jheldens

Q: Access File Share after badlock update

This is the situation.

 

I have a linux machine (debian) (rapberry pi) and want to connect to the SMB file share defined on an osx machine running the latest OSx (10.11.5) with the latest Server.app (5.1.5). The share are exposed using the server.app.

 

The debian machine use Smbclient version 4.2.10-Debian which includes the patch for the "badlock" vunerablities . ( CVE-2016-2118) . This client is unable to connect to the shares:

 

$ smbclient -L //osxserver/MediaContent -U USER

Enter USER's password:

ntlmssp_handle_neg_flags: Got challenge flags[0x22810205] - possible downgrade detected! missing_flags[0x00080010] - NT code 0x80090302

  NTLMSSP_NEGOTIATE_SIGN

  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY

SPNEGO(ntlmssp) login failed: NT code 0x80090302

session setup failed: NT code 0x80090302



Running the same command with debug ( option -d10)

 

NTLMSSP_NEGOTIATE_128

ntlmssp_handle_neg_flags: Got challenge flags[0x22810205] - possible downgrade detected! missing_flags[0x00080010] - NT code 0x80090302


The "internet" thinks that the apple implementation of the smb protocol (smbx) might not be impacted by the badlock bug. But it definitely impacted by the fix rolled-out by the different clients.


Is this a known issue and is there a workaround ?


Thank for any help provided.

Posted on May 29, 2016 3:14 AM

Close

Q: Access File Share after badlock update

  • All replies
  • Helpful answers

  • by jheldens,

    jheldens jheldens Jun 3, 2016 1:34 AM in response to jheldens
    Level 1 (4 points)
    Servers Enterprise
    Jun 3, 2016 1:34 AM in response to jheldens

    Hi,

     

    I know it might be considered as whining but I am very disappointed that no one provided information regarding this issue.

     

    I had at least expected a comment in sense of:

     

    "The apple implementation is not affected by the badlock issue please refer to your smb client provider to resolve this issue or We are aware of this issue and are investigating"

     

    Not that this would have resolved my issue but at least I know that the "apple community" does (not) consider this a bug.

     

    It seems that no one from apple is monitoring this forum which is a very disappointing  conclusion.

  • by toenex,

    toenex toenex Jun 6, 2016 8:56 AM in response to jheldens
    Level 1 (4 points)
    Jun 6, 2016 8:56 AM in response to jheldens

    Hi,

     

    I too am experiencing similar issues.  I posted this question on server fault but didn't get much of a response.  I was unaware of the connection to the 'badlock' issue so thanks for making that connection.  I think one reason for the lack of internet discussion around this is because relatively few people have an OSX server.  We only have one for historical reasons and, thanks to this, not for much longer.

  • by darknater,

    darknater darknater Jun 20, 2016 9:54 AM in response to jheldens
    Level 1 (14 points)
    Jun 20, 2016 9:54 AM in response to jheldens

    This is breaking smbclient and mount -t cifs on linux connected to any at least mac 10.11 not just server.