[Samba] a lot of nonbody session with same pid
Alberto Maria Fiaschi
alberto.fiaschi at estar.toscana.it
Wed Apr 14 13:31:53 UTC 2021
hi ,
I have thousands of nobody connections that remain active. smbstatus shows tens of connections with the same pid. The server is configured as CLASSIC PRIMARY DOMAIN CONTROLLER with openldap backend. I have about 3000 clients connecting. almost all are not in domain (heterogeneous workgroups). The only cases in which the problem does not occur are those of some PCs that are part of an AD domain (strange because the server does not know the other domain).
This is a big problem because it slows down the server and makes the files under / var / cache / samba grow considerably
I tried to change many options, but the behavior remained the same. Some advice ? Please help!
Samba version 4.7.6-Ubuntu on Ubuntu 18.04.5 LTS
____________________________________
part of smbstatus -b output ...
9933 e.dibartolo Domain Users 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM partial(AES-128-CMAC)
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM -
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM -
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM -
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM -
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM -
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM -
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM -
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM -
9933 nobody nogroup 172.30.71.216 (ipv4:172.30.71.216:63856) SMB3_11 AES-128-CCM -
___________________________________
__ log start of a session _________
apped domain from [] to [AOUP] for user [] from workstation [BATMAR-ACERNBK]
[2021/04/14 14:18:31.679298, 5, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/user_info.c:64(make_user_i
nfo)
attempting to make a user_info for ()
[2021/04/14 14:18:31.679328, 5, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/user_info.c:72(make_user_i
nfo)
making strings for 's user_info struct
[2021/04/14 14:18:31.679344, 5, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/user_info.c:125(make_user_info)
making blobs for 's user_info struct
[2021/04/14 14:18:31.679359, 10, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/user_info.c:176(make_user_info)
made a user_info for ()
[2021/04/14 14:18:31.679373, 3, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user []\[]@[BATMAR-ACERNBK] with the new password interface
[2021/04/14 14:18:31.679389, 3, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [AOUP]\[]@[BATMAR-ACERNBK]
[2021/04/14 14:18:31.679404, 10, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:202(auth_check_ntlm_password)
check_ntlm_password: auth_context challenge created by random
[2021/04/14 14:18:31.679420, 10, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:204(auth_check_ntlm_password)
challenge is:
[2021/04/14 14:18:31.679434, 5, pid=4834, effective(0, 0), real(0, 0)] ../lib/util/util.c:515(dump_data)
[0000] D3 C5 6A 7A BE 12 D4 1F
check_ntlm_password: mapped user is: [AOUP]\[]@[BATMAR-ACERNBK]
[2021/04/14 14:18:31.679404, 10, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:202(auth_check_ntlm
_password)
check_ntlm_password: auth_context challenge created by random
[2021/04/14 14:18:31.679420, 10, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:204(auth_check_ntlm
_password)
challenge is:
[2021/04/14 14:18:31.679434, 5, pid=4834, effective(0, 0), real(0, 0)] ../lib/util/util.c:515(dump_data)
[0000] D3 C5 6A 7A BE 12 D4 1F ..jz....
[2021/04/14 14:18:31.679459, 10, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth_builtin.c:41(check_guest_security)
Check auth for: []
[2021/04/14 14:18:31.679480, 3, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:256(auth_check_ntlm_password)
auth_check_ntlm_password: guest authentication for user [] succeeded
[2021/04/14 14:18:31.679520, 3, pid=4834, effective(0, 0), real(0, 0)] ../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user []\[] at [mer, 14 apr 2021 14:18:31.679496 CEST] with [(null)] status [NT_STATUS_OK] workstation [BATMAR-ACERNBK] remote host [ipv4:172.30.10.1:64192] became [AOUP]\[nobody] [S-1-5-21-1146166441-2403190732-1965087569-501]. local host [ipv4:172.24.81.3:445]
[2021/04/14 14:18:31.679589, 3, pid=4834, effective(0, 0), real(0, 0)] ../auth/auth_log.c:220(log_json)
JSON Authentication: {"timestamp": "2021-04-14T14:18:31.679542+0200", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_OK", "localAddress": "ipv4:172.24.81.3:445", "remoteAddress": "ipv4:172.30.10.1:64192", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "", "workstation": "BATMAR-ACERNBK", "becameAccount": "nobody", "becameDomain": "AOUP", "becameSid": "S-1-5-XXXXX-XXXXXXXXXXXX-501", "mappedAccount": "", "mappedDomain": "AOUP", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": "(NULL SID)", "passwordType": null}}
[2021/04/14 14:18:31.679676, 5, pid=4834, effective(0, 0), real(0, 0), class="auth"] ../source3/auth/auth.c:314(auth_check_ntlm_password)
check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded
check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded
[2021/04/14 14:18:31.679693, 10, pid=4834, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:227(auth3_check_passwor
d)
Got NT session key of length 16
[2021/04/14 14:18:31.679708, 10, pid=4834, effective(0, 0), real(0, 0)] ../source3/auth/auth_ntlmssp.c:234(auth3_check_password)
Got LM session key of length 16
[2021/04/14 14:18:31.679722, 10, pid=4834, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_server.c:874(ntlmssp_server_postauth)
ntlmssp_server_auth: Using unmodified nt session key.
[2021/04/14 14:18:31.679745, 3, pid=4834, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
NTLMSSP Sign/Seal - Initialising with flags:
[2021/04/14 14:18:31.679760, 3, pid=4834, effective(0, 0), real(0, 0)] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xe2088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP_NEGOTIATE_56
[2021/04/14 14:18:31.679865, 50, pid=4834, effective(0, 0), real(0, 0), class="tevent"] ../lib/util/tevent_debug.c:66(samba_tevent_debug)
samba_tevent: Schedule immediate event "tevent_req_trigger": 0x5641e3224280
Successful AuthZ: [SMB2,NTLMSSP] user [AOUP]\[nobody] [S-1-5-21-1146166441-2403190732-1965087569-501] at [mer, 14 apr 2021 14:18:31.680263 CEST] Remote host [ipv4:172.30.10.1:64192] local host [ipv4:172.24.81.3:445]
[2021/04/14 14:18:31.680327, 4, pid=4834, effective(0, 0), real(0, 0)] ../auth/auth_log.c:220(log_json)
JSON Authorization: {"timestamp": "2021-04-14T14:18:31.680292+0200", "type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 0}, "localAddress": "ipv4:172.24.81.3:445", "remoteAddress": "ipv4:172.30.10.1:64192", "serviceDescription": "SMB2", "authType": "NTLMSSP", "domain": "AOUP", "account": "nobody", "sid": "S-1-5-21-1146166441-2403190732-1965087569-501", "logonServer": null, "transportProtection": "SMB", "accountFlags": "0x00000000"}}
[2021/04/14 14:18:31.680410, 6, pid=4834, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2328(lp_file_list_changed)
lp_file_list_changed()
file /samba/servers_config/%i -> /samba/servers_config/172.24.81.3 last mod_time: Fri Apr 2 16:44:39 2021
________________________________________________________________________
__________________________________________
my smb.conf
[global]
workgroup = AOUP
SERVER ROLE = CLASSIC PRIMARY DOMAIN CONTROLLER
server string = AOUPSRV file server
ntlm auth = yes
idmap cache time = 302400
map untrusted to domain = yes
netbios name = zfs-cis
passdb backend = ldapsam:"ldap://ldap.aop.int/"
client NTLMv2 auth = yes
client lanman auth = no
usershare max shares = 0
restrict anonymous = 2
usershare allow guests = no
log file = /var/log/samba/%I.log
hide dot files = yes
max log size = 15000
time server = Yes
deadtime = 25
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
local master = no
logon script = logon.bat
ldap ssl = off
idmap config * : range = 990-1000
idmap config AOUP : range = 1001-999999
ldapsam:trusted = yes
ldap admin dn = cn=manager,dc=aop,dc=int
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Users
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = ou=aoup,ou=samba,ou=servizi,dc=aop,dc=int
ldap user suffix = ou=Users
create mask = 0777
directory mask = 0777
case sensitive = No
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
wins server = 172.29.10.128
wins proxy = yes
dns proxy = yes
debug uid = yes
min receivefile size = 16384
use sendfile = true
strict allocate = Yes
aio read size = 16384
aio write size = 16384
write cache size = 65536
map hidden = no
map system = no
map archive = no
map readonly = no
store dos attributes = yes
unix extensions = yes
smb ports = 445
smb encrypt = desired
server min protocol = NT1
client ipc min protocol = NT1
vfs objects = shadow_copy2
include = /samba/servers_config/%i
--
Alberto Maria Fiaschi
alberto.fiaschi at estar.toscana.it
ESTAR - Ente di Supporto Tecnico Amministrativo Regionale
Dip.to Tecnologie Informatiche
Area: Tecnologie Informatiche Nord-Ovest
UOC: Reti e Sistemi Area Nord-Ovest
c/o Azienda Ospedaliero Universitaria Pisana
Presidio Ospedaliero Spedali Riuniti Santa Chiara
Via Roma, 67 - 56126 Pisa, Italy
Tel. +39 050 99 3117
Fax +39 050 99 3396
profilo su https://it.linkedin.com/in/alberto-fiaschi
More information about the samba
mailing list