search

jborean93 / smbprotocol

Python SMBv2 and v3 Client
MIT License
309 stars 72 forks source link

SMBAuthenticationError sometimes #272

Open darouwan opened 4 months ago

darouwan commented 4 months ago

Sometimes the command like smbclient.listdirhas the following error, but sometimes not:

smbprotocol.exceptions.SMBAuthenticationError: Failed to authenticate with server: SpnegoError (1): SpnegoError (4294967295): Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529639053): No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_2000), Context: Processing security token, Context: Unable to negotiate common mechanism

When I restart my application, sometimes it works fine.

When regiester session, it seems successful:

2024-03-14 Thursday 17:57:20 - smbprotocol.connection - INFO - connection.py[741]: Initialising connection, guid: 15efed8d-aa13-4878-9cd1-365618980aa1, require_signing: True, server_name: csj-op-gench01.wdc.com, port: 445 2024-03-14 Thursday 17:57:20 - smbprotocol.connection - INFO - connection.py[861]: Setting up transport connection 2024-03-14 Thursday 17:57:20 - smbprotocol.transport - INFO - transport.py[64]: Connecting to DirectTcp socket 2024-03-14 Thursday 17:57:20 - smbprotocol.connection - INFO - connection.py[870]: Starting negotiation with SMB server 2024-03-14 Thursday 17:57:20 - smbprotocol.connection - INFO - connection.py[1539]: Negotiating with SMB2 protocol with highest client dialect of: SMB_3_1_1 2024-03-14 Thursday 17:57:20 - smbprotocol.connection - INFO - connection.py[1603]: Sending SMB2 Negotiate message 2024-03-14 Thursday 17:57:20 - smbprotocol.connection - INFO - connection.py[1608]: Receiving SMB2 Negotiate response 2024-03-14 Thursday 17:57:20 - smbprotocol.connection - INFO - connection.py[883]: Negotiated dialect: (785) SMB_3_1_1 2024-03-14 Thursday 17:57:20 - smbprotocol.connection - INFO - connection.py[895]: Connection require signing: True

The smb protocal is v2. Do I need to do more config?

darouwan commented 4 months ago

Solved by indicate ntlm authentication explicitly

jborean93 commented 4 months ago

Can you share more details on how you are creating the connection. Are you using explicit credentials or relying on the ccached ticket? It sounds like there might either be some sort of race condition or something else where listdir is trying to re-authenticate the session but at that point in time it has no explicit credential so is trying to rely on the ccache which doesn't exist. Knowing what you are doing here and potentially the full traceback from Python would be very useful.

darouwan commented 4 months ago

@jborean93 I set auth_protocol='ntlm' in the client config before register_session. The default value is negotiate, and my smb service use ntlm rather than Kerberos. Maybe negotiate setting cannot get the correct authentication method? 

smbclient.ClientConfig(username=self._username, password=self._password,auth_protocol='ntlm')
register_session(self._hostname, username=self._username,password=self._password)
jborean93 commented 4 months ago

Setting an explicit username and password in the ClientConfig should always ensure that a credential is provided when creating a session avoiding that error you see. It is interesting that it is also fixed by using ntlm explicitly as that should suffer from the same problem but with a different error message.

If you can still replicate the problem could you try and share the traceback?


import traceback

try:
    code_that_fails()
except:
    traceback.print_exc()
    raise