[Samba] Reload config with SIGHUP does not immediately revoke access to host removed from hosts allow

Andrew Bartlett abartlet at samba.org
Thu Feb 1 06:39:25 UTC 2018

On Thu, 2018-02-01 at 10:50 +0530, Akash Jain via samba wrote:
> Hello All
> My samba-4.x server has lot of registry shares added. There are windows
> clients connected to it and I wanted to remove the access to one of the
> hosts.
> I did net conf setparm to set the updated list of IPs in "hosts allow"
> param and then reloaded samba config with killall -1 smbd .

> I see that the host which is not part of the hosts allow but already have a
> open window in Windows Explorer still continues to get the access for good
> amount of time which is a security flaw.
> I see that the smbd process serving that host (which we see in smbstatus
> command) received the reload config with and logs show that it reads the
> latest configuration for that registry share, but we do not see the effect
> immediately.
> Any idea why is it happening so? Is it a known behaviour or known issue?

To disconnect a client, see smbcontrol kill-client-ip.

Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list