[Samba] a lot of nonbody session with same pid

Alberto Maria Fiaschi alberto.fiaschi at estar.toscana.it
Wed Apr 14 13:31:53 UTC 2021 

hi , 
I have thousands of nobody connections that remain active. smbstatus shows tens of connections with the same pid. The server is configured as CLASSIC PRIMARY DOMAIN CONTROLLER with openldap backend. I have about 3000 clients connecting. almost all are not in domain (heterogeneous workgroups). The only cases in which the problem does not occur are those of some PCs that are part of an AD domain (strange because the server does not know the other domain). 
This is a big problem because it slows down the server and makes the files under / var / cache / samba grow considerably 
I tried to change many options, but the behavior remained the same. Some advice ? Please help! 
Samba version 4.7.6-Ubuntu on Ubuntu 18.04.5 LTS 

____________________________________ 
part of smbstatus -b output ... 

9933 e.dibartolo Domain Users 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM partial(AES-128-CMAC) 
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM - 
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM - 
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM - 
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM - 
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM - 
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM - 
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM - 
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM - 
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM - 

___________________________________ 

__ log start of a session _________ 
apped domain from [] to [AOUP] for user [] from workstation [BATMAR-ACERNBK] 
[2021/04/14 14:18:31.679298, 5, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/user_info.c:64(make_user_i 
nfo) 
attempting to make a user_info for () 
[2021/04/14 14:18:31.679328, 5, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/user_info.c:72(make_user_i 
nfo) 
making strings for 's user_info struct 
[2021/04/14 14:18:31.679344, 5, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/user_info.c:125(make_user_info) 
making blobs for 's user_info struct 
[2021/04/14 14:18:31.679359, 10, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/user_info.c:176(make_user_info) 
made a user_info for () 
[2021/04/14 14:18:31.679373, 3, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:189(auth_check_ntlm_password) 
check_ntlm_password: Checking password for unmapped user []\[]@[BATMAR-ACERNBK] with the new password interface 
[2021/04/14 14:18:31.679389, 3, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:192(auth_check_ntlm_password) 
check_ntlm_password: mapped user is: [AOUP]\[]@[BATMAR-ACERNBK] 
[2021/04/14 14:18:31.679404, 10, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:202(auth_check_ntlm_password) 
check_ntlm_password: auth_context challenge created by random 
[2021/04/14 14:18:31.679420, 10, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:204(auth_check_ntlm_password) 
challenge is: 
[2021/04/14 14:18:31.679434, 5, pid=4834, effective(0, 0), real(0, 0)] ../lib/util/util.c:515(dump_data) 
[0000] D3 C5 6A 7A BE 12 D4 1F 
check_ntlm_password: mapped user is: [AOUP]\[]@[BATMAR-ACERNBK] 
[2021/04/14 14:18:31.679404, 10, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:202(auth_check_ntlm 
_password) 
check_ntlm_password: auth_context challenge created by random 
[2021/04/14 14:18:31.679420, 10, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:204(auth_check_ntlm 
_password) 
challenge is: 
[2021/04/14 14:18:31.679434, 5, pid=4834, effective(0, 0), real(0, 0)] ../lib/util/util.c:515(dump_data) 
[0000] D3 C5 6A 7A BE 12 D4 1F ..jz.... 
[2021/04/14 14:18:31.679459, 10, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth_builtin.c:41(check_guest_security) 
Check auth for: [] 
[2021/04/14 14:18:31.679480, 3, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:256(auth_check_ntlm_password) 
auth_check_ntlm_password: guest authentication for user [] succeeded 
[2021/04/14 14:18:31.679520, 3, pid=4834, effective(0, 0), real(0, 0)] ../auth/auth_log.c:760(log_authentication_event_human_readable) 
Auth: [SMB2,(null)] user []\[] at [mer, 14 apr 2021 14:18:31.679496 CEST] with [(null)] status [NT_STATUS_OK] workstation [BATMAR-ACERNBK] remote host [ipv4:172.30.10.1:64192] became [AOUP]\[nobody] [S-1-5-21-1146166441-2403190732-1965087569-501]. local host [ipv4:172.24.81.3:445] 
[2021/04/14 14:18:31.679589, 3, pid=4834, effective(0, 0), real(0, 0)] ../auth/auth_log.c:220(log_json) 
JSON Authentication: {"timestamp": "2021-04-14T14:18:31.679542+0200", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_OK", "localAddress": "ipv4:172.24.81.3:445", "remoteAddress": "ipv4:172.30.10.1:64192", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "", "workstation": "BATMAR-ACERNBK", "becameAccount": "nobody", "becameDomain": "AOUP", "becameSid": "S-1-5-XXXXX-XXXXXXXXXXXX-501", "mappedAccount": "", "mappedDomain": "AOUP", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": "(NULL SID)", "passwordType": null}} 
[2021/04/14 14:18:31.679676, 5, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:314(auth_check_ntlm_password) 
check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded 
check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded 
[2021/04/14 14:18:31.679693, 10, pid=4834, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:227(auth3_check_passwor 
d) 
Got NT session key of length 16 
[2021/04/14 14:18:31.679708, 10, pid=4834, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:234(auth3_check_password) 
Got LM session key of length 16 
[2021/04/14 14:18:31.679722, 10, pid=4834, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_server.c:874(ntlmssp_server_postauth) 
ntlmssp_server_auth: Using unmodified nt session key. 
[2021/04/14 14:18:31.679745, 3, pid=4834, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset) 
NTLMSSP Sign/Seal - Initialising with flags: 
[2021/04/14 14:18:31.679760, 3, pid=4834, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) 
Got NTLMSSP neg_flags=0xe2088215 
NTLMSSP_NEGOTIATE_UNICODE 
NTLMSSP_REQUEST_TARGET 
NTLMSSP_NEGOTIATE_SIGN 
NTLMSSP_NEGOTIATE_NTLM 
NTLMSSP_NEGOTIATE_ALWAYS_SIGN 
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 
NTLMSSP_NEGOTIATE_VERSION 
NTLMSSP_NEGOTIATE_128 
NTLMSSP_NEGOTIATE_KEY_EXCH 
NTLMSSP_NEGOTIATE_56 
[2021/04/14 14:18:31.679865, 50, pid=4834, effective(0, 0), real(0, 0), class="tevent"] ../lib/util/tevent_debug.c:66(samba_tevent_debug) 
samba_tevent: Schedule immediate event "tevent_req_trigger": 0x5641e3224280 
Successful AuthZ: [SMB2,NTLMSSP] user [AOUP]\[nobody] [S-1-5-21-1146166441-2403190732-1965087569-501] at [mer, 14 apr 2021 14:18:31.680263 CEST] Remote host [ipv4:172.30.10.1:64192] local host [ipv4:172.24.81.3:445] 
[2021/04/14 14:18:31.680327, 4, pid=4834, effective(0, 0), real(0, 0)] ../auth/auth_log.c:220(log_json) 
JSON Authorization: {"timestamp": "2021-04-14T14:18:31.680292+0200", "type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 0}, "localAddress": "ipv4:172.24.81.3:445", "remoteAddress": "ipv4:172.30.10.1:64192", "serviceDescription": "SMB2", "authType": "NTLMSSP", "domain": "AOUP", "account": "nobody", "sid": "S-1-5-21-1146166441-2403190732-1965087569-501", "logonServer": null, "transportProtection": "SMB", "accountFlags": "0x00000000"}} 
[2021/04/14 14:18:31.680410, 6, pid=4834, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2328(lp_file_list_changed) 
lp_file_list_changed() 
file /samba/servers_config/%i -> /samba/servers_config/172.24.81.3 last mod_time: Fri Apr 2 16:44:39 2021 



________________________________________________________________________ 

__________________________________________ 
my smb.conf 
[global] 
workgroup = AOUP 
SERVER ROLE = CLASSIC PRIMARY DOMAIN CONTROLLER 
server string = AOUPSRV file server 
ntlm auth = yes 
idmap cache time = 302400 
map untrusted to domain = yes 
netbios name = zfs-cis 
passdb backend = ldapsam:"ldap://ldap.aop.int/" 
client NTLMv2 auth = yes 
client lanman auth = no 
usershare max shares = 0 
restrict anonymous = 2 
usershare allow guests = no 
log file = /var/log/samba/%I.log 
hide dot files = yes 
max log size = 15000 
time server = Yes 
deadtime = 25 
domain logons = Yes 
os level = 65 
preferred master = Yes 
domain master = Yes 
local master = no 
logon script = logon.bat 
ldap ssl = off 
idmap config * : range = 990-1000 
idmap config AOUP : range = 1001-999999 
ldapsam:trusted = yes 
ldap admin dn = cn=manager,dc=aop,dc=int 
ldap delete dn = Yes 
ldap group suffix = ou=Groups 
ldap idmap suffix = ou=Users 
ldap machine suffix = ou=Computers 
ldap passwd sync = Yes 
ldap suffix = ou=aoup,ou=samba,ou=servizi,dc=aop,dc=int 
ldap user suffix = ou=Users 
create mask = 0777 
directory mask = 0777 
case sensitive = No 
load printers = no 
printing = bsd 
printcap name = /dev/null 
disable spoolss = yes 
wins server = 172.29.10.128 
wins proxy = yes 
dns proxy = yes 
debug uid = yes 
min receivefile size = 16384 
use sendfile = true 
strict allocate = Yes 
aio read size = 16384 
aio write size = 16384 
write cache size = 65536 
map hidden = no 
map system = no 
map archive = no 
map readonly = no 
store dos attributes = yes 
unix extensions = yes 
smb ports = 445 
smb encrypt = desired 
server min protocol = NT1 
client ipc min protocol = NT1 
vfs objects = shadow_copy2 
include = /samba/servers_config/%i 






-- 
Alberto Maria Fiaschi 
alberto.fiaschi at estar.toscana.it 
ESTAR - Ente di Supporto Tecnico Amministrativo Regionale 
Dip.to Tecnologie Informatiche 
Area: Tecnologie Informatiche Nord-Ovest 
UOC: Reti e Sistemi Area Nord-Ovest 
c/o Azienda Ospedaliero Universitaria Pisana 
Presidio Ospedaliero Spedali Riuniti Santa Chiara 
Via Roma, 67 - 56126 Pisa, Italy 
Tel. +39 050 99 3117 
Fax +39 050 99 3396 
profilo su https://it.linkedin.com/in/alberto-fiaschi

More information about the samba mailing list