Randomly getting a SMBAuthenticationError

[pbuchholz123]

Hello,

firstly, great lib. But we kinda face a problem we can't identify... So let me give u some context.

We have a python script running inside a docker container observing a local directory inside that container. If something goes in that directory, the script does different things. That script observes that directory 24/7 and one action is to copy the content of that local directory to an SMB share (Win 2k16 File Server). That whole process works like charm for exactly 7 days. After 7 days, we receive the following error/s in our logs...

{"log":"Traceback (most recent call last):\n","stream":"stderr","time":"2024-07-01T07:07:05.925727243Z"}
{"log":"  File \"/app/__main__.py\", line 81, in run_task\n","stream":"stderr","time":"2024-07-01T07:07:05.92591959Z"}
{"log":"    result = action_function(spool, step)\n","stream":"stderr","time":"2024-07-01T07:07:05.925933336Z"}
{"log":"             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n","stream":"stderr","time":"2024-07-01T07:07:05.925941642Z"}
{"log":"  File \"/app/actions.py\", line 148, in save_string_to_file_pdf\n","stream":"stderr","time":"2024-07-01T07:07:05.925949237Z"}
{"log":"    if not exists_function(target_dir):\n","stream":"stderr","time":"2024-07-01T07:07:05.925957195Z"}
{"log":"           ^^^^^^^^^^^^^^^^^^^^^^^^^^^\n","stream":"stderr","time":"2024-07-01T07:07:05.925964997Z"}
{"log":"  File \"/usr/local/lib/python3.12/site-packages/our_package/smbinterface.py\", line 94, in exists\n","stream":"stderr","time":"2024-07-01T07:07:05.926060623Z"}
{"log":"    return smbclientpath.exists(path)\n","stream":"stderr","time":"2024-07-01T07:07:05.926073998Z"}
{"log":"           ^^^^^^^^^^^^^^^^^^^^^^^^^^\n","stream":"stderr","time":"2024-07-01T07:07:05.926081953Z"}
{"log":"  File \"/usr/local/lib/python3.12/site-packages/smbclient/path.py\", line 20, in exists\n","stream":"stderr","time":"2024-07-01T07:07:05.926089868Z"}
{"log":"    return _exists(path, False, True, **kwargs)\n","stream":"stderr","time":"2024-07-01T07:07:05.926097957Z"}
{"log":"           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n","stream":"stderr","time":"2024-07-01T07:07:05.926105813Z"}
{"log":"  File \"/usr/local/lib/python3.12/site-packages/smbclient/path.py\", line 134, in _exists\n","stream":"stderr","time":"2024-07-01T07:07:05.926113564Z"}
{"log":"    stat(path, follow_symlinks=follow_symlinks, **kwargs)\n","stream":"stderr","time":"2024-07-01T07:07:05.926121627Z"}
{"log":"  File \"/usr/local/lib/python3.12/site-packages/smbclient/_os.py\", line 592, in stat\n","stream":"stderr","time":"2024-07-01T07:07:05.926129475Z"}
{"log":"    raw = SMBRawIO(\n","stream":"stderr","time":"2024-07-01T07:07:05.92614111Z"}
{"log":"          ^^^^^^^^^\n","stream":"stderr","time":"2024-07-01T07:07:05.926152175Z"}
{"log":"  File \"/usr/local/lib/python3.12/site-packages/smbclient/_io.py\", line 362, in __init__\n","stream":"stderr","time":"2024-07-01T07:07:05.926163445Z"}
{"log":"    tree, fd_path = get_smb_tree(path, **kwargs)\n","stream":"stderr","time":"2024-07-01T07:07:05.926177662Z"}
{"log":"                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n","stream":"stderr","time":"2024-07-01T07:07:05.926189426Z"}
{"log":"  File \"/usr/local/lib/python3.12/site-packages/smbclient/_pool.py\", line 304, in get_smb_tree\n","stream":"stderr","time":"2024-07-01T07:07:05.92620187Z"}
{"log":"    session = register_session(\n","stream":"stderr","time":"2024-07-01T07:07:05.926214589Z"}
{"log":"              ^^^^^^^^^^^^^^^^^\n","stream":"stderr","time":"2024-07-01T07:07:05.926240735Z"}
{"log":"  File \"/usr/local/lib/python3.12/site-packages/smbclient/_pool.py\", line 422, in register_session\n","stream":"stderr","time":"2024-07-01T07:07:05.926253544Z"}
{"log":"    session.connect()\n","stream":"stderr","time":"2024-07-01T07:07:05.926265981Z"}
{"log":"  File \"/usr/local/lib/python3.12/site-packages/smbprotocol/session.py\", line 284, in connect\n","stream":"stderr","time":"2024-07-01T07:07:05.926276963Z"}
{"log":"    raise SMBAuthenticationError(f\"Failed to authenticate with server: {err}\") from err\n","stream":"stderr","time":"2024-07-01T07:07:05.926289911Z"}
{"log":"smbprotocol.exceptions.SMBAuthenticationError: Failed to authenticate with server: SpnegoError (1): SpnegoError (16): Operation not supported or available, Context: Retrieving NTLM store without NTLM_USER_FILE set to a filepath, Context: Unable to negotiate common mechanism\n","stream":"stderr","time":"2024-07-01T07:07:05.926302483Z"}
{"log":"\n","stream":"stderr","time":"2024-07-01T07:07:05.926316048Z"}
{"log":"During handling of the above exception, another exception occurred:\n","stream":"stderr","time":"2024-07-01T07:07:05.926326587Z"}
{"log":"\n","stream":"stderr","time":"2024-07-01T07:07:05.926337706Z"}
{"log":"Traceback (most recent call last):\n","stream":"stderr","time":"2024-07-01T07:07:05.926353751Z"}

Extracted traceback

Traceback (most recent call last):
  File "/app/__main__.py", line 81, in run_task
    result = action_function(spool, step)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/actions.py", line 148, in save_string_to_file_pdf
    if not exists_function(target_dir):
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/our_package/smbinterface.py", line 94, in exists
    return smbclientpath.exists(path)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/smbclient/path.py", line 20, in exists
    return _exists(path, False, True, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/smbclient/path.py", line 134, in _exists
    stat(path, follow_symlinks=follow_symlinks, **kwargs)
  File "/usr/local/lib/python3.12/site-packages/smbclient/_os.py", line 592, in stat
    raw = SMBRawIO(
          ^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/smbclient/_io.py", line 362, in __init__
    tree, fd_path = get_smb_tree(path, **kwargs)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/smbclient/_pool.py", line 304, in get_smb_tree
    session = register_session(
              ^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/smbclient/_pool.py", line 422, in register_session
    session.connect()
  File "/usr/local/lib/python3.12/site-packages/smbprotocol/session.py", line 284, in connect
    raise SMBAuthenticationError(f"Failed to authenticate with server: {err}") from err
smbprotocol.exceptions.SMBAuthenticationError: Failed to authenticate with server: SpnegoError (1): SpnegoError (16): Operation not supported or available, Context: Retrieving NTLM store without NTLM_USER_FILE set to a filepath, Context: Unable to negotiate common mechanism

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

The script continues running but throws that error over and over again. I have to restart the container, and it works again for the next 7 days...

Script runs with python version 3.12, smbprotocol version is 1.13.0

Now the weird part.. We have another python script running inside a container doing literally the same thing as described above. Copying a local file to a SMB share. But this script runs with python version 3.10 and smbprotocol 1.9.0. But here we don't have this problem.

Anyone else having this problem?

[jborean93]

Are you by chance using Kerberos auth in your test environment? Have you set any credentials with the ClientConfig(). It sounds like the session is missing for this particular server and user and so it's trying to create a new one. SMB authentication by default tries to use Kerberos if available with a fallback to NTLM. In this case there is no username/password specified so if Kerberos fails then the NTLM fallback fails with that particular error.

[pbuchholz123]

Hello,

no, i don´t use Kerberos. I am not using the ClientConfig() object, i use it directly like this:

import smbclient

[...]

smbclient.register_session(server, username=username, password=password)

I will try giving ntlm as the auth_protocol in the register_session method, maybe it will help. Unfortunately i will have to wait a week to give some feedback :/

Cheers