[Samba] samba-4.17.12: for each smb user there are 4 nobody.nogroup smb-connections
Rainer Krienke
krienke at uni-koblenz.de
Tue Feb 13 10:11:21 UTC 2024
Am 07.02.24 um 14:20 schrieb Rowland Penny via samba:
> On Wed, 7 Feb 2024 13:18:45 +0100
> Rainer Krienke via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>>
>> I run a samba server which is not the domain controller. So
>> authentication of users is done by the native Windows domain
>> controller and the samba-server has just joined the domain.
>>
>> It serves files stored on linux NFS file servers to windows users.
>> Basically this workes fine and is a service running in this config
>> for years on SUSE SLES15SP5 systems.
>>
>> Since a while each new samba version shows for each user (in
>> smbstatus -b) on average 4 more smb connections that belong to
>> nobody.nogroup . At the moment I count 67 users in smbstatus -b and
>> 305 smb nobody connections. It seems to me that these processes are
>> eating up "open files" because over time I also had to increase the
>> number ob open files by a factor of 10 to 196608 by now else I would
>> get a "to many open files error from samba".
>>
>> The number of nobody's is increasing all the time and never gets
>> smaller again except in case of a reboot :-).
>>
>> Is there anything I can do to avoid this nobody trouble? Any ideas?
>>
>> My smb.conf is this:
>>
>> [global]
>> workgroup = MYNAME
>> server string = Samba on smbhost (version %v)
>> unix extensions = no
>> wide links = yes
>> kernel oplocks = no
>> oplocks = yes
>> posix locking = no
>> acl allow execute always = yes
>> store dos attributes = no
>> socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=60
>> TCP_KEEPCNT=3 TCP_KEEPINTVL=3
>> max open files = 196608
>> deadtime = 15
>> getwd cache = yes
>> stat cache = yes
>> browseable = no
>> use sendfile = true
>> hide files = /desktop.ini/
>> disable netbios = yes
>> smb ports = 445
>> dos charset = CP850
>> unix charset = CP850
>> name resolve order = host wins bcast
>> netbios name = smbhostverw
>> netbios aliases = smbhostverwalias1 smbhostverwalias2
>> vwstorage2 clustering = no
>> passdb backend = tdbsam
>> vfs objects = fileid
>> realm = MYNAME.MYDOMAIN
>> security = ADS
>> winbind use default domain = no
>> winbind max domain connections = 10
>> winbind max clients = 1000
>> winbind reconnect delay = 20
>> map to guest = Bad User
>> idmap config MYNAME : backend = nss
>> idmap config MYNAME : range = 0-2000000
>> idmap config MYNAMW : read only = yes
>> idmap config * : backend = tdb
>> idmap config * : range = 3000000-4000000
>> idmap config * : read only = no
>> map acl inherit = yes
>> include = /etc/samba/smbshares.conf
>>
>> Thank you very much,
>> Rainer
>
> Interesting smb.conf, you may want to read 'man smb.conf' to identify
> the lines you could remove, now you are not using NetBIOS.
>
> However, your problem is being caused because you are allowing guest
> access 'map to guest = Bad User' and presumably 'guest ok = yes' in the
> shares. Any unknown or 'guest' users are silently mapped to 'nobody'
> because of these settings. The cure is easy, stop 'guest' access and
> require a valid username & password, unless you require guest access,
> in which case you will have to put it up with your problem.
>
> Rowland
>
Hello Rowland,
thank you for yout hint to disallow guest access. This helped and it
seems all the anonymous share connects that happened bevore were really
unneeded.
And thank also for your broad hint :-) to remove the old netbios stuff
like netbios name and alias and name resolve order which were the first
ones I saw. At least they did no harm since netbios was turned off.
Thanks
Rainer
--
Rainer Krienke, Universität Koblenz, ZIMT
Raum A022, Universitaetsstrasse 1, 56070 Koblenz,
Tel: +49 261 287 1312, Postfach 20 16 02 | D-56016 Koblenz
PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html
More information about the samba
mailing list