[Samba] Flooded log with '..session closed for user nobody'

Rowland Penny rpenny at samba.org
Fri Dec 23 09:13:30 UTC 2022 


On 23/12/2022 08:52, BW via samba wrote:
> My journal get's flooded with these entries:
> 2022-12-22 09.14.07  SRV99  smbd     6      pam_unix(samba:session):
> session closed for user nobody
> 
> Especially when transferring files from a client to a share (in this case
> from W10, IP 10.0.1.146, netbios disabled on Windows), authenticated
> successfully by user "bw"
> 
> All folders-permissions on the share is:
> Group: DATAR5 (RWX)
> OWNER: bw (RWX)
> User "bw" is member of the group "DATAR5"
> 
> smbstatus:
> Samba version 4.9.5-Debian
> PID     Username     Group        Machine
>   Protocol Version  Encryption           Signing
> ----------------------------------------------------------------------------------------------------------------------------------------
> 19676   bw           bw           10.0.1.184 (ipv4:10.0.1.184:51807)
> SMB3_11           -                    partial(AES-128-CMAC)
> 16903   bw           bw           10.0.1.146 (ipv4:10.0.1.146:56584)
> SMB3_11           -                    partial(AES-128-CMAC)
> 23296   bw           bw           10.0.1.146 (ipv4:10.0.1.146:62674)
> SMB3_11           -                    partial(AES-128-CMAC)
> 16903   bw           bw           10.0.1.146 (ipv4:10.0.1.146:56584)
> SMB3_11           -                    partial(AES-128-CMAC)
> 16202   bw           bw           10.0.1.130 (ipv4:10.0.1.130:52980)
> SMB3_11           -                    partial(AES-128-CMAC)
> 
> smb.conf:
> [global]
>          include = /etc/samba/smb_shares.conf
>          log file = /var/log/samba/log.%m
>          log level = 1
>          logging = file
>          map to guest = Bad User
>          max log size = 1100
>          obey pam restrictions = Yes
>          pam password change = Yes
>          panic action = /usr/share/samba/panic-action %d
>          passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>          passwd program = /usr/bin/passwd %u
>          server min protocol = SMB2_02
>          unix password sync = Yes
>          workgroup = LOCAL.domain.DK <http://local.domain.dk/>
> 
> [ARCHIVE]
>          comment = R1 5TB Archive
>          create mask = 0770
>          directory mask = 0770
>          path = /mnt/R1_archive/
>          read only = No
> 
> Any idea how I can prevent these log-entries?

Try removing the 'map to guest' line, then guest access will not be 
tried. You should also probably fix your workgroup (aka NetBIOS domain 
name) name, it really shouldn't have dots in it.

Rowland

More information about the samba mailing list