Bug 14883 - smbclient login without password using '-N' fails with NT_STATUS_INVALID_PARAMETER on Samba AD DC
Summary: smbclient login without password using '-N' fails with NT_STATUS_INVALID_PARA...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.15.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-27 11:06 UTC by Anoop C S
Modified: 2021-11-15 11:43 UTC (History)
3 users (show)

See Also:


Attachments
smbclient -d10 log (11.53 KB, text/plain)
2021-10-27 11:06 UTC, Anoop C S
no flags Details
patch for 4.15 (1.66 KB, patch)
2021-11-11 09:31 UTC, Andreas Schneider
no flags Details
patch for 4.15 (1.59 KB, patch)
2021-11-11 10:27 UTC, Andreas Schneider
anoopcs: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Anoop C S 2021-10-27 11:06:13 UTC
Created attachment 16878 [details]
smbclient -d10 log

Samba in a AD DC role fails to login anonymously with '-N':

# testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed

Server role: ROLE_ACTIVE_DIRECTORY_DC

# smbclient -N -L 127.0.0.1
gensec_spnego_client_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_INVALID_PARAMETER
session setup failed: NT_STATUS_INVALID_PARAMETER

Whereas logging in specifically with -U and NULL user succeeds:

# smbclient -U% -L 127.0.0.1

	Sharename       Type      Comment
	---------       ----      -------
	sysvol          Disk      
	netlogon        Disk      
	IPC$            IPC       IPC Service (Samba 4.16.0pre1-UNKNOWN)
SMB1 disabled -- no workgroup available

# smbd -V
Version 4.16.0pre1-UNKNOWN

Debug level 10 log entries are attached.
Comment 1 Guenther Deschner 2021-11-04 22:31:45 UTC
Anoop, I can no longer reproduce this (just tested today's master as well as 4.15.0 and 4.15.1), can you?
Comment 2 Anoop C S 2021-11-05 07:29:58 UTC
I could still reproduce the failure(on latest master @ 1fce72f796e):

# testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed

Server role: ROLE_ACTIVE_DIRECTORY_DC

# smbclient -N -L 127.0.0.1
gensec_spnego_client_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_INVALID_PARAMETER
session setup failed: NT_STATUS_INVALID_PARAMETER

# smbclient -U% -L 127.0.0.1

	Sharename       Type      Comment
	---------       ----      -------
	sysvol          Disk      
	netlogon        Disk      
	IPC$            IPC       IPC Service (Samba 4.16.0pre1-UNKNOWN)
SMB1 disabled -- no workgroup available

# smbd -V
Version 4.16.0pre1-UNKNOWN

What am I missing here?
Comment 3 Samba QA Contact 2021-11-10 19:12:03 UTC
This bug was referenced in samba master:

c28be4067463e582e378df402f812e510883d606
Comment 4 Andreas Schneider 2021-11-11 09:31:26 UTC
Created attachment 16990 [details]
patch for 4.15
Comment 5 Andreas Schneider 2021-11-11 10:27:25 UTC
Created attachment 16991 [details]
patch for 4.15
Comment 6 Anoop C S 2021-11-11 10:44:11 UTC
Re-assigning to Jule for 4.15 inclusion.
Comment 7 Jule Anger 2021-11-15 10:41:31 UTC
Pushed to autobuild-v4-15-test.
Comment 8 Samba QA Contact 2021-11-15 11:35:04 UTC
This bug was referenced in samba v4-15-test:

f15232d28ecf37a0ad3c026c37c4b7a7d0898e66
Comment 9 Jule Anger 2021-11-15 11:43:28 UTC
Closing out bug report.

Thanks!