[Samba] Could not find a suitable mechtype in NEG_TOKEN_INIT error in libsmbclient 4.19.4

Manu Shamanna manu.durga at trellix.com
Thu Oct 24 12:49:21 UTC 2024


>> Hi,
>>
>>
>> [global]
>>         workgroup = SAMBA
>>         security = user
>>         passdb backend = tdbsam
>>         client max protocol = SMB3
>>
>
>I think this all down to Samba raising the default lowest SMB protocol
>to '2' at 4.11.0
>
>As this is the client, libsmbclient will read /etc/samba/smb.conf and
>anything found there will override its defaults which on 4.10.x will
>have been these:
>
>client ipc max protocol = SMB3_11
>client ipc min protocol = NT1
>client max protocol = SMB3_11
>client min protocol = CORE
>
>Now on 4.19.x they will be these:
>
>client ipc max protocol = SMB3_11
>client ipc min protocol = SMB2_02
>client max protocol = SMB3_11
>client min protocol = SMB2_02
>
>So, setting 'client max protocol = SMB3' will have little effect.
>
>I 'think' it is probable that your code is sending a SMBv1 request to
>the Windows server and the server has SMBv1 turned off by default.
>
>Rowland

Changing the client max/min protocol settings did not help. I removed
the "client max protocol" setting in smb.conf and that did not help
either.

Looking at the packet captures, when its working on libsmbclient 4.10,
it first sends a SMB1 negotiate protocol request, to which server
sends back a SMB2 response. Then there is a SMB2 negotiate protocol
request/response again.

In 4.19, there is a SMB2 client negotiate protocol request
straightaway and to which the server responds with a SMB2  negotiate
protocol response.

The SMB2 server negotiate protocol response looks like below for the
4.10 request which works,


Frame 8: 380 bytes on wire (3040 bits), 380 bytes captured (3040 bits)
on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 10.213.83.50, Dst: 10.213.83.54
Transmission Control Protocol, Src Port: 445, Dst Port: 54178, Seq:
253, Ack: 437, Len: 312
NetBIOS Session Service
    Message Type: Session message (0x00)
    Length: 308
SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 0
        NT Status: STATUS_SUCCESS (0x00000000)
        Command: Negotiate Protocol (0)
        Credits granted: 1
        Flags: 0x00000001, Response
        Chain Offset: 0x00000000
        Message ID: 1
        Reserved: 0x00000000
        Tree Id: 0x00000000
        Session Id: 0x0000000000000000
        Signature: 00000000000000000000000000000000
        [Response to: 7]
        [Time from request: 0.000343221 seconds]
    Negotiate Protocol Response (0x00)
        [Preauth Hash:
cca6d99fdf8c2da4087b861deb15c32f9ae8a929b32343dc86981393a37239ac6aa2f786d21b4f12ba1b9c96f962107eeac018311a084944818c67f517b8b904]
        StructureSize: 0x0041
        Security mode: 0x01, Signing enabled
        Dialect: SMB 3.1.1 (0x0311)
        NegotiateContextCount: 2
        Server Guid: 1d1584b9-bf7c-4bc5-b11f-67c1bc1ef0cd
        Capabilities: 0x0000002f, DFS, LEASING, LARGE MTU, MULTI
CHANNEL, DIRECTORY LEASING
        Max Transaction Size: 8388608
        Max Read Size: 8388608
        Max Write Size: 8388608
        Current Time: Oct 22, 2024 20:39:32.457004900 India Standard Time
        Boot Time: Aug  7, 2023 10:11:38.342574400 India Standard Time
        Blob Offset: 0x00000080
        Blob Length: 120
        Security Blob […]:
607606062b0601050502a06c306aa03c303a060a2b06010401823702021e06092a864882f71201020206092a864886f712010202060a2a864886f71201020203060a2b06010401823702020aa32a3028a0261b246e6f745f646566696e65645f696e5f5246433431373840706c
            GSS-API Generic Security Service Application Program Interface
                OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
                Simple Protected Negotiation
                    negTokenInit
                        mechTypes: 5 items
                            MechType: 1.3.6.1.4.1.311.2.2.30 (NEGOEX -
SPNEGO Extended Negotiation Security Mechanism)
                            MechType: 1.2.840.48018.1.2.2 (MS KRB5 -
Microsoft Kerberos 5)
                            MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
                            MechType: 1.2.840.113554.1.2.2.3 (KRB5 -
Kerberos 5 - User to User)
                            MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP
- Microsoft NTLM Security Support Provider)
                        negHints
                            hintName: not_defined_in_RFC4178 at please_ignore
        NegotiateContextOffset: 0x000000f8
        Negotiate Context: SMB2_PREAUTH_INTEGRITY_CAPABILITIES
        Negotiate Context: SMB2_ENCRYPTION_CAPABILITIES


On the 4.19 request, the server response is below.


Frame 372: 308 bytes on wire (2464 bits), 308 bytes captured (2464
bits) on interface any, id 0
Linux cooked capture v1
Internet Protocol Version 4, Src: 192.168.1.99, Dst: 192.168.1.135
Transmission Control Protocol, Src Port: 445, Dst Port: 34164, Seq: 1,
Ack: 237, Len: 240
NetBIOS Session Service
    Message Type: Session message (0x00)
    Length: 236
SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 0
        NT Status: STATUS_SUCCESS (0x00000000)
        Command: Negotiate Protocol (0)
        Credits granted: 1
        Flags: 0x00000001, Response
        Chain Offset: 0x00000000
        Message ID: 0
        Reserved: 0x00000000
        Tree Id: 0x00000000
        Session Id: 0x0000000000000000
        Signature: 00000000000000000000000000000000
        [Response to: 371]
        [Time from request: 0.000684602 seconds]
    Negotiate Protocol Response (0x00)
        [Preauth Hash:
9453f901c369c80002478182242f00a9ef2139d9332bdf9584d9a3bb64035a4fe61448afb04a7c63153cf4b38818743dd0eba3fc54334c381fe68559dcb670f5]
        StructureSize: 0x0041
        Security mode: 0x01, Signing enabled
        Dialect: SMB 3.1.1 (0x0311)
        NegotiateContextCount: 2
        Server Guid: 64c66341-2bdd-439c-aa6a-e1c35c9d802c
        Capabilities: 0x0000002f, DFS, LEASING, LARGE MTU, MULTI
CHANNEL, DIRECTORY LEASING
        Max Transaction Size: 8388608
        Max Read Size: 8388608
        Max Write Size: 8388608
        Current Time: Oct 23, 2024 13:12:58.889021700 India Standard Time
        Boot Time: Oct  4, 2024 14:01:11.644965700 India Standard Time
        Blob Offset: 0x00000080
        Blob Length: 42
        Security Blob:
602806062b0601050502a01e301ca01a3018060a2b06010401823702021e060a2b06010401823702020a
            GSS-API Generic Security Service Application Program Interface
                OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
                Simple Protected Negotiation
                    negTokenInit
                        mechTypes: 2 items
                            MechType: 1.3.6.1.4.1.311.2.2.30 (NEGOEX -
SPNEGO Extended Negotiation Security Mechanism)
                            MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP
- Microsoft NTLM Security Support Provider)
        NegotiateContextOffset: 0x000000b0
        Negotiate Context: SMB2_PREAUTH_INTEGRITY_CAPABILITIES
        Negotiate Context: SMB2_ENCRYPTION_CAPABILITIES


Both the server responses contain the NTLMSSP sub mechanism. I am not
sure why the 4.19 version does not recognize this sub mechanism type.


Regards,

Manu


More information about the samba mailing list