[Samba] SysVol permission error on newly joined DV

Anantha Raghava raghav at exzatech.net
Fri Mar 7 21:41:38 UTC 2025 

Hello Rowland,

To answer your questions:

log level = 1 auth_audit:0 auth_json_audit:3 dsdb_json_audit:5
max log size = 1000000000

A few questions spring to mind.
First do you real need a 1 terabyte log file before it rotates ?
Do you really need to log every successful authentication ?
Do you really need to log every database modification ?

Yes, we do log every successful log and every database modification as 
per our audit needs. I know it's an overkill, but we have to comply. Now 
the best part of it is that we have been instructed to log even the DNS 
queries!!! Samba is sitting deep inside network. To reach samba, one has 
to cross many security layers. Still we are instructed to log and keep 
logs backed up. We are just complying.
I do not get these messages, but I am using 4.21.4, while you are using
4.19.5 on what appears to be a redhat or redhat clone OS, using a self
compiled version of Samba.

We are using RHEL 8.9. We have enabled the required repositories, 
updated RHEL as recommended in samba install process and we are using 
self compiled version of Samba.


I would suggest you upgrade to a Samba supported version, you may find
that you problem has gone away.

We will try this. We use the latest Samba version for 3 new servers and 
report back if the issue continues. Upgrading 5 old servers is a huge 
process that requires multiple layers of approvals.

Best regards,

Raghav


On 07/03/25 4:22 pm, Rowland Penny via samba wrote:
> On Fri, 7 Mar 2025 08:40:48 +1000
> Anantha Raghava via samba<samba at lists.samba.org> wrote:
>   
>> 3. We find this issue only in 3 new servers which we added off late.
>> We kept the samba version same - 4.19.5
>>
> OK, if we look at these two lines from your smb.conf:
>
> log level = 1 auth_audit:0 auth_json_audit:3 dsdb_json_audit:5
> max log size = 1000000000
>
> A few questions spring to mind.
> First do you real need a 1 terabyte log file before it rotates ?
> Do you really need to log every successful authentication ?
> Do you really need to log every database modification ?
>
> As for the 'vfs_chdir' messages you are getting, those may or may not
> be anything to worry about. They are showing that 'something' is trying
> to change directory to sysvol and is being denied access. Without know
> who or what the 'something' is, it is hard to say if it is malicious or
> not, but it usually isn't.
>
> I do not get these messages, but I am using 4.21.4, while you are using
> 4.19.5 on what appears to be a redhat or redhat clone OS, using a self
> compiled version of Samba.
>
> Samba has just released 4.22.0 and this means that your version of
> Samba is now EOL from the Samba point of view, so if you have found a
> bug, then you stand little chance of getting it fixed.
>
> I would suggest you upgrade to a Samba supported version, you may find
> that you problem has gone away.
>
> If it is any help, Tranquil IT supplies Samba RPMs for redhat and
> clones, see here:
>
> https://samba.tranquil.it/doc/en/samba_config_server/redhat/server_install_samba_redhat.html
>
> Rowland
>

More information about the samba mailing list