Rowland Penny
2022-Dec-23 09:13 UTC
[Samba] Flooded log with '..session closed for user nobody'
On 23/12/2022 08:52, BW via samba wrote:> My journal get's flooded with these entries: > 2022-12-22 09.14.07 SRV99 smbd 6 pam_unix(samba:session): > session closed for user nobody > > Especially when transferring files from a client to a share (in this case > from W10, IP 10.0.1.146, netbios disabled on Windows), authenticated > successfully by user "bw" > > All folders-permissions on the share is: > Group: DATAR5 (RWX) > OWNER: bw (RWX) > User "bw" is member of the group "DATAR5" > > smbstatus: > Samba version 4.9.5-Debian > PID Username Group Machine > Protocol Version Encryption Signing > ---------------------------------------------------------------------------------------------------------------------------------------- > 19676 bw bw 10.0.1.184 (ipv4:10.0.1.184:51807) > SMB3_11 - partial(AES-128-CMAC) > 16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584) > SMB3_11 - partial(AES-128-CMAC) > 23296 bw bw 10.0.1.146 (ipv4:10.0.1.146:62674) > SMB3_11 - partial(AES-128-CMAC) > 16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584) > SMB3_11 - partial(AES-128-CMAC) > 16202 bw bw 10.0.1.130 (ipv4:10.0.1.130:52980) > SMB3_11 - partial(AES-128-CMAC) > > smb.conf: > [global] > include = /etc/samba/smb_shares.conf > log file = /var/log/samba/log.%m > log level = 1 > logging = file > map to guest = Bad User > max log size = 1100 > obey pam restrictions = Yes > pam password change = Yes > panic action = /usr/share/samba/panic-action %d > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > passwd program = /usr/bin/passwd %u > server min protocol = SMB2_02 > unix password sync = Yes > workgroup = LOCAL.domain.DK <http://local.domain.dk/> > > [ARCHIVE] > comment = R1 5TB Archive > create mask = 0770 > directory mask = 0770 > path = /mnt/R1_archive/ > read only = No > > Any idea how I can prevent these log-entries?Try removing the 'map to guest' line, then guest access will not be tried. You should also probably fix your workgroup (aka NetBIOS domain name) name, it really shouldn't have dots in it. Rowland
Done!
And restarted smbd and re-authenticated client
[global]
include = /etc/samba/smb_shares.conf
log file = /var/log/samba/log.%m
log level = 1
logging = file
max log size = 1100
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
server min protocol = SMB2_02
unix password sync = Yes
workgroup = LOCAL
[ARCHIVE]
comment = R1 5TB Archive
create mask = 0770
directory mask = 0770
path = /mnt/R1_archive/
read only = No
I transfered one file, 1.5GB, and I got 4 "session closed for user
nobody"
during the transfer:
Dec 23 11:04:47 SRV01 systemd[1]: Stopped Samba SMB Daemon.
Dec 23 11:04:47 SRV01 systemd[1]: Starting Samba SMB Daemon...
Dec 23 11:04:47 SRV01 systemd[1]: Started Samba SMB Daemon.
Dec 23 11:05:05 SRV01 smbd[588]: pam_unix(samba:session): session opened
for user bw by (uid=0)
Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:17 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:21 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:21 SRV01 smbd[588]: pam_unix(samba:session): session closed
for user nobody
Dec 23 11:06:47 SRV01 smbd[665]: pam_unix(samba:session): session opened
for user bw by (uid=0)
On Fri, Dec 23, 2022 at 10:14 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
>
>
> On 23/12/2022 08:52, BW via samba wrote:
> > My journal get's flooded with these entries:
> > 2022-12-22 09.14.07 SRV99 smbd 6 pam_unix(samba:session):
> > session closed for user nobody
> >
> > Especially when transferring files from a client to a share (in this
case
> > from W10, IP 10.0.1.146, netbios disabled on Windows), authenticated
> > successfully by user "bw"
> >
> > All folders-permissions on the share is:
> > Group: DATAR5 (RWX)
> > OWNER: bw (RWX)
> > User "bw" is member of the group "DATAR5"
> >
> > smbstatus:
> > Samba version 4.9.5-Debian
> > PID Username Group Machine
> > Protocol Version Encryption Signing
> >
>
----------------------------------------------------------------------------------------------------------------------------------------
> > 19676 bw bw 10.0.1.184 (ipv4:10.0.1.184:51807)
> > SMB3_11 - partial(AES-128-CMAC)
> > 16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584)
> > SMB3_11 - partial(AES-128-CMAC)
> > 23296 bw bw 10.0.1.146 (ipv4:10.0.1.146:62674)
> > SMB3_11 - partial(AES-128-CMAC)
> > 16903 bw bw 10.0.1.146 (ipv4:10.0.1.146:56584)
> > SMB3_11 - partial(AES-128-CMAC)
> > 16202 bw bw 10.0.1.130 (ipv4:10.0.1.130:52980)
> > SMB3_11 - partial(AES-128-CMAC)
> >
> > smb.conf:
> > [global]
> > include = /etc/samba/smb_shares.conf
> > log file = /var/log/samba/log.%m
> > log level = 1
> > logging = file
> > map to guest = Bad User
> > max log size = 1100
> > obey pam restrictions = Yes
> > pam password change = Yes
> > panic action = /usr/share/samba/panic-action %d
> > passwd chat = *Enter\snew\s*\spassword:* %n\n
> > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> > passwd program = /usr/bin/passwd %u
> > server min protocol = SMB2_02
> > unix password sync = Yes
> > workgroup = LOCAL.domain.DK <http://local.domain.dk/>
> >
> > [ARCHIVE]
> > comment = R1 5TB Archive
> > create mask = 0770
> > directory mask = 0770
> > path = /mnt/R1_archive/
> > read only = No
> >
> > Any idea how I can prevent these log-entries?
>
> Try removing the 'map to guest' line, then guest access will not be
> tried. You should also probably fix your workgroup (aka NetBIOS domain
> name) name, it really shouldn't have dots in it.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>