[Samba] Security mode 0x03: smbclient-2.2.8a sends password, 3.0 doesn't

[David Wuertele]

I'm having trouble accessing a share using smbclient-3.0.  The same
share (served by a samba server on linux) is accessible from the same
account using smbclient-2.2.8a.  Here is the command I'm using to
access the share:

  smbclient '//adventure/dood' -I 192.168.5.11 -U dood

The server's smb.conf file includes the following three lines:

  security = user
  encrypt passwords = yes
  null passwords = yes

If I change the 'encrypt passwords' to '= no', smbclient-3.0 works
fine.  The problem is that I have the exact same problem on hosts over
which I have no control of the smb.conf file, for example Mac OS X
10.3.  10.3 appears to have the same behavior as my linux samba host
with the above three lines in the smb.conf.

When I analyze the packets sent between the client and the server, I
see the following difference in the frames (see attatchments for full
frame decode):

  samba-2.2.8a sending encrypted null password:

<        Byte Count (BCC): 69
<        ANSI Password: 4C0154EFEF076CCBAE3A6256E351DF5A...
<        Unicode Password: B30B73818904C5A7111948521702F985...
<        Account: DOOD
<        Primary Domain: ABCD

  samba-3.0 sending no password:

>        Byte Count (BCC): 26
>        Account: dood
>        Primary Domain: WORKGROUP

Note that the primary domain is also different: 3.0 uses the default
domain WORKGROUP, while 2.2.8a uses the default domain of the client
("ABCD").

What can I do on the CLIENT side to make smbclient-3.0 send the
encrypted null password?

Thanks,
Dave