[Samba] Samba and Windows auditing

Alan Evangelista alan.vitor at gmail.com
Tue Feb 16 16:42:17 UTC 2021 

Hi, Rowland.

Thanks for the feedback. I'm not sure if Centrify is responsible for this
permission error,
so I'll set up a simpler environment without it, retry it and post the
results here.

Regarding the three questions I asked today on this mailing list, AFAIK
only this one may be
related to Centrify. Have I misunderstood something?

On Tue, Feb 16, 2021 at 7:41 AM Rowland penny via samba <
samba at lists.samba.org> wrote:

> On 16/02/2021 10:24, Alan Evangelista via samba wrote:
> > I have a Linux directory which is mapped to a Windows network drive via
> > Samba. I'd like to enable Windows auditing on the Windows side so that I
> > could track filesystem operations. A benefit of auditing those events on
> > the Windows side (over doing it in the Linux side, e.g. using the full
> > audit module in Samba) is that I'd be able to get the ID of the process
> > that started the FS operation and consequently the path of the executable
> > file that started the FS operation.
> >
> > I'm using Centrify to map Windows users and permissions to Linux users
> and
> > permissions and I can access the network drive contents on Windows
> without
> > any problems.
> >
> > I'm a domain admin in the Windows Server 2016 box and I have enabled
> > filesystem, file share, and file share details events on the local group
> > policy editor (I enabled file share related events because I fear I won't
> > get filesystem events out of Windows, as it's not really accessing the
> > physical disk, but letting Linux do it instead). I'm now able to enable
> > auditing on any local folder on the Windows Server 2016 box, except in
> the
> > network drive mapped via Samba. I get the following error in the Auditing
> > tab in the mapped directory properties: "You do not have permission to
> view
> > or audit this object's audit settings". Is it possible that Samba is
> > responsible for that permission error?
> >
> > Thanks in advance!
>
>
> Alan, why have you asked this question three times in less then half an
> hour ?
>
> You also mention that you are using centrify, which is not produced or
> supported by Samba. I suggest you ask centrify about your problem and
> once you have ruled that out, or moved to winbind, then we can look at
> your problem.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list