[Samba] Samba4 ClassicUpgrade

Rowland Penny rowlandpenny at googlemail.com
Tue Dec 2 07:17:13 MST 2014


On 02/12/14 13:04, Fabio Monteiro wrote:
> Hi, Rowland!
>
> I know kerberos uses 88 tcp/udp port but the traffic from some client 
> machines (15 machines) was unbelievable. I think this clients has virus.
>
> Fabio Monteiro
>
> -------- Mensagem original --------
> Assunto: Re: [Samba] Samba4 ClassicUpgrade
> De: Rowland Penny <rowlandpenny at googlemail.com>
> Para: samba at lists.samba.org
> Data: 02/12/2014 10:42
>
>> On 02/12/14 12:10, Fabio Monteiro wrote:
>>> Hi all.
>>>
>>> Problems resolved!
>>>
>>> I found the samba process that was increasing the memory after I ran
>>> the netstat from PID and I discovered that the process opened 88/464
>>> tcp/udp port.
>>> After I ran tcpdump program in my DC server listening udp 88 port and
>>> I found many clients machines sending traffic a lot to my DC server. I
>>> blocked the ips from clients machines by iptables and the samba
>>> process stoped to consume memory.
>>>
>>> To resolve another problem I just commented full_audit options in my
>>> smb.conf file and now the command "samba-tool ntacl sysvolreset" works
>>> without errors and I'm able to create GPOs.
>>>
>>> Thanks
>>>
>>> Fabio Monteiro
>>>
>>> -------- Mensagem original --------
>>> Assunto: [Samba] Samba4 ClassicUpgrade
>>> De: Fabio Monteiro <fabioitb at yahoo.com.br>
>>> Para: samba at lists.samba.org
>>> Data: 25/11/2014 13:17
>>>
>>>> Hi, guys.
>>>>
>>>> I had a server Debian with samba (PDC) 3.6 and ldap, but I needed
>>>> upgrade to samba (AD) 4.1.13 with classicupgrade command.
>>>>
>>>> See below the command:
>>>>
>>>> # samba-tool domain classicupgrade --dbdir=/root/backup/var/lib/samba/
>>>> --use-xattrs=yes --dns-backend=BIND9_DLZ --realm=test.local
>>>> /root/backup/etc/samba/smb.conf
>>>>
>>>> The users, groups and machines was imported sucesful but the 
>>>> upgrade has
>>>> some problems.
>>>>
>>>> * When I start samba, there are one process that it's increasing the
>>>> memory until error. The process starts with 500MB but it's increasing
>>>> and 2 or 3 days after the process it's with 6GB and the server has 
>>>> only
>>>> 8GB RAM.
>>>>
>>>> See the top below:
>>>>
>>>> PID           %CPU    Size             Res               Res Res
>>>> Res            Shared        Faults      Command
>>>>                   Used      KB              Set Text Data Lib
>>>>            KB              Min    Maj
>>>> 13959        24.9     4917724     4425780      76       0 4417236
>>>>      9972          206    0    samba
>>>>
>>>> # ps_mem.py
>>>>
>>>>      Private  +   Shared  =  RAM used       Program
>>>> 560.3 MiB +  49.9 MiB = 610.1 MiB       smbd (103)
>>>>       4.4 GiB +  13.8 MiB =   4.4 GiB       samba (13)
>>>>
>>>> See the nestat from the PID:
>>>>
>>>> netstat -putan | grep 13959
>>>>
>>>> tcp        0      0 192.168.0.5:464 0.0.0.0:* LISTEN
>>>>         13959/samba
>>>> tcp        0      0 127.0.0.1:464 0.0.0.0:* LISTEN
>>>> 13959/samba
>>>> tcp        0      0 192.168.0.5:88 0.0.0.0:* LISTEN
>>>> 13959/samba
>>>> tcp        0      0 127.0.0.1:88 0.0.0.0:* LISTEN
>>>> 13959/samba
>>>> udp        0      0 192.168.0.5:88 0.0.0.0:* 13959/samba
>>>> udp        0      0 127.0.0.1:88 0.0.0.0:* 13959/samba
>>>> udp        0      0 192.168.0.5:464 0.0.0.0:* 13959/samba
>>>> udp        0      0 127.0.0.1:464 0.0.0.0:* 13959/samba
>>>>
>>>> * I'm not able to create group policies and show me the message below:
>>>>
>>>> Isn't possible to attribute this security identification as object's
>>>> owner.
>>>>
>>>> Thanks a lot.
>>>>
>>>> Best regards.
>>>>
>>>> Fabio Monteiro
>>>>
>>>>
>> I take it you know port 88 is the kerberos port ?
>>
>> Rowland
>>

In which case, find the clients that have a virus **AND* *fix them!!!!

Turning off port 88 is not a fix.

Rowland


More information about the samba mailing list