Samba envoie des données et ralenti ma connexion internet

Recherche :

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : Samba envoie des données et ralenti ma connexion internet

zezette

"Allez hop, au revoir"

Bonsoir à tous,

J'ai un petit serveur avec un Samba en AD DC. Je remarque depuis peu que Samba envoie énormément de données (je ne sais pas quoi ni où) à tel point que ma connexion internet est ralentie en upload (j'ai 0.5Mb au lieu de 6,5Mb). Dès que je stoppe Samba, ma connexion refonctionne normalement... Je vois que le processus utilise 100% du CPU aussi...

Comment faire pour voir qu'est-ce qui est envoyé et où ? Que pourrais-je configurer pour que ce problème soit résolu ?

Merci de votre aide...

Message édité par zezette le 04-05-2020 à 10:47:56

---------------
"Par moment j'me d'mande si chui pas con" G. de Suresnes

Publicité

o'gure

Modérateur
Multi grognon de B_L

pour voir les flux un petit

netstat -laptnu

en root pour voir la tête des process derrière, tu regardes ce qui est en lien avec Samba.

Sinon, dans les logs de samba, tu n'as pas d'info ?

---------------
Relax. Take a deep breath !

zezette

"Allez hop, au revoir"

Bonjour,

Merci de ta réponse.

J'ai fait un tcpdump pour voir ce qui sortait : toujours la même IP : 172.247.111.185 aucune idée de ce que/où/qui c'est...

Après avoir redémarré samba, l'ip (destinataire ?) a changé c'est maintenant 23.224.245.113 puis 45.142.156.184, ...

Exemple de ce que j'ai avec tcpdump

Code :

16:19:03.398160 IP serveur.domaine.ldap > 45.142.156.184.http: UDP, bad length 1847 > 1472
16:19:03.398166 IP serveur.domaine > 45.142.156.184: udp
16:19:03.398702 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.399630 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.400039 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.400046 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.400049 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.400051 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.400053 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.400054 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.400496 IP serveur.domaine.ldap > 45.142.156.184.http: UDP, bad length 1847 > 1472
16:19:03.400502 IP serveur.domaine > 45.142.156.184: udp
16:19:03.400858 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.401684 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.402144 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.402553 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.402779 IP serveur.domaine.ldap > 45.142.156.184.http: UDP, bad length 1847 > 1472
16:19:03.402782 IP serveur.domaine > 45.142.156.184: udp
16:19:03.403105 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.403513 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.403924 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.404333 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.404336 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.404743 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.404748 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.404750 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.405005 IP serveur.domaine.ldap > 45.142.156.184.http: UDP, bad length 1847 > 1472
16:19:03.405009 IP serveur.domaine > 45.142.156.184: udp
16:19:03.405028 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.405561 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.405972 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.405977 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57
16:19:03.406806 IP 45.142.156.184.http > serveur.domaine.ldap: UDP, length 57

CPU toujours à 100% pour un processus samba

Dès que je débranche le fil réseau, le process samba n'est plus à 100% (et forcément plus rien dans tcpdump)

Quand je fais la commande que tu suggères (192.168.0.2, c'est l'ip de mon serveur):

Code :

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 1188/samba
tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 1188/samba
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 1188/samba
tcp 0 0 0.0.0.0:37 0.0.0.0:* LISTEN 992/inetd
tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 1184/samba
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1185/smbd
tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 1190/samba
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 992/inetd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 1196/samba
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 998/sshd
tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 1190/samba
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 1188/samba
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1185/smbd
tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 1184/samba
tcp6 0 0 :::3268 :::* LISTEN 1188/samba
tcp6 0 0 :::3269 :::* LISTEN 1188/samba
tcp6 0 0 :::389 :::* LISTEN 1188/samba
tcp6 0 0 :::135 :::* LISTEN 1184/samba
tcp6 0 0 :::139 :::* LISTEN 1185/smbd
tcp6 0 0 :::464 :::* LISTEN 1190/samba
tcp6 0 0 :::80 :::* LISTEN 1063/httpd
tcp6 0 0 :::53 :::* LISTEN 1196/samba
tcp6 0 0 :::22 :::* LISTEN 998/sshd
tcp6 0 0 :::88 :::* LISTEN 1190/samba
tcp6 0 0 :::636 :::* LISTEN 1188/samba
tcp6 0 0 :::445 :::* LISTEN 1185/smbd
tcp6 0 0 :::1024 :::* LISTEN 1184/samba
udp 214272 0 192.168.0.2:389 0.0.0.0:* 1189/samba
udp 0 0 0.0.0.0:389 0.0.0.0:* 1189/samba
udp 0 0 192.168.0.2:464 0.0.0.0:* 1190/samba
udp 0 0 0.0.0.0:464 0.0.0.0:* 1190/samba
udp 0 0 0.0.0.0:512 0.0.0.0:* 992/inetd
udp 0 0 0.0.0.0:37 0.0.0.0:* 992/inetd
udp 0 0 0.0.0.0:53 0.0.0.0:* 1196/samba
udp 0 0 192.168.0.2:88 0.0.0.0:* 1190/samba
udp 0 0 0.0.0.0:88 0.0.0.0:* 1190/samba
udp 0 0 192.168.0.2:123 0.0.0.0:* 1014/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 1014/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 1014/ntpd
udp 0 0 192.168.0.2:137 0.0.0.0:* 1186/samba
udp 0 0 192.168.0.255:137 0.0.0.0:* 1186/samba
udp 0 0 0.0.0.0:137 0.0.0.0:* 1186/samba
udp 0 0 192.168.0.2:138 0.0.0.0:* 1186/samba
udp 0 0 192.168.0.255:138 0.0.0.0:* 1186/samba
udp 0 0 0.0.0.0:138 0.0.0.0:* 1186/samba
udp6 0 0 2a02:2788:15:f3b2:1:389 :::* 1189/samba
udp6 0 0 :::389 :::* 1189/samba
udp6 0 0 2a02:2788:15:f3b2:1:464 :::* 1190/samba
udp6 0 0 :::464 :::* 1190/samba
udp6 0 0 :::53 :::* 1196/samba
udp6 0 0 2a02:2788:15:f3b2:1e:88 :::* 1190/samba
udp6 0 0 :::88 :::* 1190/samba
udp6 0 0 fe80::1e6f:65ff:fe3:123 :::* 1014/ntpd
udp6 0 0 2a02:2788:15:f3b2:1:123 :::* 1014/ntpd
udp6 0 0 ::1:123 :::* 1014/ntpd
udp6 0 0 :::123 :::* 1014/ntpd

Dans le log en level 3, rien de particulier :

Code :

[2020/10/05 13:37:33.149575, 0] ../source4/smbd/server.c:373(binary_smbd_main)
samba version 4.4.4 started.
Copyright Andrew Tridgell and the Samba Team 1992-2016
[2020/10/05 13:37:33.149702, 3] ../source4/smbd/server.c:384(binary_smbd_main)
Becoming a daemon.
[2020/10/05 13:37:33.153599, 3] ../auth/gensec/gensec_start.c:907(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2020/10/05 13:37:33.153660, 3] ../auth/gensec/gensec_start.c:907(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2020/10/05 13:37:33.153678, 3] ../auth/gensec/gensec_start.c:907(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2020/10/05 13:37:33.153695, 3] ../auth/gensec/gensec_start.c:907(gensec_register)
GENSEC backend 'spnego' registered
[2020/10/05 13:37:33.153712, 3] ../auth/gensec/gensec_start.c:907(gensec_register)
GENSEC backend 'schannel' registered
[2020/10/05 13:37:33.153729, 3] ../auth/gensec/gensec_start.c:907(gensec_register)
GENSEC backend 'naclrpc_as_system' registered
[2020/10/05 13:37:33.153745, 3] ../auth/gensec/gensec_start.c:907(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2020/10/05 13:37:33.153762, 3] ../auth/gensec/gensec_start.c:907(gensec_register)
GENSEC backend 'ntlmssp' registered
[2020/10/05 13:37:33.153779, 3] ../auth/gensec/gensec_start.c:907(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2020/10/05 13:37:33.153796, 3] ../auth/gensec/gensec_start.c:907(gensec_register)
GENSEC backend 'http_basic' registered
[2020/10/05 13:37:33.153812, 3] ../auth/gensec/gensec_start.c:907(gensec_register)
GENSEC backend 'http_ntlm' registered
[2020/10/05 13:37:33.153829, 3] ../auth/gensec/gensec_start.c:907(gensec_register)
GENSEC backend 'krb5' registered
[2020/10/05 13:37:33.153846, 3] ../auth/gensec/gensec_start.c:907(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2020/10/05 13:37:33.153874, 3] ../source4/ntptr/ntptr_base.c:67(ntptr_register)
NTPTR backend 'simple_ldb'
[2020/10/05 13:37:33.153935, 3] ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
NTVFS backend 'default' for type 1 registered
[2020/10/05 13:37:33.153951, 3] ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
NTVFS backend 'posix' for type 1 registered
[2020/10/05 13:37:33.153967, 3] ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
NTVFS backend 'unixuid' for type 1 registered
[2020/10/05 13:37:33.153982, 3] ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
NTVFS backend 'unixuid' for type 3 registered
[2020/10/05 13:37:33.153995, 3] ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
NTVFS backend 'unixuid' for type 2 registered
[2020/10/05 13:37:33.154012, 3] ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
NTVFS backend 'cifs' for type 1 registered
[2020/10/05 13:37:33.154029, 3] ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
NTVFS backend 'smb2' for type 1 registered
[2020/10/05 13:37:33.154043, 3] ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
NTVFS backend 'simple' for type 1 registered
[2020/10/05 13:37:33.154057, 3] ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
NTVFS backend 'cifsposix' for type 1 registered
[2020/10/05 13:37:33.154071, 3] ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
NTVFS backend 'default' for type 3 registered
[2020/10/05 13:37:33.154086, 3] ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
NTVFS backend 'default' for type 2 registered
[2020/10/05 13:37:33.154100, 3] ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
NTVFS backend 'nbench' for type 1 registered
[2020/10/05 13:37:33.155057, 3] ../source4/smbd/process_model.c:97(register_process_model)
PROCESS_MODEL 'single' registered
[2020/10/05 13:37:33.155096, 3] ../source4/smbd/process_model.c:97(register_process_model)
PROCESS_MODEL 'standard' registered
[2020/10/05 13:37:33.351694, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'sam' registered
[2020/10/05 13:37:33.351743, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'sam_ignoredomain' registered
[2020/10/05 13:37:33.351760, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'anonymous' registered
[2020/10/05 13:37:33.351777, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'winbind' registered
[2020/10/05 13:37:33.351793, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'winbind_wbclient' registered
[2020/10/05 13:37:33.351809, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'name_to_ntstatus' registered
[2020/10/05 13:37:33.351825, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'unix' registered
[2020/10/05 13:37:33.648795, 3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
ldb_wrap open of privilege.ldb
[2020/10/05 13:37:33.649249, 0] ../source4/smbd/server.c:485(binary_smbd_main)
samba: using 'standard' process model
[2020/10/05 13:37:33.657237, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'rpcecho' registered
[2020/10/05 13:37:33.657323, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'epmapper' registered
[2020/10/05 13:37:33.657356, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'remote' registered
[2020/10/05 13:37:33.657861, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'srvsvc' registered
[2020/10/05 13:37:33.657897, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'wkssvc' registered
[2020/10/05 13:37:33.657931, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'unixinfo' registered
[2020/10/05 13:37:33.657971, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'samr' registered
[2020/10/05 13:37:33.657996, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'winreg' registered
[2020/10/05 13:37:33.658032, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'netlogon' registered
[2020/10/05 13:37:33.658061, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'dssetup' registered
[2020/10/05 13:37:33.658079, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'lsarpc' registered
[2020/10/05 13:37:33.658102, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'backupkey' registered
[2020/10/05 13:37:33.658126, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'spoolss' registered
[2020/10/05 13:37:33.658155, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'drsuapi' registered
[2020/10/05 13:37:33.658180, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'browser' registered
[2020/10/05 13:37:33.658228, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'eventlog6' registered
[2020/10/05 13:37:33.658253, 3] ../source4/rpc_server/dcerpc_server.c:1717(dcerpc_register_ep_server)
DCERPC endpoint server 'dnsserver' registered
[2020/10/05 13:37:33.725221, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[CN=Configuration,DC=remy,DC=lan] loaded
[2020/10/05 13:37:33.725315, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[CN=Schema,CN=Configuration,DC=remy,DC=lan] loaded
[2020/10/05 13:37:33.725363, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[DC=remy,DC=lan] loaded
[2020/10/05 13:37:33.725444, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[DC=DomainDnsZones,DC=remy,DC=lan] loaded
[2020/10/05 13:37:33.725473, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[DC=ForestDnsZones,DC=remy,DC=lan] loaded
[2020/10/05 13:37:33.729971, 3] ../source4/dsdb/dns/dns_update.c:341(dnsupdate_check_names)
Calling DNS name update script
[2020/10/05 13:37:33.733468, 0] ../lib/util/become_daemon.c:124(daemon_ready)
STATUS=daemon 'samba' finished starting up and ready to serve connections
[2020/10/05 13:37:33.738796, 2] ../source4/dsdb/kcc/kcc_service.c:128(kccsrv_load_partitions)
kccsrv_partition[DC=remy,DC=lan] loaded
[2020/10/05 13:37:33.738870, 2] ../source4/dsdb/kcc/kcc_service.c:128(kccsrv_load_partitions)
kccsrv_partition[CN=Configuration,DC=remy,DC=lan] loaded
[2020/10/05 13:37:33.738889, 2] ../source4/dsdb/kcc/kcc_service.c:128(kccsrv_load_partitions)
kccsrv_partition[CN=Schema,CN=Configuration,DC=remy,DC=lan] loaded
[2020/10/05 13:37:33.738907, 2] ../source4/dsdb/kcc/kcc_service.c:128(kccsrv_load_partitions)
kccsrv_partition[DC=DomainDnsZones,DC=remy,DC=lan] loaded
[2020/10/05 13:37:33.738940, 2] ../source4/dsdb/kcc/kcc_service.c:128(kccsrv_load_partitions)
kccsrv_partition[DC=ForestDnsZones,DC=remy,DC=lan] loaded
[2020/10/05 13:37:33.744219, 3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2020/10/05 13:37:33.746529, 3] ../source4/dsdb/dns/dns_update.c:356(dnsupdate_check_names)
Calling SPN name update script
[2020/10/05 13:37:35.017037, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2020/10/05 13:37:35.017111, 3] ../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2020/10/05 13:37:35.037654, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2020/10/05 13:37:35.037685, 3] ../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2020/10/05 13:37:35.052574, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2020/10/05 13:37:35.052626, 3] ../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2020/10/05 13:37:35.495992, 3] ../lib/util/util_runcmd.c:308(samba_runcmd_io_handler)
Child /usr/sbin/samba_spnupdate exited with status 0 - Success
[2020/10/05 13:37:35.496093, 3] ../source4/dsdb/dns/dns_update.c:326(dnsupdate_spnupdate_done)
Completed SPN update check OK
[2020/10/05 13:37:36.827942, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: ldb_wrap open of secrets.ldb
[2020/10/05 13:37:37.308486, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: Traceback (most recent call last):
[2020/10/05 13:37:37.308686, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 631, in <module>
[2020/10/05 13:37:37.309034, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: get_credentials(lp)
[2020/10/05 13:37:37.309163, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 123, in get_credentials
[2020/10/05 13:37:37.309328, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: raise e
[2020/10/05 13:37:37.309506, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: RuntimeError: kinit for SERVEUR$@DOMAINE.LAN failed (Cannot contact any KDC for requested realm)
[2020/10/05 13:37:37.309624, 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate:
[2020/10/05 13:37:37.339993, 3] ../lib/util/util_runcmd.c:308(samba_runcmd_io_handler)
Child /usr/sbin/samba_dnsupdate exited with status 1 - Operation not permitted
[2020/10/05 13:37:37.340077, 0] ../source4/dsdb/dns/dns_update.c:295(dnsupdate_nameupdate_done)
../source4/dsdb/dns/dns_update.c:295: Failed DNS update - NT_STATUS_ACCESS_DENIED
[2020/10/05 13:37:37.670905, 3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered SERVEUR<00> with 192.168.0.2 on interface 192.168.0.255
[2020/10/05 13:37:37.671020, 3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered SERVEUR<03> with 192.168.0.2 on interface 192.168.0.255
[2020/10/05 13:37:37.671053, 3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered SERVEUR<20> with 192.168.0.2 on interface 192.168.0.255
[2020/10/05 13:37:37.673145, 3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered DOMAINE<1b> with 192.168.0.2 on interface 192.168.0.255
[2020/10/05 13:37:37.673190, 3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered DOMAINE<1c> with 192.168.0.2 on interface 192.168.0.255
[2020/10/05 13:37:37.673217, 3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered DOMAINE<00> with 192.168.0.2 on interface 192.168.0.255
[2020/10/05 13:42:34.953977, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2020/10/05 13:42:34.954037, 3] ../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]

Une idée ?

--edit--
Tiens, mon serveur se croit au mois d'octobre... je corrige peut-être que c'est juste ça

--edit--
Non, c'était pas ça.
J'ai passé le loglevel à 10... j'ai un fichier kilométrique, mais je vois ça qui revient à chaque fois :

Code :

ldb: ldb_trace_next_request: (acl)->search
[2020/05/05 14:30:11.123456, 10, pid=1173, effective(0, 0), real(0, 0), class=ldb] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)

smbstatus n’affiche aucune connexion

Un ami routier m'a conseillé tshark... ça donne ça :

Code :

1 0.000000000 192.168.0.2 → 45.142.156.164 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=08c6)
2 0.000005167 192.168.0.2 → 45.142.156.164 CLDAP 409 searchResEntry(1) "<ROOT>" searchResDone(1) success [1 result]
3 0.000025601 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
4 0.000029839 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
5 0.000032441 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
6 0.000034196 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
7 0.000035932 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
8 0.000037935 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
9 0.000039750 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
10 0.000041790 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
11 0.000181624 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
12 0.000186563 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
13 0.001001205 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
14 0.001412011 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
15 0.001820003 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
16 0.002229826 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
17 0.002237157 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
18 0.002441506 192.168.0.2 → 45.142.156.164 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=08c8)
19 0.002445616 192.168.0.2 → 45.142.156.164 CLDAP 409 searchResEntry(1) "<ROOT>" searchResDone(1) success [2 results]
20 0.002468431 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
21 0.003052257 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
22 0.003462369 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
23 0.004459052 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
24 0.004681851 192.168.0.2 → 45.142.156.164 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=08ca)
25 0.004685743 192.168.0.2 → 45.142.156.164 CLDAP 409 searchResEntry(1) "<ROOT>" searchResDone(1) success [3 results]
26 0.004706237 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
27 0.004868139 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
28 0.005278783 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
29 0.005688134 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
30 0.006820417 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
31 0.006898529 192.168.0.2 → 45.142.156.164 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=08cc)
32 0.006901762 192.168.0.2 → 45.142.156.164 CLDAP 409 searchResEntry(1) "<ROOT>" searchResDone(1) success [4 results]
33 0.006921922 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
34 0.006924685 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
35 0.006926812 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
36 0.007228642 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
37 0.007233862 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
38 0.007637099 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
39 0.007639638 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
40 0.007641397 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
41 0.007643309 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
42 0.007645031 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
43 0.007646958 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
44 0.007649752 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
45 0.007651762 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
46 0.008047935 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
47 0.009097260 192.168.0.2 → 45.142.156.164 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=08ce)
48 0.009100792 192.168.0.2 → 45.142.156.164 CLDAP 409 searchResEntry(1) "<ROOT>" searchResDone(1) success [5 results]
49 0.009411705 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
50 0.009821640 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
51 0.009826635 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
52 0.009828480 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
53 0.010229850 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
54 0.011290711 192.168.0.2 → 45.142.156.164 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=08d0)
55 0.011294123 192.168.0.2 → 45.142.156.164 CLDAP 409 searchResEntry(1) "<ROOT>" searchResDone(1) success [6 results]
56 0.012319569 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
57 0.012726253 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
58 0.012728660 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
59 0.013137099 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
60 0.013475938 192.168.0.2 → 45.142.156.164 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=08d2)
61 0.013479231 192.168.0.2 → 45.142.156.164 CLDAP 409 searchResEntry(1) "<ROOT>" searchResDone(1) success [7 results]
62 0.013500399 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
63 0.013503302 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
64 0.014325010 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
65 0.014734532 192.168.0.17 → 192.168.0.2 SMB2 398 Create Request File: Pictures\Telephone
66 0.014754617 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
67 0.015145547 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
68 0.015152027 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
69 0.015154416 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
70 0.015156261 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
71 0.015158222 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
72 0.015159887 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
73 0.015161725 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
74 0.015163544 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
75 0.015746515 192.168.0.2 → 45.142.156.164 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=08d4)
76 0.015751109 192.168.0.2 → 45.142.156.164 CLDAP 409 searchResEntry(1) "<ROOT>" searchResDone(1) success [8 results]
77 0.015773294 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
78 0.015779020 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
79 0.015781585 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
80 0.015783224 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
81 0.015785350 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
82 0.015787180 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
83 0.016374273 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
84 0.016535309 192.168.0.2 → 192.168.0.17 SMB2 298 Create Response File: Pictures\Telephone
85 0.017192148 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
86 0.017197871 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
87 0.017199690 192.168.0.17 → 192.168.0.2 SMB2 146 Close Request File: Pictures\Telephone
88 0.017214630 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
89 0.017536972 192.168.0.2 → 192.168.0.17 SMB2 182 Close Response
90 0.017605365 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
91 0.018011119 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
92 0.018015671 192.168.0.17 → 192.168.0.2 SMB2 406 Create Request File: Pictures\Telephone\2014
93 0.018089861 192.168.0.2 → 45.142.156.164 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=08d5)
94 0.018093892 192.168.0.2 → 45.142.156.164 CLDAP 409 searchResEntry(1) "<ROOT>" searchResDone(1) success [9 results]
95 0.018434441 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
96 0.018843863 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
97 0.019563117 192.168.0.2 → 192.168.0.17 SMB2 298 Create Response File: Pictures\Telephone\2014
98 0.019578859 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
99 0.019984921 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject
100 0.019990557 45.142.156.164 → 192.168.0.2 CLDAP 99 searchRequest(1) "<ROOT>" baseObject

--edit--
J'ai trouvé une solution de dépannage... mais c'est très artisanal...
iptables -I INPUT -p udp --sport 80 -j DROP
iptables -I INPUT -p udp --dport 389 -j DROP

Message édité par zezette le 05-05-2020 à 21:38:14

---------------
"Par moment j'me d'mande si chui pas con" G. de Suresnes

zezette

"Allez hop, au revoir"

Bon apparemment c'est un attaque de l'extérieur à laquelle mon samba répond (je ne sais pas trop quoi ni pourquoi)...

Dans mon modem-routeur, j'avais mis en dmz l'ip de mon serveur (notamment pour le http). quand je coupe la dmz, rien dès que je l'active, samba s'affole...

Message cité 1 fois

---------------
"Par moment j'me d'mande si chui pas con" G. de Suresnes

Ivy gu

we are legion uwu

mettre l'ip de ton serveur en tant que "DMZ" dans ton modem-routeur signifie concrètement que toutes les connexions entrantes vers ton IP publique sont redirigées vers ton serveur, donc si tu n'as pas pris de mesure de sécurité sur tes services, ils sont tous exposés sur internet

---------------
Vous venez de perdre une seconde.

zezette

"Allez hop, au revoir"

En effet... ^^ mais y'a rien d'exceptionnel dessus, c'est surtout pour du test.

C'est une faille connue de Samba de faire ça ? J'ai pas trouvé grand chose sur google...

---------------
"Par moment j'me d'mande si chui pas con" G. de Suresnes

Ivy gu

we are legion uwu

de faire quoi ?

Message cité 1 fois

---------------
Vous venez de perdre une seconde.

zezette

"Allez hop, au revoir"

Ivy gu a écrit :

de faire quoi ?

Ben d'utiliser 100% CPU et de balancer des données sur toute la bande passante disponible en upload

---------------
"Par moment j'me d'mande si chui pas con" G. de Suresnes

Ivy gu

we are legion uwu

pour le CPU je sais pas (mais si c'est des requêtes qui parsent tout l'annuaire en permanence c'est pas forcément déconnant), pour ce qui est d'utiliser toute la bande passante disponible ça me parait logique, il répond aux requêtes aussi vite que possible

Message édité par Ivy gu le 06-05-2020 à 09:39:32

---------------
Vous venez de perdre une seconde.

zezette

"Allez hop, au revoir"

Oui c'est du UDP flooding apparemment. Quelques lignes iptables et c'est résolu... enfin à part que j'ai énormément de trafic entrant... mais là je pense que je ne peux plus rien y faire....

---------------
"Par moment j'me d'mande si chui pas con" G. de Suresnes

Publicité

o'gure

Modérateur
Multi grognon de B_L

zezette a écrit :

Bon apparemment c'est un attaque de l'extérieur à laquelle mon samba répond (je ne sais pas trop quoi ni pourquoi)...

Dans mon modem-routeur, j'avais mis en dmz l'ip de mon serveur (notamment pour le http). quand je coupe la dmz, rien dès que je l'active, samba s'affole...

Si tu rediriges tous les ports vers une adresse donnée, faut mettre un firewall sur ton serveur... là t'es à poil sur internet...

45.142.156.184
=> https://ipinfo.io/AS40065/45.142.156.0/24
=> google https://www.google.fr/search?q=SPARTANHOST

Résultats de recherche
Résultat Web avec des liens annexes

Spartan Host
spartanhost.org
Traduire cette page
Spartan Host is the best Minecraft Host

Tu es vraisemblablement utilisé pour la réalisation d'attaque DDoS sur des serveurs de jeu. Well done.
T'es bon pour réinstaller ton serveur dans le doute, mais surtout colle un firewall et laisse pas des ports joignables comme ça...

Message édité par o'gure le 06-05-2020 à 10:16:46

---------------
Relax. Take a deep breath !

FORUM HardWare.fr

Linux et OS Alternatifs

réseaux et sécurité

Samba envoie des données et ralenti ma connexion internet

Sujets relatifs
Asterisk et appel exterieur via un modem de connexion	connexion VNC
Machine linux : gérer partage/permissions depuis windows (samba/sssd)	Je ne peut pas établir ma connexion SSH.
Probléme connexion session graphique	Connexion VPN possible sous Linux?
Debian 9 dans VMware 15.. pas d’acce à internet mais ça ping	Deux connexions internet - gérer le trafic
Crash RAID 1 NAS buffalo linkstation duo - données?	Créer une connexion de port série virtuel sur TCP
Plus de sujets relatifs à : Samba envoie des données et ralenti ma connexion internet

Page générée en 0.254 secondes