[Pkg-samba-maint] Restoring pre Badlock CVE behavior in libsmbclient

Sam Nazarko email at samnazarko.co.uk
Mon Apr 18 00:04:36 UTC 2016


Hello,


Since updating OSMC (a Debian based Linux distribution) to the latest version of Samba from jessie, we have noticed that guest access is no longer working as expected. We have also noticed that some legacy devices, such as Time Capsules are not working correctly.


Our smb.conf is as follows:


[global]
    preferred master = no
    local master = no
    domain master = no
    client lanman auth = yes
    raw NTLMv2 auth = yes
    ldap server require strong auth = no
    lanman auth = yes
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
    lock directory = /home/osmc/.smb/
    name resolve order = bcast host


I was hoping the addition of raw NTLMv2 auth = yes and ldap server require strong auth = no would suffice in restoring the old behaviour, but this unfortunately does not seem to be the case.

I would appreciate it if it could be made clear which settings need to be added to smb.conf to restore the old functionality where Debian can connect to Windows Samba shares as guests with no authentication. Presently, we seem to have several hundred users affected by this issue and would like to remedy it without introducing our own downstream library and reverting these commits

I am not subscribed to this mailing list so I would appreciate being copied in on future replies.

Thanks

Sam Nazarko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160418/7303a514/attachment-0001.html>


More information about the Pkg-samba-maint mailing list