[Samba] Problems with the Full Audit module
Ricardo Pardim Claus
ricardo.claus at yahoo.com.br
Fri Apr 28 14:55:10 UTC 2017
> It was just a guess that it was a DC, but it was based on this:
> I was experiencing problems when I simultaneously enabled shadow_copy2 and full_audit modules.
> When enabled, problems occurred in the sysvol folder.
> So how can you be having problems in 'sysvol' if this is a domain
> member ?
> I think you should post your smb.conf.
> Rowland
As for the sysvol problem, it was in an earlier attempt, where I tried to set up full audit in a DC.
But at the moment I'm trying to enable auditing on a file server.
Follows my smb.conf:
# Global parameters
[global]
workgroup = DOMAIN
security = ADS
realm = domain.local
netbios name = SRV16
server string = Samba4 Server
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = Yes
winbind nss info = RFC2307
idmap config * : backend = tdb
idmap config * : range = 2000-9999
idmap config DOMAIN: backend = rid
idmap config DOMAIN: range = 10000-99999
log file = /var/log/samba/samba.log
log level = 3
syslog = 10
#vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = Yes
guest account = guest
username map = /etc/samba/user.map
server services = s3fs
dcerpc endpoint servers = -winreg -srvsvc
[data]
comment = Folder data
path = /mnt/data
read only = no
vfs objects = recycle, shadow_copy2, full_audit
# Recycle
recycle:repository = .lixeira
recycle:facility = LOCAL1
recycle:priority = NOTICE
recycle:maxsize = 0
recycle:directory_mode = 0774
recycle:subdir_mode = 0774
recycle:keeptree = true
recycle:touch = true
recycle:versions = true
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.exe, *.bin
recycle:exclude_dir = tmp, temp, cache
#################################################################################
# SHADOW COPY / SNAPSHOT
shadow:mountpoint = /mnt/data/
shadow:snapdir = .snapshot
shadow:basedir = /mnt/
shadow:sort = desc
shadow:localtime = yes
shadow:format = @GMT-%Y.%m.%d-%H.%M.%S
# AUDIT FILESERVER
full_audit:prefix = %u|%I|%S|%g
full_audit:success = all
full_audit:failure = all !open
full_audit:facility = local1
full_audit:priority = ALERT
More information about the samba
mailing list