I keep getting these logs in my /var/log/auth.log
every 10-20 seconds:
Jun 22 11:31:12 debian smbd[1795]: pam_unix(samba:session): session closed for user nobody
Jun 22 11:31:08 debian smbd[1794]: pam_unix(samba:session): session closed for user nobody
Jun 22 11:30:44 debian smbd[1779]: pam_unix(samba:session): session closed for user nobody
How can I stop this? I checked my port and this what I got:
root@debian:/home/debian# netstat -ap | grep smbd
tcp 0 0 *:netbios-ssn *:* LISTEN 19317/smbd
tcp 0 0 *:microsoft-ds *:* LISTEN 19317/smbd
tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN 19317/smbd
tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN 19317/smbd
unix 2 [ ] DGRAM 583178168 19317/smbd /var/cache/samba/msg/19317
unix 2 [ ] DGRAM 583178311 19349/smbd /var/cache/samba/msg/19349
root@debian:/home/debian# netstat -ap | grep samba
unix 2 [ ACC ] STREAM LISTENING 583178532 19378/nmbd /var/run/samba/nmbd/unexpected
unix 2 [ ] DGRAM 583178168 19317/smbd /var/cache/samba/msg/19317
unix 2 [ ] DGRAM 583178311 19349/smbd /var/cache/samba/msg/19349
unix 2 [ ] DGRAM 583178517 19378/nmbd /var/cache/samba/msg/19378
How can I stop the Samba log from making that "PAM session closed" message?
Best Answer
I wonder if an approach similar to this one could be utilized here, see this Q&A titled: cron+pam heavily spamming my logs. In this Q&A the following was used to quiet a cron log that was "spamming" the logs in a similar way:
I believe in your scenario you'd need to modify the
cron
tosmd
, like so:I'm not 100% on which file to modify and don't have a Debian system handy to fully vet this. I believe it'll be a file under this directory:
/etc/pam.d/
, you'll have to play with it to determine which file exactly.Incidentally, the messages are occurring because the shell that is defined for the user,
nobody
, is set to something like/bin/false
or/bin/noshell
and this is what's leading to these messages showing up in theauth.log
file.References