[Samba] flood of (auth in progress) connections from unresponsive windows client crashing samba

Rowland penny rpenny at samba.org
Fri Aug 30 14:51:30 UTC 2019 

On 30/08/2019 15:27, David Walling wrote:
> I left in some of the parameters I've been testing commented out.
>
> Interestingly, we've noticed another client triggering the same type 
> of symptoms every morning at around the same time.  Those symptoms 
> being a line 'lookup_name_smbconf for COMPUTERNAME$ failed' and a 
> flood of failed connection attempts from the same client.  The issue 
> seemed to resolve itself after a few minutes in this last case.  I 
> happened to be watch smbstatus at the time it occurred.
>
>
> [global]
>         netbios name = service-samba4
>         #socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 
> SO_SNDBUF=65536
>         #idmap uid = 100000-200000
>         #winbind enum users = yes
>         winbind gid = 100000-200000
>         workgroup = PRODUCTION
>         os level = 20
>         winbind enum groups = yes
>         socket address = dc.production.redacted.org
>         password server = *
>         preferred master = no
>         winbind separator = +
>         max log size = 20000
>         log level = 1 smbd:10
>         log file = /var/log/samba/log.%m
>         encrypt passwords = yes
>         dns proxy = no
>         realm = PRODUCTION.REDACTED.ORG
>         security = ADS
>         wins server = dc.production.redacted.org
>         wins proxy = no
>
>         #oplocks = False
>         #level2 oplocks = False
>
>         #dos filemode = yes
>         #enable privileges = yes
>
>  username map = /etc/samba/user_and_group_map.txt
>
>         #client max protocol = SMB3_02
>         #server max protocol = SMB3_02
>
>         # ACL Settings
>         vfs objects = acl_xattr
>         map acl inherit = yes
>         nt acl support = yes
>         store dos attributes = no
>
>         # Multichannel
>         #server multi channel support = yes
>         aio read size = 0
>         aio write size = 0
>
>         # Prevent zombie processes
>         deadtime = 15
>         csc policy = disable
>
> [share1]
>         path = /samba/share1
>         browseable = yes
>         read only = no
>         inherit acls = yes
>         inherit permissions = yes
>         #oplocks = False
>         #level2 oplocks = False
>         create mask = 700
>         directory mask = 700
>         valid users = @"G-817803"
>         #acl_xattr:ignore system acl = yes
>         hosts allow =  redacted
>
Before I get involoved in deeply reading your smb.conf, can you answer a 
couple of questions:


What is in '/etc/samba/user_and_group_map.txt' ?

Are you using sssd ?


Rowland

More information about the samba mailing list