[Samba] Lingering IPC$ connections
Andrew Bartlett
abartlet at samba.org
Fri Apr 11 02:01:50 GMT 2003
On Fri, 2003-04-11 at 09:04, John H Terpstra wrote:
> On Thu, 10 Apr 2003, Alfredo Ramos wrote:
>
> > John, are you telling me that it is normal behavior for two smbd
> > connections from different users to share the same process id?
> >
> > Maybe I don't understand how samba manages connections, but this behavior
> > hardly seems normal. I mean, I've been running samba for at least four
> > years and this behavior just started with this release.
> >
> > Please, can you elaborate a little more on why this is expected behavior?
> > I would assume that after a period of inactivity the samba server should
> > close any non-active connections. But even if it does not close the
> > connection, it should certainly not inherit the process id from a previous
> > login session.
>
> Alfredo,
>
> The protocol stack is the secret.
>
> IP-|->TCP->|->SMB->NetBIOS->Named Pipes->MS ONC DCE RPC->RPC Services
> |->UDP->|
Let's get this stack right...
IP-|->TCP->|->NetBIOS->SMB->IPC$->Named Pipes->MS ONC DCE RPC->RPC Services
->shares
|->UDP->|
>
> Operations are mulitplexed over the named pipes. It is NOT uncommon for
> each SMB operation to con-currently run 8 or more communication sessions
> over the same named pipe. This makes decoding Microsoft protocols so
> interesting.
Just to clarify, there are multiple operations over the SMB layer, both
multiple users and multiple shares. One user can use a share opened by
another user.
Then we have the IPC$ share, which may be open by multiple users
(including guest) like any other, but tends to be kept open...
Then a user (ie, the system) opens a named pipe, and I think even then
we can become a different user again...
Yes, it's a mess :-)
> The client may open the IPC$ share as the null user (to obtain share
> information), or as an authenticated user, usually both happen, typically
> it keeps the null connection open - there is no good reason to close it.
>
> Secondly, Samba does NOT control clients, clients control Samba. That is
> the way it is with SMB protocols. It is only the client that drops
> sessions if it chooses to. Samba does not drop client connections.
>
> If you want to understand this better grab an XP Pro client and a Windows
> 2000 Server and using Ethereal monitor the traffic. Also, on your Windows
> XP Pro client you should from control panel / administrative options run
> the Machine Manager MMC and locate the panel that will allow you to see
> all open and current connections to your samba or Win2K server.
>
> You will see that what smbstatus reports is in fact what the client will
> report in the way of open connections. You are seeing only the named pipes
> that are open.
>
> smbstatus is not reporting multiple smbds that have the same pid, it is
> reporting the named pipe sessions that are open over a single smbd.
Or open shares, or all sorts of things. Particularly nasty with clients
that 'omit' to send a tree disconnect (MS did this to workaround what
they claimed to be bugs in 'third party' smb server).
Typically, it won't close the vuid till the last user of the share is
finished. XP seems to be even worse on this :-(
> - John T.
>
> >
> > Al.
> >
> > ---------------------------------------------------------------------------------
> > | Alfredo Ramos
> > This space available for rent. | Educational Technology
> > Get your product moving. Advertise here! | Rice University.
> > | Email: ralf at is.rice.edu
> > ---------------------------------------------------------------------------------
> >
> > On Wed, 9 Apr 2003, John H Terpstra wrote:
> >
> > > On Wed, 9 Apr 2003, Alfredo Ramos wrote:
> > >
> > > > Yes of course, they are. One user logs off, and another one logs in. That
> > > > is normal. What is not normal is the mixing of loggins and pids.
> > >
> > > This is expected behaviour. It is the MS Windows client machine that does
> > > NOT close the connection to the IPC$ share.
> > >
> > > >
> > > > Very strange!
> > >
> > > Not at all. The IPC$ share can be connected to as either the current user
> > > or anonymously (null user). This connection is used to obtain information
> > > about the SMB server, like shares, access ability, etc.
> > >
> > > - John T.
> > >
> > > >
> > > > Thanks for the reply John.
> > > >
> > > > Al.
> > > >
> > > > ---------------------------------------------------------------------------------
> > > > | Alfredo Ramos
> > > > This space available for rent. | Educational Technology
> > > > Get your product moving. Advertise here! | Rice University.
> > > > | Email: ralf at is.rice.edu
> > > > ---------------------------------------------------------------------------------
> > > >
> > > > On Wed, 9 Apr 2003, John H Terpstra wrote:
> > > >
> > > > > Alfredo,
> > > > >
> > > > > The connections that appear to have the same pid - they are from multiple
> > > > > logons on the same machine are they not? Please confirm.
> > > > >
> > > > > - John T.
> > > > >
> > > > >
> > > > > On Wed, 9 Apr 2003, Alfredo Ramos wrote:
> > > > >
> > > > > > I'm running the latest samba release (2.2.8a), and everything seems to
> > > > > > be running fine. Except for something that does not look quite right.
> > > > > >
> > > > > > Connections to the IPC$ share are being left behind by samba once the
> > > > > > user has logged off. And what's even more troubling is that the pid
> > > > > > associated with the lingering IPC$ connection is picked up by the next
> > > > > > smbd process, and then you have one pid associated with more that one
> > > > > > smbd connection. Smbstatus as well as ps report the same weird status.
> > > > > >
> > > > > > Here's a sample output from both:
> > > > > >
> > > > > > /usr/site/samba-2.2.8a/bin/smbstatus
> > > > > > Samba version 2.2.8a
> > > > > >
> > > > > > Service uid gid pid machine
> > > > > > ----------------------------------------------
> > > > > >
> > > > > > riffraff riffraff student 11775 mudd104 Wed Apr 9 14:04:26 2003
> > > > > > IPC$ leana7 student 11775 mudd104 Wed Apr 9 11:42:10 2003
> > > > > > IPC$ ralf rstaff 11526 mudd110 Wed Apr 9 10:13:14 2003
> > > > > > IPC$ ksgarcia student 11526 mudd110 Wed Apr 9 11:09:28 2003
> > > > > > IPC$ rakowitz student 12026 mudd111 Wed Apr 9 13:29:10 2003
> > > > > >
> > > > > >
> > > > > > ps -ef | grep smbd
> > > > > > root 11526 170 smbd -s/usr/site/samba-2.2.8a/lib/smb.conf-NEW
> > > > > > root 12026 170 smbd -s/usr/site/samba-2.2.8a/lib/smb.conf-NEW
> > > > > > riffraff 11775 170 smbd -s/usr/site/samba-2.2.8a/lib/smb.conf-NEW
> > > > > >
> > > > > >
> > > > > > Please, can somebody explain this?????
> > > > > >
> > > > > > I'm running on a Solaris 8 box and the clients are all Win2K SP2.
> > > > > >
> > > > > > Thank you.
> > > > > >
> > > > > > Al
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > > --
> > > > > John H Terpstra
> > > > > Email: jht at samba.org
> > > > > --
> > > > > To unsubscribe from this list go to the following URL and read the
> > > > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > > > >
> > > >
> > >
> > > --
> > > John H Terpstra
> > > Email: jht at samba.org
> > >
> >
>
> --
> John H Terpstra
> Email: jht at samba.org
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030411/e9802d0f/attachment.bin
More information about the samba
mailing list