Bug 14326 - Linux client asks for password to list and access passwordless shares from Windows server
Summary: Linux client asks for password to list and access passwordless shares from Wi...
Status: RESOLVED INVALID
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: 4.10.10
Hardware: All Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-26 18:09 UTC by Patrick Silva
Modified: 2020-09-30 16:56 UTC (History)
3 users (show)

See Also:


Attachments
output of smbc debugging (87.70 KB, text/plain)
2020-03-26 18:09 UTC, Patrick Silva
no flags Details
screenshot of auth dialog (51.07 KB, image/png)
2020-09-30 11:39 UTC, Harald Sitter
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Patrick Silva 2020-03-26 18:09:47 UTC
Created attachment 15871 [details]
output of smbc debugging

The issue mentioned in my summary was already reported in KDE bugzilla
https://bugs.kde.org/show_bug.cgi?id=398079

My client runs Arch Linux + samba and libwbclient 4.10.10 + KDE Plasma 5.18.3 desktop environment.
My server runs Windows 7 Professional.

I'm using a linux client to try access a share from a Windows server.
The client always asks for password to list and access the share despite it is passwordless.
Client lists the shares available when I enter fake "*" username and password
or another fake username and password. But I need to type username and password
that I use to start the user session of Window server when I want to open any
passwordless share from it.

You can read a detailed explanation and watch screen recordings showing the issue
in the following link
https://bugs.kde.org/show_bug.cgi?id=398079#c16

As we can read in the following link, KDE developer Harald Sitter thinks that something is wrong inside libsmbclient
https://bugs.kde.org/show_bug.cgi?id=398079#c19

I'm attaching the output of smbc debugging according to instructions
from the following link
https://bugs.kde.org/show_bug.cgi?id=398079#c14
Comment 1 Harald Sitter 2020-03-27 12:23:01 UTC
FWIW, from the info in the kde report I would infer that currently the AutoAnonymousLogin probably attempts to login with an empty password which windows servers seem to take offense with (probably because of some default secpol in win7+).
An easy solution then would be to send a random password instead of no password in the AutoAnonymousLogin. For all I know that will break something else though.
Comment 2 Harald Sitter 2020-03-27 12:23:21 UTC
FWIW, from the info in the kde report I would infer that currently the AutoAnonymousLogin probably attempts to login with an empty password which windows servers seem to take offense with (probably because of some default secpol in win7+).
An easy solution then would be to send a random password instead of no password in the AutoAnonymousLogin. For all I know that will break something else though.
Comment 3 Björn Jacke 2020-09-25 13:48:31 UTC
sending a random password or no password looks like a very bad idea to me as this will increase the bad logon counter. I also suggest to remove the AutoAnonymousLogin if there is something like that. Something like that is asking for trouble in many environments. If the current user had a krb5 ticket, then this can be used to try authenticating the user. But don't try guest logons or random passwords. please.
Comment 4 Harald Sitter 2020-09-30 11:39:18 UTC
Created attachment 16265 [details]
screenshot of auth dialog

Thanks for the input.

Our auth dialog also has an anonymous checkbox (see attachment). Should we get rid of that as well or is that fine to keep?
Comment 5 Patrick Silva 2020-09-30 14:11:10 UTC
Samba 4.13 asks for password even to mount passwordless shares from a linux server. I have Arch + Gnome 3.36.3 + nautilus 3.36.3 file manager installed
on my laptop, nautilus shows an authentication dialog with "Anonymous"
radio button pre-selected when I try to mount a passwordless share
from my desktop computer running Arch + Plasma 5.20 beta + Samba 4.13
and I need to click on its "Connect" button to mount the share.
Is this behavior expected/correct?
Comment 6 Björn Jacke 2020-09-30 16:56:40 UTC
(In reply to Harald Sitter from comment #4)
the anonymous checkbox is fine I think even though I think I would actually  prefer to have just a small hint text like "leave user/passwd empty for anonymous connections".

I think I would also not use a separate DOMAIN input field there but require the domain name be entered as part of the user name like this:

MYDOM\user

This would alternatively allow the UPN notation of the username:

user@mydom.example.com

The latter will also allow to enter other user princial names, which can have other prefixes, that must not be the realm of the doain like user@foo.example.net