[Samba] full_audit on Samba 3.0.20 vs 3.0.25

Ryan Steele steele at agora-net.com
Thu Aug 9 15:34:29 GMT 2007


Volker Lendecke wrote:
> On Fri, Aug 03, 2007 at 04:20:20PM -0400, Ryan Steele wrote:
>   
>> Just a quick question for you: Does Samba 3.0.20 support the full_audit
>> module? I've got the module operating on two boxes, one with Samba
>>     
>
> The full audit module was added around 3.0.4.
>
>   
>> 3.0.25 and the other with 3.0.20, and only the former seems to interpret
>> VFS directives, such as:
>>
>>     full_audit:prefix = %u
>>     full_audit:failure = none
>>     full_audit:success = open write close
>>
>> On the 3.0.20 box, they seem to be ignored, which causes the logs to
>> fill up very quickly.  I appreciate any light that can be shed on this
>> situation.  Thanks in advance!
>>     
>
> Not sure what this is, I think the full smb.conf would be
> necessary here.
>
> Volker
>   
Volker and list,

Here's the smb.conf, followed by an example log entry - I'd appreciate
any insight as to why it still logs the failures (and lots of them!) 
Thanks!

[global]
   workgroup = SOMEGROUP
   server string = %h server (SOMESERVER)
   wins support = yes
   dns proxy = yes
   name resolve order = wins lmhosts host bcast
   smb ports = 139
   log file = /var/log/samba/log.%m
   max log size = 1000000
   log level = 0 vfs:2
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = user

   encrypt passwords = true
   passdb backend = ldapsam:ldap://127.0.0.1/
   obey pam restrictions = no
   ldap admin dn = cn=admin,dc=somedomain,dc=com
   ldap suffix = dc=somedomain,dc=com
   ldap group suffix = ou=Groups
   ldapuser suffix = ou=People
   ldap machine suffix = ou=Computers
   ldap idmap suffix = ou=People
   ldap passwd sync = Yes
   passwd program = /usr/sbin/smbldap-passwd %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
   add user script = /usr/sbin/smbldap-useradd -m "%u"
   ldap delete dn = Yes
   delete user script = /usr/sbin/smbldap-userdel "%u"
   add machine script = /usr/sbin/smbldap-useradd -w "%u"
   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   delete group script = /usr/sbin/smbldap-groupdel "%g"
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
   invalid users = root
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   create mask = 0700
   directory mask = 0700
[printers]
   comment = All Printers
   browseable = no
   path = /tmp
   printable = yes
   public = no
   writable = no
   create mode = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
[Shared Files]
    vfs objects = full_audit
    full_audit:prefix = %u
    full_audit:failure = none
    full_audit:success = write
    comment = "SOMESERVER's Files"
    path = /home/sharedfiles
    browseable = yes
    writable = yes
    oplocks = No
    level 2 oplocks = No
    directory mask = 0775
    create mask = 0664




Here's the log entry:
Aug  9 11:04:52 servername smbd_audit: username|sys_acl_get_file|fail
(Operation not supported)|/path/to/file


-- 
Ryan Steele
Systems Administrator                   steele at agora-net.com
AgoraNet, Inc.                          (302) 224-2475
314 E. Main Street, Suite 1             (302) 224-2552 (fax)
Newark, DE 19711                        http://www.agora-net.com

GPG Signature:    http://www.agora-net.com/~steele/signature.asc



More information about the samba mailing list