[Samba] Samba 4.3.11

Rowland Penny rpenny at samba.org
Wed Jul 11 07:23:37 UTC 2018


On Tue, 10 Jul 2018 18:41:09 -0400
rac8006 at aol.com wrote:

> 
>  Here is the smb.conf file.  The process that I straced is smbd -D
> running on the WD MyCloud.  It is running debian with busybox.  
> 
> Is there a way to determine who or what contacted the My cloud?  I
> usually have three My Cloud devices on the network.  One running
> debian linux with samba 4.0.0rc5 the other two clouds run 4.3.11 on a
> busybox system.  I also have a laptop running windows 10 pro
> connected most of the time.  I also have a dlink dns-323 running
> 3.0.24.  I also have two windows 10 Pro systems that are used to
> record local TV from 8:00PM to 11:00PM.  These windows PC's have the
> My Clouds Public folders mapped to a drive letter.
> 
> 
> Not sure what other information is required.
> 
> MarksBrothers:~# cat /etc/samba/smb.conf
> [ global ]
> netbios name = MarksBrothers
> server string = WDMyCloud
> veto files = /:2eDS_Store/.bin/Network Trash
> Folder/.systemfile/lost+found/Nas_Prog/mirrored/uploaded/.wdmc/.AppleDouble/
> workgroup = RACGROUP security = user
> passdb backend = smbpasswd
> ldap ssl = no
> local master = no
> os level = 0
> preferred master = no
> smb2 leases = yes
> fruit:copyfile= yes
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
> max protocol = SMB3
> max xmit = 131072
> max log size = 10
> log level = 0
> socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=2097152
> SO_SNDBUF=2097152 delete veto files = yes
> unix charset = UTF8
> encrypt passwords = yes
> map to guest = bad user
> null passwords = yes
> guest account = nobody
> dns proxy = no
> use mmap = yes
> use spnego = yes
> disable netbios = no
> strict allocate = yes
> csc policy = disable
> min receivefile size = 16k
> allocation roundup size = 0
> create mask = 0777
> directory mask  = 0777
> force create mode = 0777
> force directory mode = 0777
> use sendfile = yes
> smb passwd file = /etc/samba/smbpasswd
> disable spoolss = yes
> nt acl support = yes
> acl map full control = yes
> load printers = no
> unix extensions = no
> follow symlinks = yes
> wide links = yes
> printable = no
> include = /etc/samba/tm_config.conf
> 
> [ Public ]
> comment =
> path = /mnt/HD/HD_a2/Public
> browseable = yes
> public = yes
> available = yes
> oplocks = yes
> map archive = no
> guest ok = yes
> writable = yes
> # !!properties = "media_serving","remote_access"
> 
> [ SmartWare ]
> comment =
> path = /mnt/HD/HD_a2/SmartWare
> browseable = yes
> public = yes
> available = yes
> oplocks = yes
> map archive = no
> guest ok = yes
> writable = yes
> # !!properties = "remote_access"
> 
> [ TimeMachineBackup ]
> comment =
> path = /mnt/HD/HD_a2/TimeMachineBackup
> browseable = yes
> public = yes
> available = yes
> oplocks = yes
> map archive = no
> guest ok = yes
> writable = yes
> # !!properties = "remote_access"
> 

There doesn't seem to be anything there that will give you your
problem, there are lots and lots of default settings and you really
should be using the default 'tdbsam' passdb backend.

Do you have any Apple computers or phones ?

When Samba starts it will start several processes and when something
connects to a share, smbd will fork into another process to deal with
this. It sounds like this is your problem, something is connecting to
Samba on a regular basis and you need to find out where this connection
is coming from. It could be that one of your Windows machines is
infected.

Rowland



More information about the samba mailing list