On Wed, Dec 09, 2009 at 05:47:18PM +0100, Tomasz Przewlucki wrote: > I had implemented on one of my shares vfs full_audit module. It was > working with Samba 3.0.x without any problems. > > After migration to Samba 3.4.3 this function doesn't work anymore - when > it's enabled then share isn't accessible from users (it's visible but > getting error when trying to connect to it). > Audit and extd_audit vfs's are working fine, but they doesn't meet my > requirements. > > I've tried full_audit on shares with and without extended attributes > (ext3 with xattr), getting same results.
Well it broke everything for me too when I enabled it. I did not try it before though so I have no idea that it used to work. I had to turn it off right away. It sure seems like tha full_audit is totally broken at this time (well it logs lots of stuff, it just prevents users from doing anything too). > In samba debug:10 log i couldn't see anything strange, so i want first > to ask if there is anybody with working vfs full_audit on samba 3.4.3 ? > > My smb.conf: > > # Global parameters > [global] > workgroup = OBRAM > netbios name = PASSAT > server string = OBRAM_PDC > security = user > interfaces = 192.168.0.13 10.0.0.113 > smb ports = 139 445 > time server = Yes > # > encrypt passwords = yes > enable privileges = yes > obey pam restrictions = No > username map = /etc/samba/smbusers > # > msdfs root = yes > # > log level = 1 vfs:1 > #log level = 10 > syslog = 3 > log file = /var/log/samba/log.%m > max log size = 10000 > # > mangling method = hash2 > dos charset = 852 > Unix charset = UTF-8 > display charset = UTF-8 > # > logon script = "%G.bat" > logon drive = H: > logon home = > logon path = > lanman auth = no > ntlm auth = no > client ntlmv2 auth = yes > # > nt acl support = yes > # > map hidden = no > map system = no > map archive = no > ea support = yes > map acl inherit = yes > store dos attributes = yes > # > domain logons = Yes > oslevel = 65 > preferred master = Yes > domain master = Yes > wins support = Yes > local master = yes > # > passdb backend = ldapsam:"ldap://127.0.0.1 ldap://192.168.0.40"; > # > ldapsam:trusted = yes > ldapsam:editposix = yes > # > ldap admin dn = cn=samba,ou=DSA,dc=obram > ldap suffix = dc=obram > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > ldap idmap suffix = ou=Idmap > #ldap ssl = start tls > ldap ssl = no > ldap delete dn = Yes > ldap passwd sync = Yes > # > idmap uid = 111000-120000 > idmap gid = 111000-120000 > idmap backend = ldap:"ldap://127.0.0.1 ldap://192.168.0.40"; > idmap alloc backend = ldap > idmap alloc config:ldap_base_dn = ou=Idmap,dc=obram > idmap alloc config:ldap_user_dn = cn=samba,ou=DSA,dc=obram > idmap alloc config:ldap_url = ldap://localhost > idmap alloc config:range = 111000-120000 > # > template homedir = /home/samba/users/%U > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > # > create mask = 0640 > directory mask = 0750 > deadtime = 10 > guest account = nobody > map to guest = Bad User > dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd > # > preserve case = yes > short preserve case = yes > case sensitive = auto > load printers = Yes > printing = cups > printcap name = cups > show add printer wizard = yes > # > kernel oplocks = no > # > veto oplock files = /*.mdb/*.MDB/*.pst/*.PST/ > # > # NEW Samba 3.4 > max open files = 10000 > max stat cache size = 1024 > registry shares = no > > #and this unworking with full_audit share: > [temp] > comment = katalog kasowany co noc > path = /home/samba/temp/ > browseable = Yes > guest ok = Yes > read only = No > directory mask = 0755 > create mask = 0644 > vfs objects = full_audit > full_audit:prefix = %u|%I > full_audit:success = mkdir rename rmdir write open > full_audit:failure = none > csc policy = disable > hide files = /desktop.ini/recycled/RECYCLER/autorun.inf/explorer.exe/ > > Best regards, > Tomasz Przewlucki -- Len Sorensen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
