Ubuntu 16.04 LTS: SMBStatus shows wrong information

Bug #1736940 reported by Gonzalo Porcel Quero on 2017-12-07
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba4 (Ubuntu)
Undecided
Andreas Hasenack

Bug Description

This bug affects Samba 4.3.11 as provided in Ubuntu 16.04 LTS.

Smbstatus does not display correct information for users connected to my server.

This information is known to Samba as it is indeed correctly logged in samba audit module, which I have enabled and the log does show the correct username, group and host.

Here is an example of wrong smbstatus output:

Samba version 4.3.11-Ubuntu
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------

21001 nobody nogroup 192.168.11.88 (ipv4:192.168.11.88:53625) Unknown (0x0311)

And here is what it would normally look like:

31691 fsmith marketing 192.168.11.88 (ipv4:192.168.11.88:52582) SMB2_10

If I read the issue correctly, this has already been patched and fixed upstream in in Samba 4.4.0 and higher

https://bugzilla.samba.org/show_bug.cgi?id=11472

Please provide feedback and a possible fix as we use smbstatus all the time to track open files and who they are opened by and for a quick view at opened samba shares.

Thank you.

affects: sddm (Ubuntu) → samba4 (Ubuntu)
ChristianEhrhardt (paelzer) wrote :

Hi Gonzalo,
first of all thank you that seems to be an issue and your help to make Ubuntu better is appreciated. We need to sort out if the change is acceptable as an SRU thou.

First of all the good news - it is not that all users would be broken:
$ sudo smbstatus
Samba version 4.3.11-Ubuntu
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
31778 paelzer paelzer 10.7.0.49 (ipv4:10.7.0.49:48802) NT1
Service pid machine Connected at
-------------------------------------------------------
mediashare 31778 10.7.0.49 Fri Dec 8 10:07:03 2017

The linked bug suggests only SMB3_10 or SMB3_11 connections are affected.
I tried with various linux clients and forceing version 3 but never coudl reproduce.
Might i ask what client you use to trigger this issue?

Note: the upstream bug refers to the change affecting output which is meant to be parsed and therefore not meant to be changed in the stable releases. The same argument might affect us in backporting.

@Andreas - I subscribe you so you can consider this in the samba work

Changed in samba4 (Ubuntu):
status: New → Incomplete

Hi Christian,

Thanks for responding. All Windows 10 clients seem to be affected.

I linked to the upstream bug becasue it seemed similar enough, but I could be wrong and this could be a different issue.

I have Windows 7, Windows 10 and Linux clients in my network.

If you need me to perform specific tests, let me know and I will be glad to help.

Sample output of smbstatus:

22070 nobody nogroup 192.168.127.183 (ipv4:192.168.127.183:51550) Unknown (0x0311)
21555 nobody nogroup 192.168.127.159 (ipv4:192.168.127.159:62029) Unknown (0x0311)
21904 nobody nogroup 192.168.127.94 (ipv4:192.168.127.94:63630) Unknown (0x0311)
21514 nobody nogroup 192.168.127.102 (ipv4:192.168.127.102:21733) Unknown (0x0311)

Let me know if there are any other tests or logs that I can submit to help fix this issue.

Andreas Hasenack (ahasenack) wrote :

Taking a look.

Changed in samba4 (Ubuntu):
status: Incomplete → New
assignee: nobody → Andreas Hasenack (ahasenack)
Andreas Hasenack (ahasenack) wrote :

I can see something similar from an ubuntu artful client if I force protocol SMB3:
andreas@nsnx:~$ smbclient //10.0.100.215/ubuntu -U ubuntu%ubuntu -m SMB3
WARNING: The "syslog" option is deprecated
Domain=[XENIAL-SAMBA-SMBSTATUS-1737534] OS=[] Server=[]
smb: \>

server (xenial):
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
3553 ubuntu ubuntu 10.0.100.1 (ipv4:10.0.100.1:41196) Unknown (0x0311)

But just the protocol version is unknown: the username and group are correct.

How are your samba users managed? For this test I used the local tdb database, i.e., I just ran "sudo smbpasswd -a ubuntu" after a default install.

Changed in samba4 (Ubuntu):
status: New → Incomplete

Hi Andreas,

Firts of all, thank you so much for taking the time to respond.

My users are also locally managed and added with smbpasswd and when I print them with "pdbedit -L", they all appear correctly.

The users where imported from a system running Ubuntu 12.04 LTS and afterwards I had to clean up the db which I did by using the attached scripts.

In fact, share access is not a problem at all and the smbaudit module records all needed info correctly. For example:

Dec 13 14:30:56 nautilux smbd_audit: nasaudit|2017/12/13 14:30:56|asmith|192.168.127.196|hp-250-g5-6|UserData|open|ok|r|IMG_20171010_110718.jpg

These reasons lead me to believe that the samba database is OK.

If there is a test that you want me to run to validate correctness of the db, let me know.

Here is the other script I used during the migration.

Andreas Hasenack (ahasenack) wrote :

Sorry, I can't debug those scripts. I don't know why all your users show up as nobody/nogroup in smbstatus, maybe you have a force user setting in smb.conf or something like that?

Regarding the unknown protocol issue, that's a valid bug, but probably at a level of "low".

Hi Andreas,

I did not expect you to debug those scripts. I actually just left them there in the interest of full disclosure.

I have set up a complete VM with Ubuntu 16 LTS and I can reproduce the issue with two newly created users.

If Samba did not know who was writing or opening files, it would not be able to identify those users and log them correctly in the samba audit module.

The problem is not with the tdb database. I belive it is a bug with the way that "smbstatus" is parsing the information or something of that nature.

Thanks.

Andreas Hasenack (ahasenack) wrote :

But you can only reproduce it with windows 10 as the client, right? Not with smbclient and protocol SMB3?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers