[Samba] Flooded log with '..session closed for user nobody'

BW m40636067 at gmail.com
Fri Dec 23 10:12:54 UTC 2022 

Done!

And restarted smbd and re-authenticated client

[global]
        include = /etc/samba/smb_shares.conf
        log file = /var/log/samba/log.%m
        log level = 1
        logging = file
        max log size = 1100
        obey pam restrictions = Yes
        pam password change = Yes
        panic action = /usr/share/samba/panic-action %d
        passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        passwd program = /usr/bin/passwd %u
        server min protocol = SMB2_02
        unix password sync = Yes
        workgroup = LOCAL

[ARCHIVE]
        comment = R1 5TB Archive
        create mask = 0770
        directory mask = 0770
        path = /mnt/R1_archive/
        read only = No

I transfered one file, 1.5GB, and I got 4 "session closed for user nobody"
during the transfer:

Dec 23 11:04:47 SRV01 systemd[1]: Stopped Samba SMB Daemon.
Dec 23 11:04:47 SRV01 systemd[1]: Starting Samba SMB Daemon...
Dec 23 11:04:47 SRV01 systemd[1]: Started Samba SMB Daemon.
Dec 23 11:05:05 SRV01 smbd[588]: pam_unix(samba:session): session opened
for user bw by (uid=0)
Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:21 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:21 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:47 SRV01 smbd[665]: pam_unix(samba:session): session opened
for user bw by (uid=0)

On Fri, Dec 23, 2022 at 10:14 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:

>
>
> On 23/12/2022 08:52, BW via samba wrote:
> > My journal get's flooded with these entries:
> > 2022-12-22 09.14.07  SRV99  smbd     6      pam_unix(samba:session):
> > session closed for user nobody
> >
> > Especially when transferring files from a client to a share (in this case
> > from W10, IP 10.0.1.146, netbios disabled on Windows), authenticated
> > successfully by user "bw"
> >
> > All folders-permissions on the share is:
> > Group: DATAR5 (RWX)
> > OWNER: bw (RWX)
> > User "bw" is member of the group "DATAR5"
> >
> > smbstatus:
> > Samba version 4.9.5-Debian
> > PID     Username     Group        Machine
> >   Protocol Version  Encryption           Signing
> >
> ----------------------------------------------------------------------------------------------------------------------------------------
> > 19676   bw           bw           10.0.1.184 (ipv4:10.0.1.184:51807)
> > SMB3_11           -                    partial(AES-128-CMAC)
> > 16903   bw           bw           10.0.1.146 (ipv4:10.0.1.146:56584)
> > SMB3_11           -                    partial(AES-128-CMAC)
> > 23296   bw           bw           10.0.1.146 (ipv4:10.0.1.146:62674)
> > SMB3_11           -                    partial(AES-128-CMAC)
> > 16903   bw           bw           10.0.1.146 (ipv4:10.0.1.146:56584)
> > SMB3_11           -                    partial(AES-128-CMAC)
> > 16202   bw           bw           10.0.1.130 (ipv4:10.0.1.130:52980)
> > SMB3_11           -                    partial(AES-128-CMAC)
> >
> > smb.conf:
> > [global]
> >          include = /etc/samba/smb_shares.conf
> >          log file = /var/log/samba/log.%m
> >          log level = 1
> >          logging = file
> >          map to guest = Bad User
> >          max log size = 1100
> >          obey pam restrictions = Yes
> >          pam password change = Yes
> >          panic action = /usr/share/samba/panic-action %d
> >          passwd chat = *Enter\snew\s*\spassword:* %n\n
> > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> >          passwd program = /usr/bin/passwd %u
> >          server min protocol = SMB2_02
> >          unix password sync = Yes
> >          workgroup = LOCAL.domain.DK <http://local.domain.dk/>
> >
> > [ARCHIVE]
> >          comment = R1 5TB Archive
> >          create mask = 0770
> >          directory mask = 0770
> >          path = /mnt/R1_archive/
> >          read only = No
> >
> > Any idea how I can prevent these log-entries?
>
> Try removing the 'map to guest' line, then guest access will not be
> tried. You should also probably fix your workgroup (aka NetBIOS domain
> name) name, it really shouldn't have dots in it.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list