Web lists-archives.com

Re: [Samba] Smbstatus shows many nobody users from win10 pc's




On Fri, 2 Mar 2018 07:05:58 -0700 (MST)
soulman via samba <samba@xxxxxxxxxxxxxxx> wrote:

> I know more people posted about this , but i see no solution.
> smbstatus gives over 100 nobody users
> The windows 10 pc is doing nothing, just a reboot ( and logon ) ,
> than this happens:
> 
> Samba version 4.6.2  Centos 7.
> PID     Username     Group
> Machine Protocol Version  Encryption           Signing
> ----------------------------------------------------------------------------------------------------------------------------------------
> 54712   nobody          nobody          192.168.1.206
> (ipv4:192.168.1.206:49705)  SMB3_11           -                    -
> 54712   nobody          nobody          192.168.1.206
> (ipv4:192.168.1.206:49705)  SMB3_11           -                    -
> 54712   nobody          nobody          192.168.1.206
> (ipv4:192.168.1.206:49705)  SMB3_11           -                    -
> 54712   nobody          nobody          192.168.1.206
> (ipv4:192.168.1.206:49705)  SMB3_11           -                    -
> 54712   nobody          nobody          192.168.1.206
> (ipv4:192.168.1.206:49705)  SMB3_11           -                    -
> 54712   nobody          nobody          192.168.1.206
> (ipv4:192.168.1.206:49705)  SMB3_11           -                    -
> 
> snippet of log:
> The windows 10 pc is doing nothing, just a reboot , than this happens:
> [2018/03/02 09:14:45.713737,  2]
> ../source3/smbd/close.c:788(close_normal_file)           jeroen
> closed file ict/it/beveiliging/backup_schema_2018_NL.xlsx (numopen=2)
> NT_STATUS_OK [2018/03/02 09:14:45.714420,  2]
> ../source3/smbd/close.c:788(close_normal_file)           jeroen
> closed file ict/Facturen/facturen.xls (numopen=1) NT_STATUS_OK
> 
> [2018/03/02 09:16:39.511403,  3]
> ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)           Got
> NTLMSSP neg_flags=0xe2088297
> [2018/03/02 09:16:39.513104,  3]
> ../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
> Got user=[] domain=[] workstation=[PCJEROEN] len1=1 len2=0
> [2018/03/02 09:16:39.513177,  3]
> ../source3/param/loadparm.c:3823(lp_load_ex)             lp_load_ex:
> refreshing parameters
> [2018/03/02 09:16:39.513277,  3]
> ../source3/param/loadparm.c:542(init_globals)            Initialising
> global parameters
> [2018/03/02 09:16:39.513451,  3]
> ../source3/param/loadparm.c:2752(lp_do_section)
> Processing section "[global]"
> [2018/03/02 09:16:39.513718,  2]
> ../source3/param/loadparm.c:2769(lp_do_section)
> Processing section "[homes]"
> [2018/03/02 09:16:39.513786,  2]
> ../source3/param/loadparm.c:2769(lp_do_section)
> Processing section "[word]"
> [2018/03/02 09:16:39.514550,  3]
> ../source3/param/loadparm.c:1592(lp_add_ipc)             adding IPC
> service [2018/03/02 09:16:39.514598,  3]
> ../source3/auth/auth.c:178(auth_check_ntlm_password)            
> check_ntlm_password:  Checking password for unmapped user
> []\[]@[PCJEROEN] with the new password interface
> [2018/03/02 09:16:39.514631,  3]
> ../source3/auth/auth.c:181(auth_check_ntlm_password)            
> check_ntlm_password:  mapped user is: [SOULMAN]\[]@[PCJEROEN]
> [2018/03/02 09:16:39.514676,  3]
> ../source3/auth/auth.c:249(auth_check_ntlm_password)            
> check_ntlm_password: guest authentication for user [] succeeded
> 
> user is empty and domain is empty !
> Looks like a strange windows process
> 
> my smb.conf says
>  map to guest = Never

It would say that, even if it didn't say that, it is the default
What is in the rest of the smb.conf ?

> 
> At home running debian , the same thing BUT
> putting smb ports = 445   solves the problem.

This turns off netbios

It looks like 'something' on 'PCJEROEN' is trying to connect.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba