[Samba] a lot of nonbody session with same pid
L.P.H. van Belle
belle at bazuin.nl
Mon Apr 19 08:34:03 UTC 2021
Your setup of wrong.
Sorry..
cat /etc/adduser.conf look at these defaults.
Now look at the values your using.
idmap config * : range = 100-120 < and increase this range ..
idmap config AOUP : range = 200-9999999999999
UID/GIDs may not overlap one other.
That needs fixing first.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Alberto Maria Fiaschi via samba
> Verzonden: maandag 19 april 2021 10:16
> Aan: Rowland penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] a lot of nonbody session with same pid
>
> I make a test machine. The sever is member of AD domain
> (config at he end of these mail).
> The behavior is identical. The PCs that are in workgroups
> generate many sessions with the nobody user, especially when
> they open excell files or run some program.
> The server SO is Ubuntu 20.04.2 LTS with samba ver 4.11.6-Ubuntu .
>
> [global]
> workgroup = AOUP
> security = ADS
> SERVER ROLE = MEMBER SERVER
> realm = AOUP.LAN
> map untrusted to domain = Yes
> winbind refresh tickets = Yes
> winbind nss info = rfc2307
> idmap config * : range = 100-120
> username map = /etc/samba/user.map
> idmap config AOUP : backend = ad
> idmap config AOUP : unix_nss_info
> idmap config AOUP :schema_mode = rfc2307
> idmap config AOUP :unix_nss_info = yes
> idmap config AOUP : range = 200-9999999999999
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> winbind use default domain = yes
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> server min protocol = NT1
> #restrict anonymous = 2
> map to guest = never
> usershare allow guests = no
> create mask = 0777
> directory mask = 0777
> nt acl support = yes
> case sensitive = No
> # disabilito supporto stampanti
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
> min receivefile size = 16384
> use sendfile = true
> strict allocate = Yes
>
> aio read size = 16384
> aio write size = 16384
> write cache size = 65536
> map hidden = no
> map system = no
> map archive = no
> map readonly = no
> store dos attributes = yes
> strict locking = no
> follow symlinks = yes
> unix extensions = yes
>
> #unix charset = utf-8
> #dos charset = cp1250
>
> dos charset = 850
> unix charset = ISO8859-1
>
>
> smb ports = 445
> smb encrypt = desired
> log file = /var/log/samba/%I.log
> log level = 3
> #log level = 1 auth:2 passdb:2 idmap:2
>
> [Test]
> path = /sambatest/shares
> read only = no
>
>
>
> [TEST2]
> comment = Cartella documenti TEST
> path = /sambatest/shares/Uosi/groups/TEST2
> valid users = @uosi_vpn_ro, at uosi_vpn_rw
> write list = @uosi_vpn_rw
> force user = nobody
> force group = uosi_quota
>
>
> 79,1 97%
>
>
>
>
> ----- Messaggio originale -----
> > On 14/04/2021 14:31, Alberto Maria Fiaschi via samba wrote:
> > > hi ,
> > > I have thousands of nobody connections that remain
> active. smbstatus shows
> > > tens of connections with the same pid. The server is
> configured as CLASSIC
> > > PRIMARY DOMAIN CONTROLLER with openldap backend. I have
> about 3000 clients
> > > connecting. almost all are not in domain (heterogeneous
> workgroups). The
> > > only cases in which the problem does not occur are those
> of some PCs that
> > > are part of an AD domain (strange because the server does
> not know the
> > > other domain).
> > > This is a big problem because it slows down the server
> and makes the files
> > > under / var / cache / samba grow considerably
> > > I tried to change many options, but the behavior remained
> the same. Some
> > > advice ? Please help!
> > > Samba version 4.7.6-Ubuntu on Ubuntu 18.04.5 LTS
> > >
> >
> > Go to the Acer notebook and turn off the Guest user.
> >
> > Can I also suggest that you start making plans to upgrade
> to AD, SMBv1
> > is going away and a PDC must use SMBv1.
> >
> > Rowland
> >
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
> --
> Alberto Maria Fiaschi
> alberto.fiaschi at estar.toscana.it
> ESTAR - Ente di Supporto Tecnico Amministrativo Regionale
> Dip.to Tecnologie Informatiche
> Area: Tecnologie Informatiche Nord-Ovest
> UOC: Reti e Sistemi Area Nord-Ovest
> c/o Azienda Ospedaliero Universitaria Pisana
> Presidio Ospedaliero Spedali Riuniti Santa Chiara
> Via Roma, 67 - 56126 Pisa, Italy
> Tel. +39 050 99 3117
> Fax +39 050 99 3396
> profilo su https://it.linkedin.com/in/alberto-fiaschi
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list