Rainer Krienke
2024-Feb-07 12:18 UTC
[Samba] samba-4.17.12: for each smb user there are 4 nobody.nogroup smb-connections
Hello,
I run a samba server which is not the domain controller. So
authentication of users is done by the native Windows domain controller
and the samba-server has just joined the domain.
It serves files stored on linux NFS file servers to windows users.
Basically this workes fine and is a service running in this config for
years on SUSE SLES15SP5 systems.
Since a while each new samba version shows for each user (in smbstatus
-b) on average 4 more smb connections that belong to nobody.nogroup . At
the moment I count 67 users in smbstatus -b and 305 smb nobody
connections. It seems to me that these processes are eating up "open
files" because over time I also had to increase the number ob open files
by a factor of 10 to 196608 by now else I would get a "to many open
files error from samba".
The number of nobody's is increasing all the time and never gets smaller
again except in case of a reboot :-).
Is there anything I can do to avoid this nobody trouble? Any ideas?
My smb.conf is this:
[global]
workgroup = MYNAME
server string = Samba on smbhost (version %v)
unix extensions = no
wide links = yes
kernel oplocks = no
oplocks = yes
posix locking = no
acl allow execute always = yes
store dos attributes = no
socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=60
TCP_KEEPCNT=3 TCP_KEEPINTVL=3
max open files = 196608
deadtime = 15
getwd cache = yes
stat cache = yes
browseable = no
use sendfile = true
hide files = /desktop.ini/
disable netbios = yes
smb ports = 445
dos charset = CP850
unix charset = CP850
name resolve order = host wins bcast
netbios name = smbhostverw
netbios aliases = smbhostverwalias1 smbhostverwalias2 vwstorage2
clustering = no
passdb backend = tdbsam
vfs objects = fileid
realm = MYNAME.MYDOMAIN
security = ADS
winbind use default domain = no
winbind max domain connections = 10
winbind max clients = 1000
winbind reconnect delay = 20
map to guest = Bad User
idmap config MYNAME : backend = nss
idmap config MYNAME : range = 0-2000000
idmap config MYNAMW : read only = yes
idmap config * : backend = tdb
idmap config * : range = 3000000-4000000
idmap config * : read only = no
map acl inherit = yes
include = /etc/samba/smbshares.conf
Thank you very much,
Rainer
--
Rainer Krienke, Universit?t Koblenz, ZIMT
Raum A022, Universitaetsstrasse 1, 56070 Koblenz,
Tel: +49 261 287 1312, Fax +49 261 287 100 1312
PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html
Rowland Penny
2024-Feb-07 13:20 UTC
[Samba] samba-4.17.12: for each smb user there are 4 nobody.nogroup smb-connections
On Wed, 7 Feb 2024 13:18:45 +0100 Rainer Krienke via samba <samba at lists.samba.org> wrote:> Hello, > > I run a samba server which is not the domain controller. So > authentication of users is done by the native Windows domain > controller and the samba-server has just joined the domain. > > It serves files stored on linux NFS file servers to windows users. > Basically this workes fine and is a service running in this config > for years on SUSE SLES15SP5 systems. > > Since a while each new samba version shows for each user (in > smbstatus -b) on average 4 more smb connections that belong to > nobody.nogroup . At the moment I count 67 users in smbstatus -b and > 305 smb nobody connections. It seems to me that these processes are > eating up "open files" because over time I also had to increase the > number ob open files by a factor of 10 to 196608 by now else I would > get a "to many open files error from samba". > > The number of nobody's is increasing all the time and never gets > smaller again except in case of a reboot :-). > > Is there anything I can do to avoid this nobody trouble? Any ideas? > > My smb.conf is this: > > [global] > workgroup = MYNAME > server string = Samba on smbhost (version %v) > unix extensions = no > wide links = yes > kernel oplocks = no > oplocks = yes > posix locking = no > acl allow execute always = yes > store dos attributes = no > socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=60 > TCP_KEEPCNT=3 TCP_KEEPINTVL=3 > max open files = 196608 > deadtime = 15 > getwd cache = yes > stat cache = yes > browseable = no > use sendfile = true > hide files = /desktop.ini/ > disable netbios = yes > smb ports = 445 > dos charset = CP850 > unix charset = CP850 > name resolve order = host wins bcast > netbios name = smbhostverw > netbios aliases = smbhostverwalias1 smbhostverwalias2 > vwstorage2 clustering = no > passdb backend = tdbsam > vfs objects = fileid > realm = MYNAME.MYDOMAIN > security = ADS > winbind use default domain = no > winbind max domain connections = 10 > winbind max clients = 1000 > winbind reconnect delay = 20 > map to guest = Bad User > idmap config MYNAME : backend = nss > idmap config MYNAME : range = 0-2000000 > idmap config MYNAMW : read only = yes > idmap config * : backend = tdb > idmap config * : range = 3000000-4000000 > idmap config * : read only = no > map acl inherit = yes > include = /etc/samba/smbshares.conf > > Thank you very much, > RainerInteresting smb.conf, you may want to read 'man smb.conf' to identify the lines you could remove, now you are not using NetBIOS. However, your problem is being caused because you are allowing guest access 'map to guest = Bad User' and presumably 'guest ok = yes' in the shares. Any unknown or 'guest' users are silently mapped to 'nobody' because of these settings. The cure is easy, stop 'guest' access and require a valid username & password, unless you require guest access, in which case you will have to put it up with your problem. Rowland