[Samba] Flooded log with '..session closed for user nobody'
BW
m40636067 at gmail.com
Fri Dec 23 10:12:54 UTC 2022
Done!
And restarted smbd and re-authenticated client
[global]
include = /etc/samba/smb_shares.conf
log file = /var/log/samba/log.%m
log level = 1
logging = file
max log size = 1100
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
server min protocol = SMB2_02
unix password sync = Yes
workgroup = LOCAL
[ARCHIVE]
comment = R1 5TB Archive
create mask = 0770
directory mask = 0770
path = /mnt/R1_archive/
read only = No
I transfered one file, 1.5GB, and I got 4 "session closed for user nobody"
during the transfer:
Dec 23 11:04:47 SRV01 systemd[1]: Stopped Samba SMB Daemon.
Dec 23 11:04:47 SRV01 systemd[1]: Starting Samba SMB Daemon...
Dec 23 11:04:47 SRV01 systemd[1]: Started Samba SMB Daemon.
Dec 23 11:05:05 SRV01 smbd[588]: pam_unix(samba:session): session opened
for user bw by (uid=0)
Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:21 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:21 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:47 SRV01 smbd[665]: pam_unix(samba:session): session opened
for user bw by (uid=0)
On Fri, Dec 23, 2022 at 10:14 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
>
>
> On 23/12/2022 08:52, BW via samba wrote:
> > My journal get's flooded with these entries:
> > 2022-12-22 09.14.07 SRV99 smbd 6 pam_unix(samba:session):
> > session closed for user nobody
> >
> > Especially when transferring files from a client to a share (in this case
> > from W10, IP 10.0.1.146, netbios disabled on Windows), authenticated
> > successfully by user "bw"
> >
> > All folders-permissions on the share is:
> > Group: DATAR5 (RWX)
> > OWNER: bw (RWX)
> > User "bw" is member of the group "DATAR5"
> >
> > smbstatus:
> > Samba version 4.9.5-Debian
> > PID Username Group Machine
> > Protocol Version Encryption Signing
> >
> ----------------------------------------------------------------------------------------------------------------------------------------
> > 19676 bw bw 10.0.1.184 (ipv4:10.0.1.184:51807)
> > SMB3_11 - partial(AES-128-CMAC)
> > 16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584)
> > SMB3_11 - partial(AES-128-CMAC)
> > 23296 bw bw 10.0.1.146 (ipv4:10.0.1.146:62674)
> > SMB3_11 - partial(AES-128-CMAC)
> > 16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584)
> > SMB3_11 - partial(AES-128-CMAC)
> > 16202 bw bw 10.0.1.130 (ipv4:10.0.1.130:52980)
> > SMB3_11 - partial(AES-128-CMAC)
> >
> > smb.conf:
> > [global]
> > include = /etc/samba/smb_shares.conf
> > log file = /var/log/samba/log.%m
> > log level = 1
> > logging = file
> > map to guest = Bad User
> > max log size = 1100
> > obey pam restrictions = Yes
> > pam password change = Yes
> > panic action = /usr/share/samba/panic-action %d
> > passwd chat = *Enter\snew\s*\spassword:* %n\n
> > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> > passwd program = /usr/bin/passwd %u
> > server min protocol = SMB2_02
> > unix password sync = Yes
> > workgroup = LOCAL.domain.DK <http://local.domain.dk/>
> >
> > [ARCHIVE]
> > comment = R1 5TB Archive
> > create mask = 0770
> > directory mask = 0770
> > path = /mnt/R1_archive/
> > read only = No
> >
> > Any idea how I can prevent these log-entries?
>
> Try removing the 'map to guest' line, then guest access will not be
> tried. You should also probably fix your workgroup (aka NetBIOS domain
> name) name, it really shouldn't have dots in it.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list