[Samba] Flooded log with '..session closed for user nobody'
BW
m40636067 at gmail.com
Fri Dec 23 11:54:52 UTC 2022
If I look in the client-specific samba log files, all the client have these
entries:
[2022/12/23 12:29:22.730613, 1]
../source3/smbd/service.c:346(create_connection_session_info)
create_connection_session_info: guest user (from session setup) not
permitted to access this share (DATA)
[2022/12/23 12:29:22.730654, 1]
../source3/smbd/service.c:529(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2022/12/23 12:29:22.736736, 1]
../source3/smbd/service.c:346(create_connection_session_info)
create_connection_session_info: guest user (from session setup) not
permitted to access this share (DATA)
[2022/12/23 12:29:22.736777, 1]
../source3/smbd/service.c:529(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
But the clients access the shares just fine!
At some point in time W10 Enterprise was change to: "no longer allow a user
to connect to a remote share by using guest credentials by default"
For W10 Enterprise to connect to a non-domain share you need to set the
registry key "AllowInsecureGuestAuth=1" to get access. You will then be
able to type in your credentials when prompted when accessing the share
(can you call this workgroup authentication?)
But I really don't see where/why "guest" come into the picture? Clients
don't authenticate as guest.
But maybe W10 do behind the scene? :-/
On Fri, Dec 23, 2022 at 11:12 AM BW <m40636067 at gmail.com> wrote:
> Done!
>
> And restarted smbd and re-authenticated client
>
> [global]
> include = /etc/samba/smb_shares.conf
> log file = /var/log/samba/log.%m
> log level = 1
> logging = file
> max log size = 1100
> obey pam restrictions = Yes
> pam password change = Yes
> panic action = /usr/share/samba/panic-action %d
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> passwd program = /usr/bin/passwd %u
> server min protocol = SMB2_02
> unix password sync = Yes
> workgroup = LOCAL
>
> [ARCHIVE]
> comment = R1 5TB Archive
> create mask = 0770
> directory mask = 0770
> path = /mnt/R1_archive/
> read only = No
>
> I transfered one file, 1.5GB, and I got 4 "session closed for user nobody"
> during the transfer:
>
> Dec 23 11:04:47 SRV01 systemd[1]: Stopped Samba SMB Daemon.
> Dec 23 11:04:47 SRV01 systemd[1]: Starting Samba SMB Daemon...
> Dec 23 11:04:47 SRV01 systemd[1]: Started Samba SMB Daemon.
> Dec 23 11:05:05 SRV01 smbd[588]: pam_unix(samba:session): session opened
> for user bw by (uid=0)
> Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed
> for user nobody
> Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed
> for user nobody
> Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed
> for user nobody
> Dec 23 11:06:21 SRV01 smbd[588]: pam_unix(samba:session): session closed
> for user nobody
> Dec 23 11:06:21 SRV01 smbd[588]: pam_unix(samba:session): session closed
> for user nobody
> Dec 23 11:06:47 SRV01 smbd[665]: pam_unix(samba:session): session opened
> for user bw by (uid=0)
>
> On Fri, Dec 23, 2022 at 10:14 AM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>>
>>
>> On 23/12/2022 08:52, BW via samba wrote:
>> > My journal get's flooded with these entries:
>> > 2022-12-22 09.14.07 SRV99 smbd 6 pam_unix(samba:session):
>> > session closed for user nobody
>> >
>> > Especially when transferring files from a client to a share (in this
>> case
>> > from W10, IP 10.0.1.146, netbios disabled on Windows), authenticated
>> > successfully by user "bw"
>> >
>> > All folders-permissions on the share is:
>> > Group: DATAR5 (RWX)
>> > OWNER: bw (RWX)
>> > User "bw" is member of the group "DATAR5"
>> >
>> > smbstatus:
>> > Samba version 4.9.5-Debian
>> > PID Username Group Machine
>> > Protocol Version Encryption Signing
>> >
>> ----------------------------------------------------------------------------------------------------------------------------------------
>> > 19676 bw bw 10.0.1.184 (ipv4:10.0.1.184:51807)
>> > SMB3_11 - partial(AES-128-CMAC)
>> > 16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584)
>> > SMB3_11 - partial(AES-128-CMAC)
>> > 23296 bw bw 10.0.1.146 (ipv4:10.0.1.146:62674)
>> > SMB3_11 - partial(AES-128-CMAC)
>> > 16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584)
>> > SMB3_11 - partial(AES-128-CMAC)
>> > 16202 bw bw 10.0.1.130 (ipv4:10.0.1.130:52980)
>> > SMB3_11 - partial(AES-128-CMAC)
>> >
>> > smb.conf:
>> > [global]
>> > include = /etc/samba/smb_shares.conf
>> > log file = /var/log/samba/log.%m
>> > log level = 1
>> > logging = file
>> > map to guest = Bad User
>> > max log size = 1100
>> > obey pam restrictions = Yes
>> > pam password change = Yes
>> > panic action = /usr/share/samba/panic-action %d
>> > passwd chat = *Enter\snew\s*\spassword:* %n\n
>> > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>> > passwd program = /usr/bin/passwd %u
>> > server min protocol = SMB2_02
>> > unix password sync = Yes
>> > workgroup = LOCAL.domain.DK <http://local.domain.dk/>
>> >
>> > [ARCHIVE]
>> > comment = R1 5TB Archive
>> > create mask = 0770
>> > directory mask = 0770
>> > path = /mnt/R1_archive/
>> > read only = No
>> >
>> > Any idea how I can prevent these log-entries?
>>
>> Try removing the 'map to guest' line, then guest access will not be
>> tried. You should also probably fix your workgroup (aka NetBIOS domain
>> name) name, it really shouldn't have dots in it.
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
More information about the samba
mailing list