[Samba] Lingering IPC$ connections
Alfredo Ramos
ralf at is.rice.edu
Fri Apr 11 03:38:06 GMT 2003
Thank you Andrew, thank you John.
This was the only thing holding me from deploying 2.2.8a to the labs.
Keep up the good work.
Al.
---------------------------------------------------------------------------------
| Alfredo Ramos
This space available for rent. | Educational Technology
Get your product moving. Advertise here! | Rice University.
| Email: ralf at is.rice.edu
---------------------------------------------------------------------------------
On 11 Apr 2003, Andrew Bartlett wrote:
> On Fri, 2003-04-11 at 09:04, John H Terpstra wrote:
> > On Thu, 10 Apr 2003, Alfredo Ramos wrote:
> >
> > > John, are you telling me that it is normal behavior for two smbd
> > > connections from different users to share the same process id?
> > >
> > > Maybe I don't understand how samba manages connections, but this behavior
> > > hardly seems normal. I mean, I've been running samba for at least four
> > > years and this behavior just started with this release.
> > >
> > > Please, can you elaborate a little more on why this is expected behavior?
> > > I would assume that after a period of inactivity the samba server should
> > > close any non-active connections. But even if it does not close the
> > > connection, it should certainly not inherit the process id from a previous
> > > login session.
> >
> > Alfredo,
> >
> > The protocol stack is the secret.
> >
> > IP-|->TCP->|->SMB->NetBIOS->Named Pipes->MS ONC DCE RPC->RPC Services
> > |->UDP->|
>
> Let's get this stack right...
>
> IP-|->TCP->|->NetBIOS->SMB->IPC$->Named Pipes->MS ONC DCE RPC->RPC Services
> ->shares
> |->UDP->|
>
> >
> > Operations are mulitplexed over the named pipes. It is NOT uncommon for
> > each SMB operation to con-currently run 8 or more communication sessions
> > over the same named pipe. This makes decoding Microsoft protocols so
> > interesting.
>
> Just to clarify, there are multiple operations over the SMB layer, both
> multiple users and multiple shares. One user can use a share opened by
> another user.
>
> Then we have the IPC$ share, which may be open by multiple users
> (including guest) like any other, but tends to be kept open...
>
> Then a user (ie, the system) opens a named pipe, and I think even then
> we can become a different user again...
>
> Yes, it's a mess :-)
>
> > The client may open the IPC$ share as the null user (to obtain share
> > information), or as an authenticated user, usually both happen, typically
> > it keeps the null connection open - there is no good reason to close it.
> >
> > Secondly, Samba does NOT control clients, clients control Samba. That is
> > the way it is with SMB protocols. It is only the client that drops
> > sessions if it chooses to. Samba does not drop client connections.
> >
> > If you want to understand this better grab an XP Pro client and a Windows
> > 2000 Server and using Ethereal monitor the traffic. Also, on your Windows
> > XP Pro client you should from control panel / administrative options run
> > the Machine Manager MMC and locate the panel that will allow you to see
> > all open and current connections to your samba or Win2K server.
> >
> > You will see that what smbstatus reports is in fact what the client will
> > report in the way of open connections. You are seeing only the named pipes
> > that are open.
> >
> > smbstatus is not reporting multiple smbds that have the same pid, it is
> > reporting the named pipe sessions that are open over a single smbd.
>
> Or open shares, or all sorts of things. Particularly nasty with clients
> that 'omit' to send a tree disconnect (MS did this to workaround what
> they claimed to be bugs in 'third party' smb server).
>
> Typically, it won't close the vuid till the last user of the share is
> finished. XP seems to be even worse on this :-(
>
> > - John T.
> >
> > >
> > > Al.
> > >
> > > ---------------------------------------------------------------------------------
> > > | Alfredo Ramos
> > > This space available for rent. | Educational Technology
> > > Get your product moving. Advertise here! | Rice University.
> > > | Email: ralf at is.rice.edu
> > > ---------------------------------------------------------------------------------
> > >
> > > On Wed, 9 Apr 2003, John H Terpstra wrote:
> > >
> > > > On Wed, 9 Apr 2003, Alfredo Ramos wrote:
> > > >
> > > > > Yes of course, they are. One user logs off, and another one logs in. That
> > > > > is normal. What is not normal is the mixing of loggins and pids.
> > > >
> > > > This is expected behaviour. It is the MS Windows client machine that does
> > > > NOT close the connection to the IPC$ share.
> > > >
> > > > >
> > > > > Very strange!
> > > >
> > > > Not at all. The IPC$ share can be connected to as either the current user
> > > > or anonymously (null user). This connection is used to obtain information
> > > > about the SMB server, like shares, access ability, etc.
> > > >
> > > > - John T.
> > > >
> > > > >
> > > > > Thanks for the reply John.
> > > > >
> > > > > Al.
> > > > >
> > > > > ---------------------------------------------------------------------------------
> > > > > | Alfredo Ramos
> > > > > This space available for rent. | Educational Technology
> > > > > Get your product moving. Advertise here! | Rice University.
> > > > > | Email: ralf at is.rice.edu
> > > > > ---------------------------------------------------------------------------------
> > > > >
> > > > > On Wed, 9 Apr 2003, John H Terpstra wrote:
> > > > >
> > > > > > Alfredo,
> > > > > >
> > > > > > The connections that appear to have the same pid - they are from multiple
> > > > > > logons on the same machine are they not? Please confirm.
> > > > > >
> > > > > > - John T.
> > > > > >
> > > > > >
> > > > > > On Wed, 9 Apr 2003, Alfredo Ramos wrote:
> > > > > >
> > > > > > > I'm running the latest samba release (2.2.8a), and everything seems to
> > > > > > > be running fine. Except for something that does not look quite right.
> > > > > > >
> > > > > > > Connections to the IPC$ share are being left behind by samba once the
> > > > > > > user has logged off. And what's even more troubling is that the pid
> > > > > > > associated with the lingering IPC$ connection is picked up by the next
> > > > > > > smbd process, and then you have one pid associated with more that one
> > > > > > > smbd connection. Smbstatus as well as ps report the same weird status.
> > > > > > >
> > > > > > > Here's a sample output from both:
> > > > > > >
> > > > > > > /usr/site/samba-2.2.8a/bin/smbstatus
> > > > > > > Samba version 2.2.8a
> > > > > > >
> > > > > > > Service uid gid pid machine
> > > > > > > ----------------------------------------------
> > > > > > >
> > > > > > > riffraff riffraff student 11775 mudd104 Wed Apr 9 14:04:26 2003
> > > > > > > IPC$ leana7 student 11775 mudd104 Wed Apr 9 11:42:10 2003
> > > > > > > IPC$ ralf rstaff 11526 mudd110 Wed Apr 9 10:13:14 2003
> > > > > > > IPC$ ksgarcia student 11526 mudd110 Wed Apr 9 11:09:28 2003
> > > > > > > IPC$ rakowitz student 12026 mudd111 Wed Apr 9 13:29:10 2003
> > > > > > >
> > > > > > >
> > > > > > > ps -ef | grep smbd
> > > > > > > root 11526 170 smbd -s/usr/site/samba-2.2.8a/lib/smb.conf-NEW
> > > > > > > root 12026 170 smbd -s/usr/site/samba-2.2.8a/lib/smb.conf-NEW
> > > > > > > riffraff 11775 170 smbd -s/usr/site/samba-2.2.8a/lib/smb.conf-NEW
> > > > > > >
> > > > > > >
> > > > > > > Please, can somebody explain this?????
> > > > > > >
> > > > > > > I'm running on a Solaris 8 box and the clients are all Win2K SP2.
> > > > > > >
> > > > > > > Thank you.
> > > > > > >
> > > > > > > Al
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > > --
> > > > > > John H Terpstra
> > > > > > Email: jht at samba.org
> > > > > > --
> > > > > > To unsubscribe from this list go to the following URL and read the
> > > > > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > > > > >
> > > > >
> > > >
> > > > --
> > > > John H Terpstra
> > > > Email: jht at samba.org
> > > >
> > >
> >
> > --
> > John H Terpstra
> > Email: jht at samba.org
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> --
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
>
More information about the samba
mailing list