[Samba] Samba4 ClassicUpgrade

Fabio Monteiro fabioitb at yahoo.com.br
Tue Dec 2 07:30:38 MST 2014


Hi Rowland.

Yes, I'm fixing the clients but until fix all I block port 88. I'm 
installing/running antivirus in this machines.

I blocked the 88 port by iptables for while to not let unavailable my DC 
server. It's temporary.

Thanks.

Fabio Monteiro

-------- Mensagem original --------
Assunto: Re: [Samba] Samba4 ClassicUpgrade
De: Rowland Penny <rowlandpenny at googlemail.com>
Para: fabioitb at yahoo.com.br, sambalist <samba at lists.samba.org>
Data: 02/12/2014 12:17

> On 02/12/14 13:04, Fabio Monteiro wrote:
>> Hi, Rowland!
>>
>> I know kerberos uses 88 tcp/udp port but the traffic from some client
>> machines (15 machines) was unbelievable. I think this clients has virus.
>>
>> Fabio Monteiro
>>
>> -------- Mensagem original --------
>> Assunto: Re: [Samba] Samba4 ClassicUpgrade
>> De: Rowland Penny <rowlandpenny at googlemail.com>
>> Para: samba at lists.samba.org
>> Data: 02/12/2014 10:42
>>
>>> On 02/12/14 12:10, Fabio Monteiro wrote:
>>>> Hi all.
>>>>
>>>> Problems resolved!
>>>>
>>>> I found the samba process that was increasing the memory after I ran
>>>> the netstat from PID and I discovered that the process opened 88/464
>>>> tcp/udp port.
>>>> After I ran tcpdump program in my DC server listening udp 88 port and
>>>> I found many clients machines sending traffic a lot to my DC server. I
>>>> blocked the ips from clients machines by iptables and the samba
>>>> process stoped to consume memory.
>>>>
>>>> To resolve another problem I just commented full_audit options in my
>>>> smb.conf file and now the command "samba-tool ntacl sysvolreset" works
>>>> without errors and I'm able to create GPOs.
>>>>
>>>> Thanks
>>>>
>>>> Fabio Monteiro
>>>>
>>>> -------- Mensagem original --------
>>>> Assunto: [Samba] Samba4 ClassicUpgrade
>>>> De: Fabio Monteiro <fabioitb at yahoo.com.br>
>>>> Para: samba at lists.samba.org
>>>> Data: 25/11/2014 13:17
>>>>
>>>>> Hi, guys.
>>>>>
>>>>> I had a server Debian with samba (PDC) 3.6 and ldap, but I needed
>>>>> upgrade to samba (AD) 4.1.13 with classicupgrade command.
>>>>>
>>>>> See below the command:
>>>>>
>>>>> # samba-tool domain classicupgrade --dbdir=/root/backup/var/lib/samba/
>>>>> --use-xattrs=yes --dns-backend=BIND9_DLZ --realm=test.local
>>>>> /root/backup/etc/samba/smb.conf
>>>>>
>>>>> The users, groups and machines was imported sucesful but the
>>>>> upgrade has
>>>>> some problems.
>>>>>
>>>>> * When I start samba, there are one process that it's increasing the
>>>>> memory until error. The process starts with 500MB but it's increasing
>>>>> and 2 or 3 days after the process it's with 6GB and the server has
>>>>> only
>>>>> 8GB RAM.
>>>>>
>>>>> See the top below:
>>>>>
>>>>> PID           %CPU    Size             Res               Res Res
>>>>> Res            Shared        Faults      Command
>>>>>                   Used      KB              Set Text Data Lib
>>>>>            KB              Min    Maj
>>>>> 13959        24.9     4917724     4425780      76       0 4417236
>>>>>      9972          206    0    samba
>>>>>
>>>>> # ps_mem.py
>>>>>
>>>>>      Private  +   Shared  =  RAM used       Program
>>>>> 560.3 MiB +  49.9 MiB = 610.1 MiB       smbd (103)
>>>>>       4.4 GiB +  13.8 MiB =   4.4 GiB       samba (13)
>>>>>
>>>>> See the nestat from the PID:
>>>>>
>>>>> netstat -putan | grep 13959
>>>>>
>>>>> tcp        0      0 192.168.0.5:464 0.0.0.0:* LISTEN
>>>>>         13959/samba
>>>>> tcp        0      0 127.0.0.1:464 0.0.0.0:* LISTEN
>>>>> 13959/samba
>>>>> tcp        0      0 192.168.0.5:88 0.0.0.0:* LISTEN
>>>>> 13959/samba
>>>>> tcp        0      0 127.0.0.1:88 0.0.0.0:* LISTEN
>>>>> 13959/samba
>>>>> udp        0      0 192.168.0.5:88 0.0.0.0:* 13959/samba
>>>>> udp        0      0 127.0.0.1:88 0.0.0.0:* 13959/samba
>>>>> udp        0      0 192.168.0.5:464 0.0.0.0:* 13959/samba
>>>>> udp        0      0 127.0.0.1:464 0.0.0.0:* 13959/samba
>>>>>
>>>>> * I'm not able to create group policies and show me the message below:
>>>>>
>>>>> Isn't possible to attribute this security identification as object's
>>>>> owner.
>>>>>
>>>>> Thanks a lot.
>>>>>
>>>>> Best regards.
>>>>>
>>>>> Fabio Monteiro
>>>>>
>>>>>
>>> I take it you know port 88 is the kerberos port ?
>>>
>>> Rowland
>>>
>
> In which case, find the clients that have a virus **AND* *fix them!!!!
>
> Turning off port 88 is not a fix.
>
> Rowland


More information about the samba mailing list