[Samba] Samba4 ClassicUpgrade
Fabio Monteiro
fabioitb at yahoo.com.br
Tue Dec 2 07:30:38 MST 2014
Hi Rowland.
Yes, I'm fixing the clients but until fix all I block port 88. I'm
installing/running antivirus in this machines.
I blocked the 88 port by iptables for while to not let unavailable my DC
server. It's temporary.
Thanks.
Fabio Monteiro
-------- Mensagem original --------
Assunto: Re: [Samba] Samba4 ClassicUpgrade
De: Rowland Penny <rowlandpenny at googlemail.com>
Para: fabioitb at yahoo.com.br, sambalist <samba at lists.samba.org>
Data: 02/12/2014 12:17
> On 02/12/14 13:04, Fabio Monteiro wrote:
>> Hi, Rowland!
>>
>> I know kerberos uses 88 tcp/udp port but the traffic from some client
>> machines (15 machines) was unbelievable. I think this clients has virus.
>>
>> Fabio Monteiro
>>
>> -------- Mensagem original --------
>> Assunto: Re: [Samba] Samba4 ClassicUpgrade
>> De: Rowland Penny <rowlandpenny at googlemail.com>
>> Para: samba at lists.samba.org
>> Data: 02/12/2014 10:42
>>
>>> On 02/12/14 12:10, Fabio Monteiro wrote:
>>>> Hi all.
>>>>
>>>> Problems resolved!
>>>>
>>>> I found the samba process that was increasing the memory after I ran
>>>> the netstat from PID and I discovered that the process opened 88/464
>>>> tcp/udp port.
>>>> After I ran tcpdump program in my DC server listening udp 88 port and
>>>> I found many clients machines sending traffic a lot to my DC server. I
>>>> blocked the ips from clients machines by iptables and the samba
>>>> process stoped to consume memory.
>>>>
>>>> To resolve another problem I just commented full_audit options in my
>>>> smb.conf file and now the command "samba-tool ntacl sysvolreset" works
>>>> without errors and I'm able to create GPOs.
>>>>
>>>> Thanks
>>>>
>>>> Fabio Monteiro
>>>>
>>>> -------- Mensagem original --------
>>>> Assunto: [Samba] Samba4 ClassicUpgrade
>>>> De: Fabio Monteiro <fabioitb at yahoo.com.br>
>>>> Para: samba at lists.samba.org
>>>> Data: 25/11/2014 13:17
>>>>
>>>>> Hi, guys.
>>>>>
>>>>> I had a server Debian with samba (PDC) 3.6 and ldap, but I needed
>>>>> upgrade to samba (AD) 4.1.13 with classicupgrade command.
>>>>>
>>>>> See below the command:
>>>>>
>>>>> # samba-tool domain classicupgrade --dbdir=/root/backup/var/lib/samba/
>>>>> --use-xattrs=yes --dns-backend=BIND9_DLZ --realm=test.local
>>>>> /root/backup/etc/samba/smb.conf
>>>>>
>>>>> The users, groups and machines was imported sucesful but the
>>>>> upgrade has
>>>>> some problems.
>>>>>
>>>>> * When I start samba, there are one process that it's increasing the
>>>>> memory until error. The process starts with 500MB but it's increasing
>>>>> and 2 or 3 days after the process it's with 6GB and the server has
>>>>> only
>>>>> 8GB RAM.
>>>>>
>>>>> See the top below:
>>>>>
>>>>> PID %CPU Size Res Res Res
>>>>> Res Shared Faults Command
>>>>> Used KB Set Text Data Lib
>>>>> KB Min Maj
>>>>> 13959 24.9 4917724 4425780 76 0 4417236
>>>>> 9972 206 0 samba
>>>>>
>>>>> # ps_mem.py
>>>>>
>>>>> Private + Shared = RAM used Program
>>>>> 560.3 MiB + 49.9 MiB = 610.1 MiB smbd (103)
>>>>> 4.4 GiB + 13.8 MiB = 4.4 GiB samba (13)
>>>>>
>>>>> See the nestat from the PID:
>>>>>
>>>>> netstat -putan | grep 13959
>>>>>
>>>>> tcp 0 0 192.168.0.5:464 0.0.0.0:* LISTEN
>>>>> 13959/samba
>>>>> tcp 0 0 127.0.0.1:464 0.0.0.0:* LISTEN
>>>>> 13959/samba
>>>>> tcp 0 0 192.168.0.5:88 0.0.0.0:* LISTEN
>>>>> 13959/samba
>>>>> tcp 0 0 127.0.0.1:88 0.0.0.0:* LISTEN
>>>>> 13959/samba
>>>>> udp 0 0 192.168.0.5:88 0.0.0.0:* 13959/samba
>>>>> udp 0 0 127.0.0.1:88 0.0.0.0:* 13959/samba
>>>>> udp 0 0 192.168.0.5:464 0.0.0.0:* 13959/samba
>>>>> udp 0 0 127.0.0.1:464 0.0.0.0:* 13959/samba
>>>>>
>>>>> * I'm not able to create group policies and show me the message below:
>>>>>
>>>>> Isn't possible to attribute this security identification as object's
>>>>> owner.
>>>>>
>>>>> Thanks a lot.
>>>>>
>>>>> Best regards.
>>>>>
>>>>> Fabio Monteiro
>>>>>
>>>>>
>>> I take it you know port 88 is the kerberos port ?
>>>
>>> Rowland
>>>
>
> In which case, find the clients that have a virus **AND* *fix them!!!!
>
> Turning off port 88 is not a fix.
>
> Rowland
More information about the samba
mailing list