[Samba] Could not find a suitable mechtype in NEG_TOKEN_INIT error in libsmbclient 4.19.4
Manu Shamanna
manu.durga at trellix.com
Thu Oct 24 12:49:21 UTC 2024
>> Hi,
>>
>>
>> [global]
>> workgroup = SAMBA
>> security = user
>> passdb backend = tdbsam
>> client max protocol = SMB3
>>
>
>I think this all down to Samba raising the default lowest SMB protocol
>to '2' at 4.11.0
>
>As this is the client, libsmbclient will read /etc/samba/smb.conf and
>anything found there will override its defaults which on 4.10.x will
>have been these:
>
>client ipc max protocol = SMB3_11
>client ipc min protocol = NT1
>client max protocol = SMB3_11
>client min protocol = CORE
>
>Now on 4.19.x they will be these:
>
>client ipc max protocol = SMB3_11
>client ipc min protocol = SMB2_02
>client max protocol = SMB3_11
>client min protocol = SMB2_02
>
>So, setting 'client max protocol = SMB3' will have little effect.
>
>I 'think' it is probable that your code is sending a SMBv1 request to
>the Windows server and the server has SMBv1 turned off by default.
>
>Rowland
Changing the client max/min protocol settings did not help. I removed
the "client max protocol" setting in smb.conf and that did not help
either.
Looking at the packet captures, when its working on libsmbclient 4.10,
it first sends a SMB1 negotiate protocol request, to which server
sends back a SMB2 response. Then there is a SMB2 negotiate protocol
request/response again.
In 4.19, there is a SMB2 client negotiate protocol request
straightaway and to which the server responds with a SMB2 negotiate
protocol response.
The SMB2 server negotiate protocol response looks like below for the
4.10 request which works,
Frame 8: 380 bytes on wire (3040 bits), 380 bytes captured (3040 bits)
on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 10.213.83.50, Dst: 10.213.83.54
Transmission Control Protocol, Src Port: 445, Dst Port: 54178, Seq:
253, Ack: 437, Len: 312
NetBIOS Session Service
Message Type: Session message (0x00)
Length: 308
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 0
NT Status: STATUS_SUCCESS (0x00000000)
Command: Negotiate Protocol (0)
Credits granted: 1
Flags: 0x00000001, Response
Chain Offset: 0x00000000
Message ID: 1
Reserved: 0x00000000
Tree Id: 0x00000000
Session Id: 0x0000000000000000
Signature: 00000000000000000000000000000000
[Response to: 7]
[Time from request: 0.000343221 seconds]
Negotiate Protocol Response (0x00)
[Preauth Hash:
cca6d99fdf8c2da4087b861deb15c32f9ae8a929b32343dc86981393a37239ac6aa2f786d21b4f12ba1b9c96f962107eeac018311a084944818c67f517b8b904]
StructureSize: 0x0041
Security mode: 0x01, Signing enabled
Dialect: SMB 3.1.1 (0x0311)
NegotiateContextCount: 2
Server Guid: 1d1584b9-bf7c-4bc5-b11f-67c1bc1ef0cd
Capabilities: 0x0000002f, DFS, LEASING, LARGE MTU, MULTI
CHANNEL, DIRECTORY LEASING
Max Transaction Size: 8388608
Max Read Size: 8388608
Max Write Size: 8388608
Current Time: Oct 22, 2024 20:39:32.457004900 India Standard Time
Boot Time: Aug 7, 2023 10:11:38.342574400 India Standard Time
Blob Offset: 0x00000080
Blob Length: 120
Security Blob […]:
607606062b0601050502a06c306aa03c303a060a2b06010401823702021e06092a864882f71201020206092a864886f712010202060a2a864886f71201020203060a2b06010401823702020aa32a3028a0261b246e6f745f646566696e65645f696e5f5246433431373840706c
GSS-API Generic Security Service Application Program Interface
OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
Simple Protected Negotiation
negTokenInit
mechTypes: 5 items
MechType: 1.3.6.1.4.1.311.2.2.30 (NEGOEX -
SPNEGO Extended Negotiation Security Mechanism)
MechType: 1.2.840.48018.1.2.2 (MS KRB5 -
Microsoft Kerberos 5)
MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
MechType: 1.2.840.113554.1.2.2.3 (KRB5 -
Kerberos 5 - User to User)
MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP
- Microsoft NTLM Security Support Provider)
negHints
hintName: not_defined_in_RFC4178 at please_ignore
NegotiateContextOffset: 0x000000f8
Negotiate Context: SMB2_PREAUTH_INTEGRITY_CAPABILITIES
Negotiate Context: SMB2_ENCRYPTION_CAPABILITIES
On the 4.19 request, the server response is below.
Frame 372: 308 bytes on wire (2464 bits), 308 bytes captured (2464
bits) on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 192.168.1.99, Dst: 192.168.1.135
Transmission Control Protocol, Src Port: 445, Dst Port: 34164, Seq: 1,
Ack: 237, Len: 240
NetBIOS Session Service
Message Type: Session message (0x00)
Length: 236
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 0
NT Status: STATUS_SUCCESS (0x00000000)
Command: Negotiate Protocol (0)
Credits granted: 1
Flags: 0x00000001, Response
Chain Offset: 0x00000000
Message ID: 0
Reserved: 0x00000000
Tree Id: 0x00000000
Session Id: 0x0000000000000000
Signature: 00000000000000000000000000000000
[Response to: 371]
[Time from request: 0.000684602 seconds]
Negotiate Protocol Response (0x00)
[Preauth Hash:
9453f901c369c80002478182242f00a9ef2139d9332bdf9584d9a3bb64035a4fe61448afb04a7c63153cf4b38818743dd0eba3fc54334c381fe68559dcb670f5]
StructureSize: 0x0041
Security mode: 0x01, Signing enabled
Dialect: SMB 3.1.1 (0x0311)
NegotiateContextCount: 2
Server Guid: 64c66341-2bdd-439c-aa6a-e1c35c9d802c
Capabilities: 0x0000002f, DFS, LEASING, LARGE MTU, MULTI
CHANNEL, DIRECTORY LEASING
Max Transaction Size: 8388608
Max Read Size: 8388608
Max Write Size: 8388608
Current Time: Oct 23, 2024 13:12:58.889021700 India Standard Time
Boot Time: Oct 4, 2024 14:01:11.644965700 India Standard Time
Blob Offset: 0x00000080
Blob Length: 42
Security Blob:
602806062b0601050502a01e301ca01a3018060a2b06010401823702021e060a2b06010401823702020a
GSS-API Generic Security Service Application Program Interface
OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
Simple Protected Negotiation
negTokenInit
mechTypes: 2 items
MechType: 1.3.6.1.4.1.311.2.2.30 (NEGOEX -
SPNEGO Extended Negotiation Security Mechanism)
MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP
- Microsoft NTLM Security Support Provider)
NegotiateContextOffset: 0x000000b0
Negotiate Context: SMB2_PREAUTH_INTEGRITY_CAPABILITIES
Negotiate Context: SMB2_ENCRYPTION_CAPABILITIES
Both the server responses contain the NTLMSSP sub mechanism. I am not
sure why the 4.19 version does not recognize this sub mechanism type.
Regards,
Manu
More information about the samba
mailing list