[Samba] 4.17.3 on debian: vfs_full_audit issues
Stefan G. Weichinger
lists at xunil.at
Fri Dec 9 11:31:22 UTC 2022
Upgraded a Debian-11.5 server to samba-4.17.3 (from backports).
Domain membership works, but with vfs_full_audit enabled access to share
seems broken.
# Global parameters
[global]
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
log level = 1
printcap name = /dev/null
realm = MYDOM.INTRA
security = ADS
template homedir = /mnt/MSA2040/smb/Homes/%D/%U
unix charset = iso8859-15
username map = /etc/samba/samba_usermapping
winbind cache time = 10
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = NORAS
full_audit:priority = notice
full_audit:facility = local5
full_audit:success = mkdir rmdir read pread write pwrite rename unlink
full_audit:failure = connect
full_audit:prefix = %u|%I|%m|%S
idmap config mydom : backend = rid
idmap config mydom : range = 10000-20000
idmap config * : backend = tdb
idmap config * : range = 3000-7999
acl allow execute always = Yes
follow symlinks = Yes
inherit acls = Yes
map acl inherit = Yes
store dos attributes = Yes
vfs objects = acl_xattr full_audit
wide links = Yes
---
I saw stuff like this:
[2022/12/09 12:17:17.209436, 1]
../../source3/smbd/smb2_service.c:669(make_connection_snum)
make_connection_snum: SMB_VFS_CONNECT for service 'IPC$' at '/tmp'
failed: Erfolg
[2022/12/09 12:17:17.211185, 0]
../../source3/modules/vfs_full_audit.c:566(init_bitmap)
init_bitmap: Could not find opname mkdir
[2022/12/09 12:17:17.211286, 0]
../../source3/modules/vfs_full_audit.c:755(smb_full_audit_connect)
smb_full_audit_connect: Invalid success operations list. Failing connect
[2022/12/09 12:17:17.211337, 1]
../../source3/smbd/smb2_service.c:669(make_connection_snum)
make_connection_snum: SMB_VFS_CONNECT for service 'IPC$' at '/tmp'
failed: Erfolg
[2022/12/09 12:17:17.214950, 0]
../../source3/modules/vfs_full_audit.c:566(init_bitmap)
init_bitmap: Could not find opname mkdir
[2022/12/09 12:17:17.215041, 0]
../../source3/modules/vfs_full_audit.c:755(smb_full_audit_connect)
smb_full_audit_connect: Invalid success operations list. Failing connect
[2022/12/09 12:17:17.215077, 1]
../../source3/smbd/smb2_service.c:669(make_connection_snum)
make_connection_snum: SMB_VFS_CONNECT for service 'IPC$' at '/tmp'
failed: Erfolg
[2022/12/09 12:17:17.224604, 0]
../../source3/modules/vfs_full_audit.c:566(init_bitmap)
init_bitmap: Could not find opname mkdir
----
Disabled "full_audit", access works now.
For reference:
root at samba:~# apt-cache policy samba
samba:
Installiert: 2:4.17.3+dfsg-3~bpo11+1
Installationskandidat: 2:4.17.3+dfsg-3~bpo11+1
Versionstabelle:
*** 2:4.17.3+dfsg-3~bpo11+1 100
100 http://ftp.at.debian.org/debian bullseye-backports/main
amd64 Packages
[..]
root at samba:~# apt-cache policy samba-vfs-modules
samba-vfs-modules:
Installiert: 2:4.17.3+dfsg-3~bpo11+1
Installationskandidat: 2:4.17.3+dfsg-3~bpo11+1
Versionstabelle:
*** 2:4.17.3+dfsg-3~bpo11+1 100
100 http://ftp.at.debian.org/debian bullseye-backports/main
amd64 Packages
[..]
I keep it disabled for now to let people do their work. Would be great
to learn what to fix as I should enable auditing there asap again (maybe
even on the fly without restarting smbd?)
thanks, Stefan
More information about the samba
mailing list