In our previous articles we covered how to set limits in Linux (temporarily and permanently). In this tutorial we will keep our focus on Linux SMDB Process Limit only. But before we jump to this, let us understand some basics.
What is SMBD?
SMBD is a samba server daemon that provides file sharing and printing services from Linux machines to Windows clients. The server provides file space and printer services to clients using the SMB (or CIFS) protocol.
How to limit smbd processes?
From Protecting an unpatched Samba server
Samba is able to limit the number of concurrent connections when smbd is launched as a daemon (not from inetd). The 'max smbd processes' smb.conf option allows Administrators to define the maximum number of smbd processes running at any given point in time. Any further attempts from clients to connect to the server will be rejected.
Each client creates a connection to the Samba server. As the number of users increases, this connection also increases. The "max smbd processes" parameter is designed as a temporary measure to avoid throttling the service to clients if the server does not have enough resources to handle more than this number. max smbd process is a global parameter i.e it limits the number of running smbd processes and NOT the number of connections per share. Under normal operating conditions, each user will have an smbd associated with it to manage connections to all shares from a given host.
If there is no "max smbd processes" parameter in the /etc/samba/smb.conf file, there is no limitation by default.
To set a limit, it should be written as:
max smbd processes = 1000
In this way, the limit value is set to 1000. Transactions after this value are rejected by the server. To make the number of transactions unlimited, you can use 0, it is written as:
max smbd processes = 0
/etc/samba/smb.conf is created when the samba package is installed on the system. The configuration file and any files it contains are automatically reloaded every three minutes if they change.
The samba service can be restarted for the changes to take effect immediately.
On Debian based systems:
root@ubuntu22:~# systemctl restart smbd
On Redhat based systems:
[root@rocky9 ~]# systemctl restart smb
Example for max smbd processes limit
Now let's set the value of "max smbd processes" to "0" and examine the results.
[root@rocky9 ~]# nano /etc/samba/smb.conf
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[foc-smb-folder]
path = /srv/samba/shared
browsable =yes
writable = yes
guest ok = yes
read only = no
## Add this line
max smbd processes = 0
The service is restarted:
[root@rocky9 ~]# systemctl restart smb
Now we try to access the /srv/samba/shared share:
Samba will try to access the shared directory but fail. Let's look at the status of the service on the server:
[root@rocky9 ~]# systemctl status smb
● smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2022-11-05 11:17:31 +03; 29min ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 39785 (smbd)
Status: "smbd: ready to serve connections..."
Tasks: 5 (limit: 9110)
Memory: 10.0M
CPU: 146ms
CGroup: /system.slice/smb.service
├─39785 /usr/sbin/smbd --foreground --no-process-group
├─39788 /usr/sbin/smbd --foreground --no-process-group
├─39789 /usr/sbin/smbd --foreground --no-process-group
├─39790 /usr/libexec/samba/samba-bgqd --ready-signal-fd=47 --parent-watch-fd=13 --debuglevel=0 -F
└─39794 /usr/sbin/smbd --foreground --no-process-group
Nov 05 11:17:31 rocky9 smbd[39785]: [2022/11/05 11:17:31.796908, 0] ../../source3/smbd/server.c:1734(main)
Nov 05 11:17:31 rocky9 smbd[39785]: smbd version 4.15.5 started.
Nov 05 11:17:31 rocky9 smbd[39785]: Copyright Andrew Tridgell and the Samba Team 1992-2021
Nov 05 11:17:31 rocky9 smbd[39785]: [2022/11/05 11:17:31.797421, 0] ../../lib/param/loadparm.c:1814(lpcfg_do_service_parameter)
Nov 05 11:17:31 rocky9 smbd[39785]: Global parameter max smbd processes found in service section!
Nov 05 11:17:31 rocky9 systemd[1]: Started Samba SMB Daemon.
Nov 05 11:17:46 rocky9 smbd[39794]: [2022/11/05 11:17:46.954888, 0] ../../lib/param/loadparm.c:1814(lpcfg_do_service_parameter)
Nov 05 11:17:46 rocky9 smbd[39794]: Global parameter max smbd processes found in service section!
Nov 05 11:27:43 rocky9 smbd[39794]: [2022/11/05 11:27:43.662846, 0] ../../lib/param/loadparm.c:1814(lpcfg_do_service_parameter)
Nov 05 11:27:43 rocky9 smbd[39794]: Global parameter max smbd processes found in service section!
"Global parameter max smbd operations found in service partition!" As you can see from the message, there is a connection limit.
Let's take a look at the samba logs:
[root@rocky9 ~]# tail -f /var/log/samba/log.smbd
Global parameter max smbd processes found in service section!
[2022/11/05 11:17:31.796908, 0] ../../source3/smbd/server.c:1734(main)
smbd version 4.15.5 started.
Copyright Andrew Tridgell and the Samba Team 1992-2021
[2022/11/05 11:17:31.797421, 0] ../../lib/param/loadparm.c:1814(lpcfg_do_service_parameter)
Global parameter max smbd processes found in service section!
The same warning appears in the logs.
Summary
Sometimes for security reasons, sometimes for different reasons, it may be necessary to limit the number of connections. You may receive an error regarding connection limit when making a samba connection or by an application using samba. In this article, we tried to help you with smbd process limits on Linux machines.
What’s Next
Samba Active Directory Setup [Step-by-Step]
15 steps to setup Samba Active Directory DC CentOS 8
References
www.samba.org - Limiting the number of concurrent connections
