[Samba] samba-4.17.12: for each smb user there are 4 nobody.nogroup smb-connections

Wed Feb 7 13:20:43 UTC 2024

On Wed, 7 Feb 2024 13:18:45 +0100
Rainer Krienke via samba <samba at lists.samba.org> wrote:

> Hello,
> 
> I run a samba server which is not the domain controller. So 
> authentication of users is done by the native Windows domain
> controller and the samba-server has just joined the domain.
> 
> It serves files stored on linux NFS file servers to windows users. 
> Basically this workes fine and is a service running in this config
> for years on SUSE SLES15SP5 systems.
> 
> Since a while each new samba version shows for each user (in
> smbstatus -b) on average 4 more smb connections that belong to
> nobody.nogroup . At the moment I count 67 users in smbstatus -b and
> 305 smb nobody connections. It seems to me that these processes are
> eating up "open files" because over time I also had to increase the
> number ob open files by a factor of 10 to 196608 by now else I would
> get a "to many open files error from samba".
> 
> The number of nobody's is increasing all the time and never gets
> smaller again except in case of a reboot :-).
> 
> Is there anything I can do to avoid this nobody trouble? Any ideas?
> 
> My smb.conf is this:
> 
> [global]
>          workgroup = MYNAME
>          server string = Samba on smbhost (version %v)
>          unix extensions = no
>          wide links = yes
>          kernel oplocks = no
>          oplocks = yes
>          posix locking = no
>          acl allow execute always = yes
>          store dos attributes = no
>          socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=60 
> TCP_KEEPCNT=3 TCP_KEEPINTVL=3
>          max open files = 196608
>          deadtime = 15
>          getwd cache = yes
>          stat cache = yes
>          browseable = no
>          use sendfile = true
>          hide files = /desktop.ini/
>          disable netbios = yes
>          smb ports = 445
>          dos charset = CP850
>          unix charset = CP850
>          name resolve order = host wins bcast
>          netbios name = smbhostverw
>          netbios aliases = smbhostverwalias1 smbhostverwalias2
> vwstorage2 clustering = no
>          passdb backend = tdbsam
>          vfs objects = fileid
>          realm = MYNAME.MYDOMAIN
>          security = ADS
>          winbind use default domain = no
>          winbind max domain connections = 10
>          winbind max clients = 1000
>          winbind reconnect delay = 20
>          map to guest = Bad User
>          idmap config MYNAME : backend = nss
>          idmap config MYNAME : range = 0-2000000
>          idmap config MYNAMW : read only = yes
>          idmap config * : backend = tdb
>          idmap config * : range = 3000000-4000000
>          idmap config * : read only = no
>          map acl inherit = yes
>          include = /etc/samba/smbshares.conf
> 
> Thank you very much,
> Rainer

Interesting smb.conf, you may want to read 'man smb.conf' to identify
the lines you could remove, now you are not using NetBIOS.

However, your problem is being caused because you are allowing guest
access 'map to guest = Bad User' and presumably 'guest ok = yes' in the
shares. Any unknown or 'guest' users are silently mapped to 'nobody'
because of these settings. The cure is easy, stop 'guest' access and
require a valid username & password, unless you require guest access,
in which case you will have to put it up with your problem.

Rowland