Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: fmoreira86 on March 24, 2022, 09:07:01 pm
-
I was trying to do this procedure:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRhCAK
Basically it would allow my firewall to identify the users based on the samba4 logs.
You've to add this:
syslog = 3
vfs object = full_audit
full_audit:success = connect
full_audit:failure = disconnect
full_audit:prefix = %u %I | %S
full_audit:facility = local5
To smb.conf.
I added to /usr/share/zentyal/stubs/samba/smb.conf.mas , rebooted the server and the logs work.
However if I try to create a GPO via RSAT, with this configuration, I get "This security ID may not be assigned as the owner of this object"
Pretty much like this report:
https://lists.samba.org/archive/samba/2017-April/207962.html
Any hint?
Thank you!
-
Solution:
vfs objects = acl_xattr full_audit
-
Hi,
I see this has been resolved but I have some questions.
I was looking at the Samba4 vfs with acl_xattr here:
https://wiki.samba.org/index.php/Using_the_acl_xattr_VFS_Module (https://wiki.samba.org/index.php/Using_the_acl_xattr_VFS_Module)
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs (https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs)
This says that the acl_xattr should be already enabled on a DC and then it's NOT to be applied to individual shares. Did you find any issues when activating the acl_xattr?
does this mean that Zentyal doesn't have this enabled by default as suggested in Samba4 docs?
-
I didn't have any problem since I made this config.