2nd login sees shares of 1st login smbstatus shows same pid with two users AIX 5.2 and linux RH9 2.4.20-28.9smp Samba version 3.0.11, compiled gcc 3.3.3 "ldx" was previous login "doug" is current login include = /usr/local/samba3/lib/smb.services.%U doug can see the shares listed in smb.services.ldx as well as smb.services.doug This is cumulative. A third login would have all the shares for the previous two logins. Without "valid users = %S" on [homes], the second user can access the previous home share. This only happens if the user maps a drive security = ADS winbind trusted domains only = yes Samba version 3.0.11 PID Username Group Machine ------------------------------------------------------------------- 24494 doug doug ldx5 (192.168.200.177) 23985 ldx ldx 192.168.200.177 (192.168.200.177) 23985 doug doug 192.168.200.177 (192.168.200.177) Service pid machine Connected at ------------------------------------------------------- ldx 23985 192.168.200.177 Thu Feb 24 13:10:52 2005 download 23985 192.168.200.177 Thu Feb 24 13:14:48 2005 ldx 23985 192.168.200.177 Thu Feb 24 13:10:52 2005 public 23985 192.168.200.177 Thu Feb 24 11:33:15 2005 games 23985 192.168.200.177 Thu Feb 24 11:33:15 2005 ldx 23985 192.168.200.177 Thu Feb 24 13:11:03 2005 IPC$ 23985 192.168.200.177 Thu Feb 24 13:10:53 2005 winapps 23985 192.168.200.177 Thu Feb 24 11:33:15 2005 public 23985 192.168.200.177 Thu Feb 24 13:14:48 2005 doug 23985 192.168.200.177 Thu Feb 24 13:14:48 2005 doug 24494 ldx5 Thu Feb 24 13:14:47 2005 games 23985 192.168.200.177 Thu Feb 24 13:14:48 2005 ldx 23985 192.168.200.177 Thu Feb 24 13:10:52 2005 winapps 23985 192.168.200.177 Thu Feb 24 13:14:48 2005 doug 24494 ldx5 Thu Feb 24 13:14:49 2005 download 23985 192.168.200.177 Thu Feb 24 11:33:15 20
doug, i'm pretty sure this is the result of the Windows client keeping connections open across logons. It's not a Samba bug.
Hi Jerry, yes, I agree the machine is keeping a connection open across logons, but it didn't happen with samba 2. Bear with me a second. Process 23985 has a entry in session.tdb validated to user ldx Process 23985 gets a request for a new session for user doug Here, I think process 23985 should 1. Check sessions.tdb for an existing session user 2. If one exists (ldx) and is different that the requested session user (doug) a. remove shares belonging to ldx from connections.tdb b. remove ldx from sessions.tdb 3. go ahead with session doug 4. setup connections for doug Will you at least give me some pointers about where to focus in the code? I'll take a stab at doing it myself.
No we can't do this. It would break multiple connections from multi-user client machines. We have to believe what the client tells us, we can't arbitrarily disconnect sessions just because another one comes along. Jeremy
What about deadtime = value If there are no locked files, I can kill -TERM the processes and the client(s) (win2000) just reconnects automatically with a clean slate. So OK. Don't disconnect anything. Spawn off a new process for the incoming user with a blank connection state. The the old process would time out after deadtime units or stay alive because some user was using it. I've been using samba since 1. something and this is the first time I've seen two users own the same PID. Since win98 this has become dogma. I originally thought showing 2 users on 1 PID might cause someone to take a fresh look. After all, when was the last time you deliberately introduced a security hole just because windows does it that way? All I'm asking for now is some help to take the look myself and see if there's a way out before it becomes common knowlege and it becomes a wedge issue to force purchasing all Microsoft equipment. What do you got to lose?