba QA Contact
Depends on:
Reported: 2018-02-26 13:20 UTC by shivappa
Modified: 2018-09-12 06:53 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description shivappa 2018-02-26 13:20:55 UTC
Accessing Windows without password from libsmbclient fails.
"SPNEGO login failed: The attempted logon is invalid. This is either due to 
a bad username or authentication information."

This happens with libsmbclient but not with smbclient command.
When checked only difference is set_cmdline_auth_info_password(*) function is not called in smbclient command flow.

When empty password is passed it will set to NULL as in below code in case of libsmbclient.
void set_cmdline_auth_info_password(struct user_auth_info *auth_info,
                    const char *password)
    bool ok;

    auth_info->got_pass = true;

**** Is below mandatory. ???? This is not set when smbclient command is used
(smbclient \\ip\share -Uuser% -d5)

    if (password != NULL && strlen(password) == 0) {
        password = NULL;
    ok = cli_credentials_set_password(auth_info->creds,
    if (!ok) {

When SessionSetup Request is filled with credentials: WORKGROUP\username, below values are set to empty in packets.
NTLM Response: empty
Lan Manager Response: empty
In what all cases Response is set to empty ????

Before version of samba is fine(samba-4.4.x).

Can anybody help to resolve the issue.
Comment 1 shivappa 2018-02-28 08:56:55 UTC
I have added below patch it is working fine for empty password case too.

When empty password is set then cli_credentials_set_password() is not called. So for empty password, CRED_UNINITIALISED is set instead of CRED_SPECIFIED and inturn NTLM Response and Lan Manager Response were set empty.

--- b/source3/libsmb/cliconnect.c       2018-02-28 14:16:14.367639075 +0530
+++ a/source3/libsmb/cliconnect.c       2018-02-28 14:16:28.033759403 +0530
@@ -184,7 +184,7 @@ struct cli_credentials *cli_session_cred

-       if (password != NULL && strlen(password) > 0) {
+//     if (password != NULL && strlen(password) > 0) {
                if (password_is_nt_hash) {
                        struct samr_Password nt_hash;
                        size_t converted;
@@ -211,7 +211,7 @@ struct cli_credentials *cli_session_cred
                                goto fail;
-       }
+//     }

        return creds;

Is there any reason for not calling cli_credentials_set_password() for empty password???
Comment 2 Andreas Schneider 2018-09-11 13:06:41 UTC
We would like to reproduce this but for that we don't have enough information.

For example:

Which Windows version, how is this box configured that it allows listing of shares etc.
Comment 3 shivappa 2018-09-12 06:53:21 UTC
I have reproduced on Windows 7.

1. Make 'Turn off password protected sharing' in Windows 7 OS under 
'Control Panel\All Control Panel Items\Network and Sharing Center\Advanced sharing settings'

2. create an user without password in Windows 7 OS(above settings allow user without password can be created)

3. access share of Windows 7(\\ip\mytest ) using above created user from libsmbclient API.

4. check for session Setup AndX Request, NTLMSSP_AUTH packet.

can see NTLM and Lan Manager Response having Empty fields.
and session setup response is "STATUS_LOGON_FAILURE"

I can help you if more information is required.