[Samba] Samba 4.14.5 NTLMv1
Eric Lehmann
e.lehmann88 at gmail.com
Tue Jan 18 14:18:01 UTC 2022
Hello
After updating my machine to samba 4.14.5 it is not possible to
authenticate using NLTMv1. The clients are proprietary control / PLC units
where I am not able to change anything.
I figured out that there must be something with a missing domain /
workgroup during the authentication process.
Example, workgroup before DOMAIN-USER is empty:
check_ntlm_password: Checking password for unmapped user []\[ DOMAIN-USER
]@[m194940] with the new password interface
I can connect the same user from the machines smbclient: smbclient //xx/xx
-mNT1 -U DOMAIN-USER
The smbclient attempts to connect with "passwordType": "NTLMv2". This
works, but NTLMv1 fails.
Also, wbinfo succeeded: wbinfo -a DOMAINUSER%password --ntlmv1
plaintext password authentication succeeded
challenge/response password authentication succeeded
Is there any way to tell samba using the domain/workgroup as a default?
Some smb.conf:
[global]
kerberos method = secrets and keytab
template homedir = /home/%U@%D
workgroup = WORKGROUP
server min protocol = NT1
client min protocol = NT1
template shell = /bin/bash
template homedir = /home/%U
security = ads
realm = WORKGROUP.INTERN
ntlm auth = yes
lanman auth = yes
Some Log for the NTLMv1 attempt:
[2022/01/18 14:16:10.852289, 3]
../../source3/auth/check_samsec.c:399(check_sam_security)
check_sam_security: Couldn't find user 'DOMAIN-USER' in passdb.
[2022/01/18 14:16:10.852301, 5]
../../source3/auth/auth.c:264(auth_check_ntlm_password)
auth_check_ntlm_password: sam authentication for user [DOMAIN-USER]
FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2022/01/18 14:16:10.852320, 2]
../../source3/auth/auth.c:348(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [DOMAIN-USER] ->
[DOMAIN-USER] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2022/01/18 14:16:10.852347, 2]
../../auth/auth_log.c:653(log_authentication_event_human_readable)
Auth: [SMB,(null)] user []\[DOMAIN-USER] at [Tue, 18 Jan 2022
14:16:10.852330 CET] with [NTLMv1] status [NT_STATUS_NO_SUCH_USER]
workstation [m194940] remote host [ipv4:xxx:1024] mapped to
[]\[DOMAIN-USER]. local host [ipv4:xxx:139]
{"timestamp": "2022-01-18T14:16:10.852396+0100", "type":
"Authentication", "Authentication": {"version": {"major": 1, "minor": 2},
"eventId": 4625, "logonId": "0", "logonType": 3, "status":
"NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:xxx:139", "remoteAddress":
"ipv4:xxx:1024", "serviceDescription": "SMB", "authDescription": null,
"clientDomain": "", "clientAccount": "DOMAIN-USER", "workstation":
"m194940", "becameAccount": null, "becameDomain": null, "becameSid": null,
"mappedAccount": "DOMAIN-USER", "mappedDomain": "", "netlogonComputer":
null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
"passwordType": "NTLMv1", "duration": 2274}}
[2022/01/18 14:16:10.852435, 5]
../../source3/auth/auth_ntlmssp.c:215(auth3_check_password_send)
auth3_check_password_send: Checking NTLMSSP password for \DOMAIN-USER
failed: NT_STATUS_NO_SUCH_USER, authoritative=1
[2022/01/18 14:16:10.852456, 3]
../../source3/smbd/error.c:82(error_packet_set)
NT error packet at ../../source3/smbd/sesssetup.c(956) cmd=115
(SMBsesssetupX) NT_STATUS_LOGON_FAILURE
More information about the samba
mailing list