My journal get's flooded with these entries:
2022-12-22 09.14.07 SRV99 smbd 6 pam_unix(samba:session):
session closed for user nobody
Especially when transferring files from a client to a share (in this case
from W10, IP 10.0.1.146, netbios disabled on Windows), authenticated
successfully by user "bw"
All folders-permissions on the share is:
Group: DATAR5 (RWX)
OWNER: bw (RWX)
User "bw" is member of the group "DATAR5"
smbstatus:
Samba version 4.9.5-Debian
PID Username Group Machine
Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
19676 bw bw 10.0.1.184 (ipv4:10.0.1.184:51807)
SMB3_11 - partial(AES-128-CMAC)
16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584)
SMB3_11 - partial(AES-128-CMAC)
23296 bw bw 10.0.1.146 (ipv4:10.0.1.146:62674)
SMB3_11 - partial(AES-128-CMAC)
16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584)
SMB3_11 - partial(AES-128-CMAC)
16202 bw bw 10.0.1.130 (ipv4:10.0.1.130:52980)
SMB3_11 - partial(AES-128-CMAC)
smb.conf:
[global]
include = /etc/samba/smb_shares.conf
log file = /var/log/samba/log.%m
log level = 1
logging = file
map to guest = Bad User
max log size = 1100
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
server min protocol = SMB2_02
unix password sync = Yes
workgroup = LOCAL.domain.DK <http://local.domain.dk/>
[ARCHIVE]
comment = R1 5TB Archive
create mask = 0770
directory mask = 0770
path = /mnt/R1_archive/
read only = No
Any idea how I can prevent these log-entries?
Rowland Penny
2022-Dec-23 09:13 UTC
[Samba] Flooded log with '..session closed for user nobody'
On 23/12/2022 08:52, BW via samba wrote:> My journal get's flooded with these entries: > 2022-12-22 09.14.07 SRV99 smbd 6 pam_unix(samba:session): > session closed for user nobody > > Especially when transferring files from a client to a share (in this case > from W10, IP 10.0.1.146, netbios disabled on Windows), authenticated > successfully by user "bw" > > All folders-permissions on the share is: > Group: DATAR5 (RWX) > OWNER: bw (RWX) > User "bw" is member of the group "DATAR5" > > smbstatus: > Samba version 4.9.5-Debian > PID Username Group Machine > Protocol Version Encryption Signing > ---------------------------------------------------------------------------------------------------------------------------------------- > 19676 bw bw 10.0.1.184 (ipv4:10.0.1.184:51807) > SMB3_11 - partial(AES-128-CMAC) > 16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584) > SMB3_11 - partial(AES-128-CMAC) > 23296 bw bw 10.0.1.146 (ipv4:10.0.1.146:62674) > SMB3_11 - partial(AES-128-CMAC) > 16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584) > SMB3_11 - partial(AES-128-CMAC) > 16202 bw bw 10.0.1.130 (ipv4:10.0.1.130:52980) > SMB3_11 - partial(AES-128-CMAC) > > smb.conf: > [global] > include = /etc/samba/smb_shares.conf > log file = /var/log/samba/log.%m > log level = 1 > logging = file > map to guest = Bad User > max log size = 1100 > obey pam restrictions = Yes > pam password change = Yes > panic action = /usr/share/samba/panic-action %d > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > passwd program = /usr/bin/passwd %u > server min protocol = SMB2_02 > unix password sync = Yes > workgroup = LOCAL.domain.DK <http://local.domain.dk/> > > [ARCHIVE] > comment = R1 5TB Archive > create mask = 0770 > directory mask = 0770 > path = /mnt/R1_archive/ > read only = No > > Any idea how I can prevent these log-entries?Try removing the 'map to guest' line, then guest access will not be tried. You should also probably fix your workgroup (aka NetBIOS domain name) name, it really shouldn't have dots in it. Rowland