[Samba] full_audit on Samba 3.0.20 vs 3.0.25
Ryan Steele
steele at agora-net.com
Thu Aug 9 15:34:29 GMT 2007
Volker Lendecke wrote:
> On Fri, Aug 03, 2007 at 04:20:20PM -0400, Ryan Steele wrote:
>
>> Just a quick question for you: Does Samba 3.0.20 support the full_audit
>> module? I've got the module operating on two boxes, one with Samba
>>
>
> The full audit module was added around 3.0.4.
>
>
>> 3.0.25 and the other with 3.0.20, and only the former seems to interpret
>> VFS directives, such as:
>>
>> full_audit:prefix = %u
>> full_audit:failure = none
>> full_audit:success = open write close
>>
>> On the 3.0.20 box, they seem to be ignored, which causes the logs to
>> fill up very quickly. I appreciate any light that can be shed on this
>> situation. Thanks in advance!
>>
>
> Not sure what this is, I think the full smb.conf would be
> necessary here.
>
> Volker
>
Volker and list,
Here's the smb.conf, followed by an example log entry - I'd appreciate
any insight as to why it still logs the failures (and lots of them!)
Thanks!
[global]
workgroup = SOMEGROUP
server string = %h server (SOMESERVER)
wins support = yes
dns proxy = yes
name resolve order = wins lmhosts host bcast
smb ports = 139
log file = /var/log/samba/log.%m
max log size = 1000000
log level = 0 vfs:2
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://127.0.0.1/
obey pam restrictions = no
ldap admin dn = cn=admin,dc=somedomain,dc=com
ldap suffix = dc=somedomain,dc=com
ldap group suffix = ou=Groups
ldapuser suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=People
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0700
directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[Shared Files]
vfs objects = full_audit
full_audit:prefix = %u
full_audit:failure = none
full_audit:success = write
comment = "SOMESERVER's Files"
path = /home/sharedfiles
browseable = yes
writable = yes
oplocks = No
level 2 oplocks = No
directory mask = 0775
create mask = 0664
Here's the log entry:
Aug 9 11:04:52 servername smbd_audit: username|sys_acl_get_file|fail
(Operation not supported)|/path/to/file
--
Ryan Steele
Systems Administrator steele at agora-net.com
AgoraNet, Inc. (302) 224-2475
314 E. Main Street, Suite 1 (302) 224-2552 (fax)
Newark, DE 19711 http://www.agora-net.com
GPG Signature: http://www.agora-net.com/~steele/signature.asc
More information about the samba
mailing list