Rowland Penny
2022-Dec-23 09:13 UTC
[Samba] Flooded log with '..session closed for user nobody'
On 23/12/2022 08:52, BW via samba wrote:> My journal get's flooded with these entries: > 2022-12-22 09.14.07 SRV99 smbd 6 pam_unix(samba:session): > session closed for user nobody > > Especially when transferring files from a client to a share (in this case > from W10, IP 10.0.1.146, netbios disabled on Windows), authenticated > successfully by user "bw" > > All folders-permissions on the share is: > Group: DATAR5 (RWX) > OWNER: bw (RWX) > User "bw" is member of the group "DATAR5" > > smbstatus: > Samba version 4.9.5-Debian > PID Username Group Machine > Protocol Version Encryption Signing > ---------------------------------------------------------------------------------------------------------------------------------------- > 19676 bw bw 10.0.1.184 (ipv4:10.0.1.184:51807) > SMB3_11 - partial(AES-128-CMAC) > 16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584) > SMB3_11 - partial(AES-128-CMAC) > 23296 bw bw 10.0.1.146 (ipv4:10.0.1.146:62674) > SMB3_11 - partial(AES-128-CMAC) > 16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584) > SMB3_11 - partial(AES-128-CMAC) > 16202 bw bw 10.0.1.130 (ipv4:10.0.1.130:52980) > SMB3_11 - partial(AES-128-CMAC) > > smb.conf: > [global] > include = /etc/samba/smb_shares.conf > log file = /var/log/samba/log.%m > log level = 1 > logging = file > map to guest = Bad User > max log size = 1100 > obey pam restrictions = Yes > pam password change = Yes > panic action = /usr/share/samba/panic-action %d > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > passwd program = /usr/bin/passwd %u > server min protocol = SMB2_02 > unix password sync = Yes > workgroup = LOCAL.domain.DK <http://local.domain.dk/> > > [ARCHIVE] > comment = R1 5TB Archive > create mask = 0770 > directory mask = 0770 > path = /mnt/R1_archive/ > read only = No > > Any idea how I can prevent these log-entries?Try removing the 'map to guest' line, then guest access will not be tried. You should also probably fix your workgroup (aka NetBIOS domain name) name, it really shouldn't have dots in it. Rowland
Done! And restarted smbd and re-authenticated client [global] include = /etc/samba/smb_shares.conf log file = /var/log/samba/log.%m log level = 1 logging = file max log size = 1100 obey pam restrictions = Yes pam password change = Yes panic action = /usr/share/samba/panic-action %d passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . passwd program = /usr/bin/passwd %u server min protocol = SMB2_02 unix password sync = Yes workgroup = LOCAL [ARCHIVE] comment = R1 5TB Archive create mask = 0770 directory mask = 0770 path = /mnt/R1_archive/ read only = No I transfered one file, 1.5GB, and I got 4 "session closed for user nobody" during the transfer: Dec 23 11:04:47 SRV01 systemd[1]: Stopped Samba SMB Daemon. Dec 23 11:04:47 SRV01 systemd[1]: Starting Samba SMB Daemon... Dec 23 11:04:47 SRV01 systemd[1]: Started Samba SMB Daemon. Dec 23 11:05:05 SRV01 smbd[588]: pam_unix(samba:session): session opened for user bw by (uid=0) Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed for user nobody Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed for user nobody Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed for user nobody Dec 23 11:06:21 SRV01 smbd[588]: pam_unix(samba:session): session closed for user nobody Dec 23 11:06:21 SRV01 smbd[588]: pam_unix(samba:session): session closed for user nobody Dec 23 11:06:47 SRV01 smbd[665]: pam_unix(samba:session): session opened for user bw by (uid=0) On Fri, Dec 23, 2022 at 10:14 AM Rowland Penny via samba < samba at lists.samba.org> wrote:> > > On 23/12/2022 08:52, BW via samba wrote: > > My journal get's flooded with these entries: > > 2022-12-22 09.14.07 SRV99 smbd 6 pam_unix(samba:session): > > session closed for user nobody > > > > Especially when transferring files from a client to a share (in this case > > from W10, IP 10.0.1.146, netbios disabled on Windows), authenticated > > successfully by user "bw" > > > > All folders-permissions on the share is: > > Group: DATAR5 (RWX) > > OWNER: bw (RWX) > > User "bw" is member of the group "DATAR5" > > > > smbstatus: > > Samba version 4.9.5-Debian > > PID Username Group Machine > > Protocol Version Encryption Signing > > > ---------------------------------------------------------------------------------------------------------------------------------------- > > 19676 bw bw 10.0.1.184 (ipv4:10.0.1.184:51807) > > SMB3_11 - partial(AES-128-CMAC) > > 16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584) > > SMB3_11 - partial(AES-128-CMAC) > > 23296 bw bw 10.0.1.146 (ipv4:10.0.1.146:62674) > > SMB3_11 - partial(AES-128-CMAC) > > 16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584) > > SMB3_11 - partial(AES-128-CMAC) > > 16202 bw bw 10.0.1.130 (ipv4:10.0.1.130:52980) > > SMB3_11 - partial(AES-128-CMAC) > > > > smb.conf: > > [global] > > include = /etc/samba/smb_shares.conf > > log file = /var/log/samba/log.%m > > log level = 1 > > logging = file > > map to guest = Bad User > > max log size = 1100 > > obey pam restrictions = Yes > > pam password change = Yes > > panic action = /usr/share/samba/panic-action %d > > passwd chat = *Enter\snew\s*\spassword:* %n\n > > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > > passwd program = /usr/bin/passwd %u > > server min protocol = SMB2_02 > > unix password sync = Yes > > workgroup = LOCAL.domain.DK <http://local.domain.dk/> > > > > [ARCHIVE] > > comment = R1 5TB Archive > > create mask = 0770 > > directory mask = 0770 > > path = /mnt/R1_archive/ > > read only = No > > > > Any idea how I can prevent these log-entries? > > Try removing the 'map to guest' line, then guest access will not be > tried. You should also probably fix your workgroup (aka NetBIOS domain > name) name, it really shouldn't have dots in it. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >