Trouble Mounting SMB Share from Mac Sonoma

[PrimativeWater]

I have an SMB share that I have been using on my Mac for a while now. I recently upgraded the mac from Ventura (13) to Sonoma (14) and it would no longer mount the share. I went to look at the logs on my server and found this in auth_audit.log on an unsuccesful auth:

{"timestamp": "2024-02-26T15:05:39.357061+0000", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.1.50:445", "remoteAddress": "ipv4:192.168.1.133:61166", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "FN01", "clientAccount": "pwater", "workstation": “COMPY”, "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "pwater", "mappedDomain": "FN01", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 2707}}

I then ran across a post on reddit that suggested I try to randomly capitalize one letter of my username and to my shock, it worked. Does anyone know what's going on here? Is this a Mac bug?

 

[anodos]

I have an SMB share that I have been using on my Mac for a while now. I recently upgraded the mac from Ventura (13) to Sonoma (14) and it would no longer mount the share. I went to look at the logs on my server and found this in auth_audit.log on an unsuccesful auth:

{"timestamp": "2024-02-26T15:05:39.357061+0000", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.1.50:445", "remoteAddress": "ipv4:192.168.1.133:61166", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "FN01", "clientAccount": "pwater", "workstation": “COMPY”, "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "pwater", "mappedDomain": "FN01", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 2707}}

I then ran across a post on reddit that suggested I try to randomly capitalize one letter of my username and to my shock, it worked. Does anyone know what's going on here? Is this a Mac bug?

I haven't seen this issue with my Sonoma client, although it's not outside the realm of possibility that the client is performing some credential caching. Have you perhaps tried rebooting the Mac client?

 

[PrimativeWater]

When you connect there's an option to put the password in the keychain, which I have never used.

I did reboot and then I was able to connect the first time without capitalizing anything. Perhaps there is some caching somewhere, but I remain confused.

 

[anodos]

When you connect there's an option to put the password in the keychain, which I have never used.

I did reboot and then I was able to connect the first time without capitalizing anything. Perhaps there is some caching somewhere, but I remain confused.

It's a caching bug in the MacOS client (you can see it because you are not re-prompted for credentials when unmounting /remounting shares), but if you change the password server-side, authentication will fail. As they say, there are two hard things in programming:
1. Cache invalidation
2. Naming things

FYI, name change worked because in SMB protocol usernames are case-insensitive (and MacOS credential cache must be case-sensitive).