Rowland Penny
2017-May-23 14:54 UTC
[Samba] Windows 10 spawning thousands of child processes on Samba 4.3.11 server
On Tue, 23 May 2017 16:34:29 +0200 Asbjorn Taugbol via samba <samba at lists.samba.org> wrote:> Yes, the users exist as both Linux and Samba users. My question was > if the Windows client user "Admin" also needs to be Linux and Samba > user. >There is no windows user called 'Admin', there is one called 'Administrator', if it is the later, then it is automatically mapped to 'root' on a DC, but, on anything else, you need to map it in smb.conf with a user.map setting. If it is a separate user called 'Admin', then this is treated as just another user and must exist in Samba and Unix on a standalone server.> Could be. This was not a problem in the old Samba 3.4. It all started > after switching to new Samba 4.3.11-Ubuntu.Quite a lot has changed between 3.4 and now. Rowland
Asbjorn Taugbol
2017-May-25 00:07 UTC
[Samba] Windows 10 spawning thousands of child processes on Samba 4.3.11 server
On Tue, May 23, 2017 at 4:54 PM, Rowland Penny <rpenny at samba.org> wrote:> On Tue, 23 May 2017 16:34:29 +0200 > Asbjorn Taugbol via samba <samba at lists.samba.org> wrote: > > > > Yes, the users exist as both Linux and Samba users. My question was > > if the Windows client user "Admin" also needs to be Linux and Samba > > user. > > > > There is no windows user called 'Admin', there is one called > 'Administrator', if it is the later, then it is automatically mapped to > 'root' on a DC, but, on anything else, you need to map it in smb.conf > with a user.map setting. > If it is a separate user called 'Admin', then this is treated as just > another user and must exist in Samba and Unix on a standalone server. > > > Could be. This was not a problem in the old Samba 3.4. It all started > > after switching to new Samba 4.3.11-Ubuntu. > > Quite a lot has changed between 3.4 and now. > > Rowland > > >I am thankful for all support received so far and I feel I'm getting closer to a solution. To get back to basics and a more transparent setup I have made a clean Ubuntu 16.04 installation and followed this guide https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server Windows clients users are logged in with username Admin (local account, administrator). The samba share is mounted from "Map network drive..." as "\\10.10.1.206\demo" user credentials: demoUser/passw0rd. Access granted, read/write ok. BUT after a while processes are piling up and not released. Read/write files is ok. Running .exe-files on the share is not ok. I have been testing numerous .exe-files and they all result in a bunch of "nobody"-processes that are not terminated after closing the .exe-application. The smbstatus output below is shown after starting the putty.exe application. Samba log file for windows client that covers the event of starting putty.exe on the shared drive: https://gist.github.com/anonymous/21321cdd410a9cc38b35765144959db6 Any ideas on how to proceed? Thank you. -Asbjorn ##################################### root at ubuntuTest:/srv# testparm # Global parameters [global] server string = %h server (Samba, Ubuntu) server role = standalone server obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . username map = /usr/local/samba/lib/users.map unix password sync = Yes log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [demo] path = /srv/samba/demo/ read only = No ##################################### root at ubuntuTest:/srv# smbstatus Samba version 4.3.11-Ubuntu PID Username Group Machine Protocol Version ------------------------------------------------------------------------------ 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 demoUser demoUser 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) Service pid machine Connected at ------------------------------------------------------- demo 2981 10.10.1.70 Wed May 24 15:29:34 2017 Locked files: Pid Uid DenyMode Access R/W Oplock SharePath Name Time -------------------------------------------------------------------------------------------------- 2981 1003 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /srv/samba/demo putty.exe Wed May 24 15:30:21 2017 2981 1003 DENY_NONE 0x100081 RDONLY NONE /srv/samba/demo . Wed May 24 15:30:13 2017 2981 1003 DENY_NONE 0x100081 RDONLY NONE /srv/samba/demo . Wed May 24 15:30:13 2017
Asbjorn Taugbol
2017-May-25 09:16 UTC
[Samba] Windows 10 spawning thousands of child processes on Samba 4.3.11 server
I am thankful for all support received so far and I feel I'm getting closer to a solution. To get back to basics and a more transparent setup I have made a clean Ubuntu 16.04 installation and followed this guide https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server Windows clients users are logged in with username Admin (local account, administrator). The samba share is mounted from "Map network drive..." as "\\10.10.1.206\demo" user credentials: demoUser/passw0rd. Access granted, read/write ok. BUT after a while processes are piling up and not released. Read/write files is ok. Running .exe-files on the share is not ok. I have been testing numerous .exe-files and they all result in a bunch of "nobody"-processes that are not terminated after closing the .exe-application. The smbstatus output below is shown after starting the putty.exe application. Samba log file for windows client that covers the event of starting putty.exe on the shared drive: https://gist.github.com/anonymous/21321cdd410a9cc38b35765144959db6 Any ideas on how to proceed? Thank you. -Asbjorn ##################################### root at ubuntuTest:/srv# testparm # Global parameters [global] server string = %h server (Samba, Ubuntu) server role standalone server obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . username map = /usr/local/samba/lib/users.map unix password sync = Yes log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [demo] path = /srv/samba/demo/ read only = No ##################################### root at ubuntuTest:/srv# smbstatus Samba version 4.3.11-Ubuntu PID Username Group Machine Protocol Version ------------------------------------------------------------ ------------------ 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 demoUser demoUser 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) Unknown (0x0311) Service pid machine Connected at ------------------------------------------------------- demo 2981 10.10.1.70 Wed May 24 15:29:34 2017 Locked files: Pid Uid DenyMode Access R/W Oplock SharePath Name Time ------------------------------------------------------------ -------------------------------------- 2981 1003 DENY_WRITE 0x1000a1 RDONLY LEVEL_II /srv/samba/demo putty.exe Wed May 24 15:30:21 2017 2981 1003 DENY_NONE 0x100081 RDONLY NONE /srv/samba/demo . Wed May 24 15:30:13 2017 2981 1003 DENY_NONE 0x100081 RDONLY NONE /srv/samba/demo . Wed May 24 15:30:13 2017 On Tue, May 23, 2017 at 4:54 PM, Rowland Penny <rpenny at samba.org> wrote:> On Tue, 23 May 2017 16:34:29 +0200 > Asbjorn Taugbol via samba <samba at lists.samba.org> wrote: > > > > Yes, the users exist as both Linux and Samba users. My question was > > if the Windows client user "Admin" also needs to be Linux and Samba > > user. > > > > There is no windows user called 'Admin', there is one called > 'Administrator', if it is the later, then it is automatically mapped to > 'root' on a DC, but, on anything else, you need to map it in smb.conf > with a user.map setting. > If it is a separate user called 'Admin', then this is treated as just > another user and must exist in Samba and Unix on a standalone server. > > > Could be. This was not a problem in the old Samba 3.4. It all started > > after switching to new Samba 4.3.11-Ubuntu. > > Quite a lot has changed between 3.4 and now. > > Rowland > > >
Asbjorn Taugbol
2017-May-26 08:56 UTC
[Samba] Windows 10 spawning thousands of child processes on Samba 4.3.11 server
Summary: WIN10 clients opening .exe files on the share starts 5-10 nobody/nogroup processes on the server that are not killed when application is closed. This accumulates in the tens of thousands after some hours on a busy server. I have been using different "max protocol" values in smb.conf global section and found that only when using NT1 (which WIN10 calls dialect 1.5) Samba recognises the username as demoUser insted of nobody and no excessive processes are accumulated. Here are the results: max protocol = SMB3 Client using SMBv311: PID Username Group Machine Protocol Version ------------------------------------------------------------------------------ 18299 nobody nogroup 10.10.1.71 (ipv4:10.10.1.71:56243) Unknown (0x0311) --> SMB 311 is not a recognised protocol version (Unknown (0x311))!! max protocol = SMB2 Client using SMBv210: PID Username Group Machine Protocol Version ------------------------------------------------------------------------------ 8259 nobody nogroup 10.10.1.42 (ipv4:10.10.1.42:55938) SMB2_10 --> Recognised protocol but not the username and processes are still accumulated. smb.conf: max protocol = NT1 Client using SMBv1: PID Username Group Machine Protocol Version ------------------------------------------------------------------------------ 8219 demoUser demoUser 10.10.1.71 (ipv4:10.10.1.71:57687) NT1 --> Success! Username recognised! Spawned processes are dropped when not needed. Conclusion: Problem solved with smb.conf global setting: max protocol = NT1 Question: Microsoft strongly recommends disabling SMBv1 (NT1) for security reasons. What does the Samba community recommend? Thank you. On Thu, May 25, 2017 at 11:16 AM, Asbjorn Taugbol <asbjornt at gmail.com> wrote:> I am thankful for all support received so far and I feel I'm getting > closer to a solution. > > To get back to basics and a more transparent setup I have made a clean > Ubuntu 16.04 installation and followed this guide https://wiki.samba.org/ > index.php/Setting_up_Samba_as_a_Standalone_Server > Windows clients users are logged in with username Admin (local account, > administrator). > The samba share is mounted from "Map network drive..." as > "\\10.10.1.206\demo" user credentials: demoUser/passw0rd. Access granted, > read/write ok. > > BUT after a while processes are piling up and not released. Read/write > files is ok. Running .exe-files on the share is not ok. I have been testing > numerous .exe-files and they all result in a bunch of "nobody"-processes > that are not terminated after closing the .exe-application. The smbstatus > output below is shown after starting the putty.exe application. > > Samba log file for windows client that covers the event of starting > putty.exe on the shared drive: > https://gist.github.com/anonymous/21321cdd410a9cc38b35765144959db6 > > Any ideas on how to proceed? > > Thank you. > > -Asbjorn > > ##################################### > > > root at ubuntuTest:/srv# testparm > # Global parameters > [global] > server string = %h server (Samba, Ubuntu) server role > standalone server > obey pam restrictions = Yes > pam password change = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > username map = /usr/local/samba/lib/users.map > unix password sync = Yes > log file = /var/log/samba/log.%m > max log size = 1000 > dns proxy = No > panic action = /usr/share/samba/panic-action %d > idmap config * : backend = tdb > > > [demo] > path = /srv/samba/demo/ > read only = No > > ##################################### > > root at ubuntuTest:/srv# smbstatus > > Samba version 4.3.11-Ubuntu > PID Username Group Machine Protocol Version > ------------------------------------------------------------ > ------------------ > 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > 2981 demoUser demoUser 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > 2981 nobody nogroup 10.10.1.70 (ipv4:10.10.1.70:50058) > Unknown (0x0311) > > Service pid machine Connected at > ------------------------------------------------------- > demo 2981 10.10.1.70 Wed May 24 15:29:34 2017 > > Locked files: > Pid Uid DenyMode Access R/W Oplock > SharePath Name Time > ------------------------------------------------------------ > -------------------------------------- > 2981 1003 DENY_WRITE 0x1000a1 RDONLY LEVEL_II > /srv/samba/demo putty.exe Wed May 24 15:30:21 2017 > 2981 1003 DENY_NONE 0x100081 RDONLY NONE > /srv/samba/demo . Wed May 24 15:30:13 2017 > 2981 1003 DENY_NONE 0x100081 RDONLY NONE > /srv/samba/demo . Wed May 24 15:30:13 2017 > > On Tue, May 23, 2017 at 4:54 PM, Rowland Penny <rpenny at samba.org> wrote: > >> On Tue, 23 May 2017 16:34:29 +0200 >> Asbjorn Taugbol via samba <samba at lists.samba.org> wrote: >> >> >> > Yes, the users exist as both Linux and Samba users. My question was >> > if the Windows client user "Admin" also needs to be Linux and Samba >> > user. >> > >> >> There is no windows user called 'Admin', there is one called >> 'Administrator', if it is the later, then it is automatically mapped to >> 'root' on a DC, but, on anything else, you need to map it in smb.conf >> with a user.map setting. >> If it is a separate user called 'Admin', then this is treated as just >> another user and must exist in Samba and Unix on a standalone server. >> >> > Could be. This was not a problem in the old Samba 3.4. It all started >> > after switching to new Samba 4.3.11-Ubuntu. >> >> Quite a lot has changed between 3.4 and now. >> >> Rowland >> >> >> >
Reasonably Related Threads
- Windows 10 spawning thousands of child processes on Samba 4.3.11 server
- Windows 10 spawning thousands of child processes on Samba 4.3.11 server
- Windows 10 spawning thousands of child processes on Samba 4.3.11 server
- Windows 10 spawning thousands of child processes on Samba 4.3.11 server
- Windows 10 spawning thousands of child processes on Samba 4.3.11 server