Table of Contents

Samba 3

Interesting smb.conf Stuff

# These users will run file ops as the super-user
admin users = pfowler

# Allow wide linking, even with unix extensions = yes
allow insecure wide links = no

# Allow trusted domains other then the one smbd is using
allow trusted domains = yes

# Order of auth to use, sam = local
auth methods = guest sam winbind

# Force a files group.
#  Using a prepended + will set the group
#  only if the user belongs to that group
force group = groupname

# If a bogus domain is given (like local workstation);
#  then the domain name is changed to the smbd domain
map untrusted to domain = yes

smbclient

smbclient -U username%password -W=domain //server/share
 
# User a credentials file
#  username = 
#  password = 
#  domain = 
smbclient -A=filename

Auditing

Add this section to the global

# Audit settings
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod
fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath
full_audit:facility = local5
full_audit:priority = notice

Would be a good idea to restrict what events are logged. The above will be very very noisy. Try:

      full_audit:success = connect mkdir rmdir write rename unlink pwrite read
  

Then in each share, add:

      vfs object = full_audit
      
      

To setup the syslog

*.info;local5.none;mail.none;authpriv.none;cron.none            /var/log/messages
local5.notice                                           /var/log/samba/audit.log

Now create /etc/logrotate.d/samba.audit

/var/log/samba/audit.log {
   weekly
   missingok
   rotate 7
   postrotate
   /etc/init.d/syslog reload > /dev/null 2>&1 || true
   endscript
   compress
   notifempty
}

Variable Subsititions

Sub description
%U session username (the username that the client wanted, not necessarily the same as the one they got).
%G primary group name of %U.
%h the Internet hostname that Samba is running on.
%m the NetBIOS name of the client machine (very useful).
%M the Internet name of the client machine.
%R the selected protocol level after protocol negotiation. It can be one of CORE, COREPLUS, LANMAN1, LANMAN2 or NT1.
%d the process id of the current server process.
%a The architecture of the remote machine.
%I the IP address of the client machine.
%i the local IP address to which a client connected.
%T the current date and time.
%D name of the domain or workgroup of the current user.
%w the winbind separator.
%$(envvar) the value of the environment variable envar.
%S the name of the current service, if any.
%P the root directory of the current service, if any.
%u username of the current service, if any.
%g primary group name of %u.
%H the home directory of the user given by %u.