Volker Lendecke wrote:
On Fri, Aug 03, 2007 at 04:20:20PM -0400, Ryan Steele wrote:
Just a quick question for you: Does Samba 3.0.20 support the full_audit
module? I've got the module operating on two boxes, one with Samba
The full audit module was added around 3.0.4.
3.0.25 and the other with 3.0.20, and only the former seems to interpret
VFS directives, such as:
full_audit:prefix = %u
full_audit:failure = none
full_audit:success = open write close
On the 3.0.20 box, they seem to be ignored, which causes the logs to
fill up very quickly. I appreciate any light that can be shed on this
situation. Thanks in advance!
Not sure what this is, I think the full smb.conf would be
necessary here.
Volker
Volker and list,
Here's the smb.conf, followed by an example log entry - I'd appreciate
any insight as to why it still logs the failures (and lots of them!)
Thanks!
[global]
workgroup = SOMEGROUP
server string = %h server (SOMESERVER)
wins support = yes
dns proxy = yes
name resolve order = wins lmhosts host bcast
smb ports = 139
log file = /var/log/samba/log.%m
max log size = 100
log level = 0 vfs:2
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://127.0.0.1/
obey pam restrictions = no
ldap admin dn = cn=admin,dc=somedomain,dc=com
ldap suffix = dc=somedomain,dc=com
ldap group suffix = ou=Groups
ldapuser suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=People
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m %u
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel %u
add machine script = /usr/sbin/smbldap-useradd -w %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0700
directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[Shared Files]
vfs objects = full_audit
full_audit:prefix = %u
full_audit:failure = none
full_audit:success = write
comment = SOMESERVER's Files
path = /home/sharedfiles
browseable = yes
writable = yes
oplocks = No
level 2 oplocks = No
directory mask = 0775
create mask = 0664
Here's the log entry:
Aug 9 11:04:52 servername smbd_audit: username|sys_acl_get_file|fail
(Operation not supported)|/path/to/file
--
Ryan Steele
Systems Administrator [EMAIL PROTECTED]
AgoraNet, Inc. (302) 224-2475
314 E. Main Street, Suite 1 (302) 224-2552 (fax)
Newark, DE 19711http://www.agora-net.com
GPG Signature:http://www.agora-net.com/~steele/signature.asc
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
