[Samba] Problems with the Full Audit module

Ricardo Pardim Claus ricardo.claus at yahoo.com.br
Fri Apr 28 14:55:10 UTC 2017 

> It was just a guess that it was a DC, but it was based on this: 

> I was experiencing problems when I simultaneously enabled shadow_copy2 and full_audit modules. 
> When enabled, problems occurred in the sysvol folder. 

> So how can you be having problems in 'sysvol' if this is a domain 
> member ? 

> I think you should post your smb.conf. 

> Rowland

As for the sysvol problem, it was in an earlier attempt, where I tried to set up full audit in a DC. 
But at the moment I'm trying to enable auditing on a file server.
Follows my smb.conf:


# Global parameters 
[global] 
workgroup = DOMAIN 
security = ADS 
realm = domain.local 

netbios name = SRV16 
server string = Samba4 Server 

winbind enum users = yes 
winbind enum groups = yes 
winbind use default domain = Yes 
winbind nss info = RFC2307 

idmap config * : backend = tdb 
idmap config * : range = 2000-9999 
idmap config DOMAIN: backend = rid 
idmap config DOMAIN: range = 10000-99999 

log file = /var/log/samba/samba.log 
log level = 3 
syslog = 10 

#vfs objects = acl_xattr 
map acl inherit = yes 
store dos attributes = Yes 
guest account = guest 
username map = /etc/samba/user.map 
server services = s3fs 
dcerpc endpoint servers = -winreg -srvsvc 


[data] 
comment = Folder data 
path = /mnt/data 
read only = no 
vfs objects = recycle, shadow_copy2, full_audit 


# Recycle 
recycle:repository = .lixeira 
recycle:facility = LOCAL1 
recycle:priority = NOTICE 
recycle:maxsize = 0 
recycle:directory_mode = 0774 
recycle:subdir_mode = 0774 
recycle:keeptree = true 
recycle:touch = true 
recycle:versions = true 
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.exe, *.bin 
recycle:exclude_dir = tmp, temp, cache 
################################################################################# 
# SHADOW COPY / SNAPSHOT 
shadow:mountpoint = /mnt/data/ 
shadow:snapdir = .snapshot 
shadow:basedir = /mnt/ 
shadow:sort = desc 
shadow:localtime = yes 
shadow:format = @GMT-%Y.%m.%d-%H.%M.%S 
# AUDIT FILESERVER 
full_audit:prefix = %u|%I|%S|%g 
full_audit:success = all 
full_audit:failure = all !open 
full_audit:facility = local1 
full_audit:priority = ALERT

More information about the samba mailing list