[Samba] cannot connect without user/pass on Windows 10

Bram Matthys syzop at vulnscan.org
Thu Jan 26 11:12:41 UTC 2017 

Hi,

A number of students are unable to connect to our print server from 
their Windows 10 client laptop without entering a user/pass. More 
precisely: If you try to connect manually to \\IP it says "Username or 
password incorrect" and prompts to enter a username/password. Despite 
the server setting to map all users to guest (see further down). I did a 
packet dump and the client pc asks NTLMSSP_NEGOTIATE, server replies 
with an NTLMSSP_CHALLENGE and then the client pc simply hangs up (TCP RST).

Now the (more) interesting bit: all this only happens when you use a 
"microsoft account", not if you use a local account. With a local 
account on the laptop start -> run -> \\IP will get you connected 
without asking for a user / password and show the shared printers and 
shares, as expected.

Any ideas? Is this fixable on the server-side? Otherwise if that is not 
possible, fixable on the client-side while still permitting microsoft 
accounts?

Packet dump (raw): https://www.vulnscan.org/tmp/cannotconnectsmb.pcap

Packet dump (text) below:
1 0.000000 10.0.6.178 -> 10.0.0.7 TCP 66 49939→445 [SYN] Seq=0 Win=8192 
Len=0 MSS=1460 WS=256 SACK_PERM=1
2 0.000049 10.0.0.7 -> 10.0.6.178 TCP 66 445→49939 [SYN, ACK] Seq=0 
Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
3 0.002343 10.0.6.178 -> 10.0.0.7 TCP 60 49939→445 [ACK] Seq=1 Ack=1 
Win=65536 Len=0
4 0.002514 10.0.6.178 -> 10.0.0.7 SMB 213 Negotiate Protocol Request
5 0.002528 10.0.0.7 -> 10.0.6.178 TCP 54 445→49939 [ACK] Seq=1 Ack=160 
Win=30336 Len=0
6 0.009462 10.0.0.7 -> 10.0.6.178 SMB2 260 Negotiate Protocol Response
7 0.011702 10.0.6.178 -> 10.0.0.7 SMB2 232 Negotiate Protocol Request
8 0.011936 10.0.0.7 -> 10.0.6.178 SMB2 260 Negotiate Protocol Response
9 0.016597 10.0.6.178 -> 10.0.0.7 SMB2 220 Session Setup Request, 
NTLMSSP_NEGOTIATE
10 0.017098 10.0.0.7 -> 10.0.6.178 SMB2 351 Session Setup Response, 
Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
11 0.020411 10.0.6.178 -> 10.0.0.7 TCP 60 49939→445 [RST, ACK] Seq=504 
Ack=710 Win=0 Len=0
12 0.023889 10.0.6.178 -> 10.0.0.7 TCP 66 49940→445 [SYN] Seq=0 Win=8192 
Len=0 MSS=1460 WS=256 SACK_PERM=1
13 0.023932 10.0.0.7 -> 10.0.6.178 TCP 66 445→49940 [SYN, ACK] Seq=0 
Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
14 0.026880 10.0.6.178 -> 10.0.0.7 TCP 60 49940→445 [ACK] Seq=1 Ack=1 
Win=65536 Len=0
15 0.026922 10.0.6.178 -> 10.0.0.7 SMB2 232 Negotiate Protocol Request
16 0.026941 10.0.0.7 -> 10.0.6.178 TCP 54 445→49940 [ACK] Seq=1 Ack=179 
Win=30336 Len=0
17 0.032177 10.0.0.7 -> 10.0.6.178 SMB2 260 Negotiate Protocol Response
18 0.034870 10.0.6.178 -> 10.0.0.7 SMB2 220 Session Setup Request, 
NTLMSSP_NEGOTIATE
19 0.035490 10.0.0.7 -> 10.0.6.178 SMB2 351 Session Setup Response, 
Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
20 0.038742 10.0.6.178 -> 10.0.0.7 TCP 60 49940→445 [RST, ACK] Seq=345 
Ack=504 Win=0 Len=0
21 0.202080 10.0.6.178 -> 10.0.0.7 TCP 66 49941→445 [SYN] Seq=0 Win=8192 
Len=0 MSS=1460 WS=256 SACK_PERM=1
22 0.202145 10.0.0.7 -> 10.0.6.178 TCP 66 445→49941 [SYN, ACK] Seq=0 
Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
23 0.204434 10.0.6.178 -> 10.0.0.7 TCP 60 49941→445 [ACK] Seq=1 Ack=1 
Win=65536 Len=0
24 0.204484 10.0.6.178 -> 10.0.0.7 SMB2 232 Negotiate Protocol Request
25 0.204503 10.0.0.7 -> 10.0.6.178 TCP 54 445→49941 [ACK] Seq=1 Ack=179 
Win=30336 Len=0
26 0.212382 10.0.0.7 -> 10.0.6.178 SMB2 260 Negotiate Protocol Response
27 0.214883 10.0.6.178 -> 10.0.0.7 SMB2 220 Session Setup Request, 
NTLMSSP_NEGOTIATE
28 0.215544 10.0.0.7 -> 10.0.6.178 SMB2 351 Session Setup Response, 
Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
29 0.218612 10.0.6.178 -> 10.0.0.7 TCP 60 49941→445 [RST, ACK] Seq=345 
Ack=504 Win=0 Len=0
30 0.222053 10.0.6.178 -> 10.0.0.7 TCP 66 49942→445 [SYN] Seq=0 Win=8192 
Len=0 MSS=1460 WS=256 SACK_PERM=1
31 0.222120 10.0.0.7 -> 10.0.6.178 TCP 66 445→49942 [SYN, ACK] Seq=0 
Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
32 0.224036 10.0.6.178 -> 10.0.0.7 TCP 60 49942→445 [ACK] Seq=1 Ack=1 
Win=65536 Len=0
33 0.224074 10.0.6.178 -> 10.0.0.7 SMB2 232 Negotiate Protocol Request
34 0.224086 10.0.0.7 -> 10.0.6.178 TCP 54 445→49942 [ACK] Seq=1 Ack=179 
Win=30336 Len=0
35 0.230810 10.0.0.7 -> 10.0.6.178 SMB2 260 Negotiate Protocol Response
36 0.233314 10.0.6.178 -> 10.0.0.7 SMB2 220 Session Setup Request, 
NTLMSSP_NEGOTIATE
37 0.234009 10.0.0.7 -> 10.0.6.178 SMB2 351 Session Setup Response, 
Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
38 0.237069 10.0.6.178 -> 10.0.0.7 TCP 60 49942→445 [RST, ACK] Seq=345 
Ack=504 Win=0 Len=0

Server config:
[global]
workgroup = MLHJ
interfaces = anet jnet print wifi lo
bind interfaces only = Yes
server role = standalone server
map to guest = Bad User
obey pam restrictions = Yes
syslog = 0
log file = /var/log/samba/smb.log
printcap name = /etc/printcap
dns proxy = No
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
printing = bsd
print command = /usr/local/scripts/print "%p" "%s" "%I" "%m" "%U" "%J" 
2>&1|logger -p lpr.debug -t samba-print


[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print ok = Yes
browseable = No


[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
guest ok = Yes

# smbd -V
Version 4.2.14-Debian

Regards,

Bram

More information about the samba mailing list