Help! Security mode 0x03: smbclient-2.2.8a sends password, 3.0 doesn't

[David Wuertele]

When I made the move to 3.0, I noticed that smbclient no longer works
with NULL passwords.  Am I missing something?  I read the FAQ, which
suggests that the server is rejecting the null password.  But I know
that null passwords work FINE for the 2.2.8a client, so the server
(Mac OSX 2.6) is not the issue.  The FAQ recommends "smbclient -L host
-U%", but I don't want to set the username to null.  I want a non-null
username with a null password.

The same share (served by a samba server on linux) is accessible from
the same account using smbclient-2.2.8a.  Here is the command I'm
using to access the share:

  smbclient '//adventure/dood' -I 192.168.5.11 -U dood

The server's smb.conf file includes the following three lines:

  security = user
  encrypt passwords = yes
  null passwords = yes

If I change the 'encrypt passwords' to '= no', smbclient-3.0 works
fine.  The problem is that I have the exact same problem on hosts over
which I have no control of the smb.conf file, for example Mac OS X
10.3.  10.3 appears to have the same behavior as my linux samba host
with the above three lines in the smb.conf.

When I analyze the packets sent between the client and the server, I
see the following difference in the frames (see attatchments for full
frame decode):

  samba-2.2.8a sending encrypted null password:

<        Byte Count (BCC): 69
<        ANSI Password: 4C0154EFEF076CCBAE3A6256E351DF5A...
<        Unicode Password: B30B73818904C5A7111948521702F985...
<        Account: DOOD
<        Primary Domain: ABCD

  samba-3.0 sending no password:

>        Byte Count (BCC): 26
>        Account: dood
>        Primary Domain: WORKGROUP

Note that the primary domain is also different: 3.0 uses the default
domain WORKGROUP, while 2.2.8a uses the default domain of the client
("ABCD").

What can I do on the CLIENT side to make smbclient-3.0 send the
encrypted null password?

Thanks,
Dave