[Samba] Lingering IPC$ connections

John H Terpstra jht at samba.org
Thu Apr 10 23:04:02 GMT 2003


On Thu, 10 Apr 2003, Alfredo Ramos wrote:

> John, are you telling me that it is normal behavior for two smbd
> connections from different users to share the same process id?
>
> Maybe I don't understand how samba manages connections, but this behavior
> hardly seems normal. I mean, I've been running samba for at least four
> years and this behavior just started with this release.
>
> Please, can you elaborate a little more on why this is expected behavior?
> I would assume that after a period of inactivity the samba server should
> close any non-active connections. But even if it does not close the
> connection, it should certainly not inherit the process id from a previous
> login session.

Alfredo,

The protocol stack is the secret.

IP-|->TCP->|->SMB->NetBIOS->Named Pipes->MS ONC DCE RPC->RPC Services
   |->UDP->|

Operations are mulitplexed over the named pipes. It is NOT uncommon for
each SMB operation to con-currently run 8 or more communication sessions
over the same named pipe. This makes decoding Microsoft protocols so
interesting.

The client may open the IPC$ share as the null user (to obtain share
information), or as an authenticated user, usually both happen, typically
it keeps the null connection open - there is no good reason to close it.

Secondly, Samba does NOT control clients, clients control Samba. That is
the way it is with SMB protocols. It is only the client that drops
sessions if it chooses to. Samba does not drop client connections.

If you want to understand this better grab an XP Pro client and a Windows
2000 Server and using Ethereal monitor the traffic. Also, on your Windows
XP Pro client you should from control panel / administrative options run
the Machine Manager MMC and locate the panel that will allow you to see
all open and current connections to your samba or Win2K server.

You will see that what smbstatus reports is in fact what the client will
report in the way of open connections. You are seeing only the named pipes
that are open.

smbstatus is not reporting multiple smbds that have the same pid, it is
reporting the named pipe sessions that are open over a single smbd.


- John T.

>
> Al.
>
> ---------------------------------------------------------------------------------
>                                            | Alfredo Ramos
> This space available for rent.             | Educational Technology
> Get your product moving. Advertise here!   | Rice University.
>                                            | Email: ralf at is.rice.edu
> ---------------------------------------------------------------------------------
>
> On Wed, 9 Apr 2003, John H Terpstra wrote:
>
> > On Wed, 9 Apr 2003, Alfredo Ramos wrote:
> >
> > > Yes of course, they are. One user logs off, and another one logs in. That
> > > is normal. What is not normal is the mixing of loggins and pids.
> >
> > This is expected behaviour. It is the MS Windows client machine that does
> > NOT close the connection to the IPC$ share.
> >
> > >
> > > Very strange!
> >
> > Not at all. The IPC$ share can be connected to as either the current user
> > or anonymously (null user). This connection is used to obtain information
> > about the SMB server, like shares, access ability, etc.
> >
> > - John T.
> >
> > >
> > > Thanks for the reply John.
> > >
> > > Al.
> > >
> > > ---------------------------------------------------------------------------------
> > >                                            | Alfredo Ramos
> > > This space available for rent.             | Educational Technology
> > > Get your product moving. Advertise here!   | Rice University.
> > >                                            | Email: ralf at is.rice.edu
> > > ---------------------------------------------------------------------------------
> > >
> > > On Wed, 9 Apr 2003, John H Terpstra wrote:
> > >
> > > > Alfredo,
> > > >
> > > > The connections that appear to have the same pid - they are from multiple
> > > > logons on the same machine are they not? Please confirm.
> > > >
> > > > - John T.
> > > >
> > > >
> > > > On Wed, 9 Apr 2003, Alfredo Ramos wrote:
> > > >
> > > > > I'm running the latest samba release (2.2.8a), and everything seems to
> > > > > be running fine. Except for something that does not look quite right.
> > > > >
> > > > > Connections to the IPC$ share are being left behind by samba once the
> > > > > user has logged off. And what's even more troubling is that the pid
> > > > > associated with the lingering IPC$ connection is picked up by the next
> > > > > smbd process, and then you have one pid associated with more that one
> > > > > smbd connection. Smbstatus as well as ps report the same weird status.
> > > > >
> > > > > Here's a sample output from both:
> > > > >
> > > > > /usr/site/samba-2.2.8a/bin/smbstatus
> > > > > Samba version 2.2.8a
> > > > >
> > > > > Service      uid      gid      pid     machine
> > > > > ----------------------------------------------
> > > > >
> > > > > riffraff     riffraff student  11775  mudd104 Wed Apr  9 14:04:26 2003
> > > > > IPC$         leana7   student  11775  mudd104 Wed Apr  9 11:42:10 2003
> > > > > IPC$         ralf     rstaff   11526  mudd110 Wed Apr  9 10:13:14 2003
> > > > > IPC$         ksgarcia student  11526  mudd110 Wed Apr  9 11:09:28 2003
> > > > > IPC$         rakowitz student  12026  mudd111 Wed Apr  9 13:29:10 2003
> > > > >
> > > > >
> > > > > ps -ef | grep smbd
> > > > > root 11526   170  smbd -s/usr/site/samba-2.2.8a/lib/smb.conf-NEW
> > > > > root 12026   170  smbd -s/usr/site/samba-2.2.8a/lib/smb.conf-NEW
> > > > > riffraff 11775   170 smbd -s/usr/site/samba-2.2.8a/lib/smb.conf-NEW
> > > > >
> > > > >
> > > > > Please, can somebody explain this?????
> > > > >
> > > > > I'm running on a Solaris 8 box and the clients are all Win2K SP2.
> > > > >
> > > > > Thank you.
> > > > >
> > > > > Al
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > --
> > > > John H Terpstra
> > > > Email: jht at samba.org
> > > > --
> > > > To unsubscribe from this list go to the following URL and read the
> > > > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > > >
> > >
> >
> > --
> > John H Terpstra
> > Email: jht at samba.org
> >
>

-- 
John H Terpstra
Email: jht at samba.org


More information about the samba mailing list