[Samba] Samba 4.14.5 NTLMv1

Eric Lehmann e.lehmann88 at gmail.com
Tue Jan 18 14:18:01 UTC 2022 

Hello

After updating my machine to samba 4.14.5 it is not possible to
authenticate using NLTMv1. The clients are proprietary control / PLC units
where I am not able to change anything.

I figured out that there must be something with a missing domain /
workgroup during the authentication process.

Example, workgroup before  DOMAIN-USER  is empty:

check_ntlm_password:  Checking password for unmapped user []\[ DOMAIN-USER
]@[m194940] with the new password interface

I can connect the same user from the machines smbclient: smbclient //xx/xx
-mNT1 -U DOMAIN-USER

The smbclient attempts to connect with "passwordType": "NTLMv2". This
works, but NTLMv1 fails.

Also, wbinfo succeeded: wbinfo -a  DOMAINUSER%password --ntlmv1
plaintext password authentication succeeded
challenge/response password authentication succeeded

Is there any way to tell samba using the domain/workgroup as a default?

Some smb.conf:

[global]
kerberos method = secrets and keytab
template homedir = /home/%U@%D
workgroup =  WORKGROUP
server min protocol = NT1
client min protocol = NT1
template shell = /bin/bash
template homedir = /home/%U
security = ads
realm = WORKGROUP.INTERN
ntlm auth = yes
lanman auth = yes

Some Log for the NTLMv1 attempt:

[2022/01/18 14:16:10.852289,  3]
../../source3/auth/check_samsec.c:399(check_sam_security)
  check_sam_security: Couldn't find user 'DOMAIN-USER' in passdb.
[2022/01/18 14:16:10.852301,  5]
../../source3/auth/auth.c:264(auth_check_ntlm_password)
  auth_check_ntlm_password: sam authentication for user [DOMAIN-USER]
FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2022/01/18 14:16:10.852320,  2]
../../source3/auth/auth.c:348(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [DOMAIN-USER] ->
[DOMAIN-USER] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2022/01/18 14:16:10.852347,  2]
../../auth/auth_log.c:653(log_authentication_event_human_readable)
  Auth: [SMB,(null)] user []\[DOMAIN-USER] at [Tue, 18 Jan 2022
14:16:10.852330 CET] with [NTLMv1] status [NT_STATUS_NO_SUCH_USER]
workstation [m194940] remote host [ipv4:xxx:1024] mapped to
[]\[DOMAIN-USER]. local host [ipv4:xxx:139]
  {"timestamp": "2022-01-18T14:16:10.852396+0100", "type":
"Authentication", "Authentication": {"version": {"major": 1, "minor": 2},
"eventId": 4625, "logonId": "0", "logonType": 3, "status":
"NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:xxx:139", "remoteAddress":
"ipv4:xxx:1024", "serviceDescription": "SMB", "authDescription": null,
"clientDomain": "", "clientAccount": "DOMAIN-USER", "workstation":
"m194940", "becameAccount": null, "becameDomain": null, "becameSid": null,
"mappedAccount": "DOMAIN-USER", "mappedDomain": "", "netlogonComputer":
null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
"passwordType": "NTLMv1", "duration": 2274}}
[2022/01/18 14:16:10.852435,  5]
../../source3/auth/auth_ntlmssp.c:215(auth3_check_password_send)
  auth3_check_password_send: Checking NTLMSSP password for \DOMAIN-USER
failed: NT_STATUS_NO_SUCH_USER, authoritative=1
[2022/01/18 14:16:10.852456,  3]
../../source3/smbd/error.c:82(error_packet_set)
  NT error packet at ../../source3/smbd/sesssetup.c(956) cmd=115
(SMBsesssetupX) NT_STATUS_LOGON_FAILURE

More information about the samba mailing list