hi, after we upgrade to 3.0.7 i recogniz (although it can happend with earlier versio too), that while we has the following settings: log file = /var/log/samba/%m.log there are always two log file for each clients. one with ip address and one with it's netbios name, what's more there is one with 0.0.0.0.log too. and the ip based log files are always zero length (except the 0.0.0.0). eg. garfield-2k's ip is 192.168.0.55. here is an example: # ll /var/log/samba/ total 52 -rw-r--r-- 1 root root 544 Oct 1 12:18 0.0.0.0.log -rw-r--r-- 1 root root 0 Oct 1 11:58 192.168.0.15.log -rw-r--r-- 1 root root 0 Oct 1 11:59 192.168.0.40.log -rw-r--r-- 1 root root 0 Oct 1 11:49 192.168.0.55.log -rw-r--r-- 1 root root 0 Oct 1 11:34 192.168.0.6.log -rw-r--r-- 1 root root 0 Oct 1 12:18 192.168.6.16.log -rw-r--r-- 1 root root 0 Oct 1 11:37 192.168.6.40.log -rw-r--r-- 1 root root 0 Oct 1 12:20 192.168.6.75.log -rw-r--r-- 1 root root 0 Oct 1 11:37 192.168.6.82.log -rw-r--r-- 1 root root 0 Oct 1 11:36 192.168.6.84.log -rw-r--r-- 1 root root 0 Oct 1 11:37 192.168.6.87.log -rw-r--r-- 1 root root 0 Oct 1 12:07 192.168.6.89.log -rw-r--r-- 1 root root 1334 Oct 1 12:21 alizak.log -rw-r--r-- 1 root root 3398 Oct 1 12:20 attaba.log -rw-r--r-- 1 root root 0 Oct 1 11:58 garfield-2k.log -rw-r--r-- 1 root root 580 Oct 1 12:02 hirdet2.log -rw-r--r-- 1 root root 1132 Oct 1 11:57 hirdet.log -rw-r--r-- 1 root root 1872 Oct 1 12:18 janovits.log -rw-r--r-- 1 root root 248 Oct 1 11:32 nmbd.log -rw-r--r-- 1 root root 114 Oct 1 12:20 pc-6-75.log -rw-r--r-- 1 root root 4873 Oct 1 12:21 pc-6-82.log -rw-r--r-- 1 root root 348 Oct 1 11:57 pc-6-84.log -rw-r--r-- 1 root root 1158 Oct 1 12:12 pc-6-89.log -rw-r--r-- 1 root root 0 Oct 1 11:37 porta.log -rw-r--r-- 1 root root 1044 Oct 1 12:18 smbd.log
This is expected behaviour. When contacted on port 445, we don't get the client's name until later.
The problem also happends with parameter smb ports = 139
Andrew's right, this is still designed behavior. The log.<ip addr> is from the initial socket connection to the SMBsessetup&X request. We then grab then client's machine name and reopen the logs. (this is the case for 2k/XP) Windows 9x and NT4 perform a netbios session request which causes smbd to reopen the logs earlier. The log.0.0.0.0 is from a client that disconnected and therefore has an unknown IP address.