Open hackoflpf opened 2 years ago
Technically it should be possible but I remember trying to get it working when I first wrote the code and it was difficult. You can try setting the username to Guest
with an empty string as the password but I doubt that’s going to work. Using a Guest or Anonymous logon loses a lot of the security benefits that SMB had introduced like message signatures and encryption. You are better off adding an account that can you and authenticate with rather than an anonymous user in general.
Does your server support anonymous/guest session?
I remember that guest accounts are supported by Windows Desktop, but guest accounts are disabled by default with Windows Server.
See this docs - https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj852219%28v=ws.11%29
As commented by Jordan, you will need to use Guest
as username.
You will need to set password to something ... and that value is ignored.
From my code
# Some custom logicc
anonymous = True
username = 'Guest'
# Anonymous needs to have a password that is later ignored.
# Otherwise pyspnego will try to load it from a file.
password = 'ignored'
Setting to None
should be avoided as username and password API should require these values to have a text type.
And you can see from the error that it fails as it tries to load the password from a file.
Thanks @adiroiban that about sums up what I came across before, the Guest
could be used with any value for the password
as it was ignored on the server. I believe Anonymous
accounts are slightly different to Guest
and needs extra work in pyspnego
to use.
Of course,i test this on ubuntu with samba 4.15.0,i can use the default samba tool smbclient to login without password,but if i set the password with None value,smbprotocol will raise exceptions.This is my smb.conf [check] path = /home/test/ browseable = yes public = yes available = yes oplocks = yes follow symlinks = yes map archive = no guest ok = yes writable = yes Maybe the Spnego library doesn't support this operation,i haven't check the code,but i can use samba python library to login without password,only to set the username is "" and password is None,it works well.
Pyspnego certainly doesn’t support anonymous users as you’ve seen which leans smbprotocol also does not support anonymous logons. It should work with Guest logins which has a username of Guest
and the password is set to any string value. They are slightly different but could still work in your scenario if your samba server is configured to allow it.
I can't use smbprotocol to login as a guest user,if i set username and password is None,the program behave like belows, INFO:smbprotocol.connection:Initialising connection, guid: 0f41207e-d29d-4543-a60c-6dcad6339edf, require_signing: False, server_name: 127.0.0.1, port: 445 False INFO:smbprotocol.connection:Setting up transport connection INFO:smbprotocol.transport:Connecting to DirectTcp socket INFO:smbprotocol.connection:Starting negotiation with SMB server INFO:smbprotocol.connection:Negotiating with SMB2 protocol with highest client dialect of: SMB_3_0_0 INFO:smbprotocol.connection:Sending SMB2 Negotiate message INFO:smbprotocol.connection:Receiving SMB2 Negotiate response INFO:smbprotocol.connection:Negotiated dialect: (768) SMB_3_0_0 INFO:smbprotocol.connection:Connection require signing: False INFO:smbprotocol.session:Initialising session with username: admins INFO:smbprotocol.connection:Disconnecting transport connection INFO:smbprotocol.transport:Disconnecting DirectTcp socket Traceback (most recent call last): File "/home/admins/.local/lib/python3.8/site-packages/smbprotocol/session.py", line 266, in connect context = spnego.client(self.username, self.password, service='cifs', hostname=self.connection.server_name, File "/home/admins/.local/lib/python3.8/site-packages/spnego/auth.py", line 202, in client return _new_context( File "/home/admins/.local/lib/python3.8/site-packages/spnego/auth.py", line 117, in _new_context return proxy( File "/home/admins/.local/lib/python3.8/site-packages/spnego/_ntlm.py", line 287, in init self._credential = _NTLMCredential(next(c for c in credentials if "ntlm" in c.supported_protocols)) File "/home/admins/.local/lib/python3.8/site-packages/spnego/_ntlm.py", line 227, in init self.domain, self.username, self.lm_hash, self.nt_hash = _get_credential(self._store, domain, username) File "/home/admins/.local/lib/python3.8/site-packages/spnego/_ntlm.py", line 137, in _get_credential raise OperationNotAvailableError(context_msg="Retrieving NTLM store without NTLM_USER_FILE set to a filepath") spnego.exceptions.OperationNotAvailableError: SpnegoError (16): Operation not supported or available, Context: Retrieving NTLM store without NTLM_USER_FILE set to a filepath
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "file-management.py", line 30, in
session.connect()
File "/home/admins/.local/lib/python3.8/site-packages/smbprotocol/session.py", line 269, in connect
raise SMBAuthenticationError("Failed to authenticate with server: %s" % str(err.message))
smbprotocol.exceptions.SMBAuthenticationError: Failed to authenticate with server: SpnegoError (16): Operation not supported or available, Context: Retrieving NTLM store without NTLM_USER_FILE set to a filepath
my code is