[Samba] a lot of nonbody session with same pid
Alberto Maria Fiaschi
alberto.fiaschi at estar.toscana.it
Mon Apr 19 13:48:38 UTC 2021
Not using local user.
all user are in openldap.
----- Messaggio originale -----
> Your setup of wrong.
> Sorry..
>
> cat /etc/adduser.conf look at these defaults.
> Now look at the values your using.
>
> idmap config * : range = 100-120 < and increase this range ..
> idmap config AOUP : range = 200-9999999999999
>
> UID/GIDs may not overlap one other.
>
> That needs fixing first.
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Alberto Maria Fiaschi via samba
> > Verzonden: maandag 19 april 2021 10:16
> > Aan: Rowland penny
> > CC: samba at lists.samba.org
> > Onderwerp: Re: [Samba] a lot of nonbody session with same pid
> >
> > I make a test machine. The sever is member of AD domain
> > (config at he end of these mail).
> > The behavior is identical. The PCs that are in workgroups
> > generate many sessions with the nobody user, especially when
> > they open excell files or run some program.
> > The server SO is Ubuntu 20.04.2 LTS with samba ver 4.11.6-Ubuntu .
> >
> > [global]
> > workgroup = AOUP
> > security = ADS
> > SERVER ROLE = MEMBER SERVER
> > realm = AOUP.LAN
> > map untrusted to domain = Yes
> > winbind refresh tickets = Yes
> > winbind nss info = rfc2307
> > idmap config * : range = 100-120
> > username map = /etc/samba/user.map
> > idmap config AOUP : backend = ad
> > idmap config AOUP : unix_nss_info
> > idmap config AOUP :schema_mode = rfc2307
> > idmap config AOUP :unix_nss_info = yes
> > idmap config AOUP : range = 200-9999999999999
> > vfs objects = acl_xattr
> > map acl inherit = Yes
> > store dos attributes = Yes
> > dedicated keytab file = /etc/krb5.keytab
> > kerberos method = secrets and keytab
> > winbind use default domain = yes
> > load printers = no
> > printing = bsd
> > printcap name = /dev/null
> > disable spoolss = yes
> >
> > server min protocol = NT1
> > #restrict anonymous = 2
> > map to guest = never
> > usershare allow guests = no
> > create mask = 0777
> > directory mask = 0777
> > nt acl support = yes
> > case sensitive = No
> > # disabilito supporto stampanti
> > load printers = no
> > printing = bsd
> > printcap name = /dev/null
> > disable spoolss = yes
> > min receivefile size = 16384
> > use sendfile = true
> > strict allocate = Yes
> >
> > aio read size = 16384
> > aio write size = 16384
> > write cache size = 65536
> > map hidden = no
> > map system = no
> > map archive = no
> > map readonly = no
> > store dos attributes = yes
> > strict locking = no
> > follow symlinks = yes
> > unix extensions = yes
> >
> > #unix charset = utf-8
> > #dos charset = cp1250
> >
> > dos charset = 850
> > unix charset = ISO8859-1
> >
> >
> > smb ports = 445
> > smb encrypt = desired
> > log file = /var/log/samba/%I.log
> > log level = 3
> > #log level = 1 auth:2 passdb:2 idmap:2
> >
> > [Test]
> > path = /sambatest/shares
> > read only = no
> >
> >
> >
> > [TEST2]
> > comment = Cartella documenti TEST
> > path = /sambatest/shares/Uosi/groups/TEST2
> > valid users = @uosi_vpn_ro, at uosi_vpn_rw
> > write list = @uosi_vpn_rw
> > force user = nobody
> > force group = uosi_quota
> >
> >
> > 79,1 97%
> >
> >
> >
> >
> > ----- Messaggio originale -----
> > > On 14/04/2021 14:31, Alberto Maria Fiaschi via samba wrote:
> > > > hi ,
> > > > I have thousands of nobody connections that remain
> > active. smbstatus shows
> > > > tens of connections with the same pid. The server is
> > configured as CLASSIC
> > > > PRIMARY DOMAIN CONTROLLER with openldap backend. I have
> > about 3000 clients
> > > > connecting. almost all are not in domain (heterogeneous
> > workgroups). The
> > > > only cases in which the problem does not occur are those
> > of some PCs that
> > > > are part of an AD domain (strange because the server does
> > not know the
> > > > other domain).
> > > > This is a big problem because it slows down the server
> > and makes the files
> > > > under / var / cache / samba grow considerably
> > > > I tried to change many options, but the behavior remained
> > the same. Some
> > > > advice ? Please help!
> > > > Samba version 4.7.6-Ubuntu on Ubuntu 18.04.5 LTS
> > > >
> > >
> > > Go to the Acer notebook and turn off the Guest user.
> > >
> > > Can I also suggest that you start making plans to upgrade
> > to AD, SMBv1
> > > is going away and a PDC must use SMBv1.
> > >
> > > Rowland
> > >
> > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> >
> > --
> > Alberto Maria Fiaschi
> > alberto.fiaschi at estar.toscana.it
> > ESTAR - Ente di Supporto Tecnico Amministrativo Regionale
> > Dip.to Tecnologie Informatiche
> > Area: Tecnologie Informatiche Nord-Ovest
> > UOC: Reti e Sistemi Area Nord-Ovest
> > c/o Azienda Ospedaliero Universitaria Pisana
> > Presidio Ospedaliero Spedali Riuniti Santa Chiara
> > Via Roma, 67 - 56126 Pisa, Italy
> > Tel. +39 050 99 3117
> > Fax +39 050 99 3396
> > profilo su https://it.linkedin.com/in/alberto-fiaschi
> >
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Alberto Maria Fiaschi
alberto.fiaschi at estar.toscana.it
ESTAR - Ente di Supporto Tecnico Amministrativo Regionale
Dip.to Tecnologie Informatiche
Area: Tecnologie Informatiche Nord-Ovest
UOC: Reti e Sistemi Area Nord-Ovest
c/o Azienda Ospedaliero Universitaria Pisana
Presidio Ospedaliero Spedali Riuniti Santa Chiara
Via Roma, 67 - 56126 Pisa, Italy
Tel. +39 050 99 3117
Fax +39 050 99 3396
profilo su https://it.linkedin.com/in/alberto-fiaschi
More information about the samba
mailing list