Shares become inaccessable if I add vfs objects=full_audit Auxilary Parameter

[jtoninger]

Hi There

I am trying to Integrate TrueNAS with Graylog to generate and store more detailed Samba access logs. I noticed that TrueNAS 12 CORE no longer has the VFS Dropdown menu selector that existed in FreeNAS 11.3.5.

My config looks like the following:

Code:

# Global parameters
[global]
        aio max threads = 2
        allow dcerpc auth level connect = Yes
        bind interfaces only = Yes
        client ipc signing = if_required
        client lanman auth = Yes
        client ldap sasl wrapping = seal
        client NTLMv2 auth = No
        disable spoolss = Yes
        dns proxy = No
        domain master = No
        enable web service discovery = Yes
        guest account = floor
        kerberos method = secrets and keytab
        kernel change notify = No
        lanman auth = Yes
        load printers = No
        local master = No
        logging = file
        max log size = 5120
        nsupdate command = /usr/local/bin/samba-nsupdate -g
        ntlm auth = ntlmv1-permitted
        preferred master = No
        realm = MyDomain.COM
        registry shares = Yes
        restrict anonymous = 2
        security = ADS
        server min protocol = CORE
        server role = member server
        server string = FreeNAS Server
        template shell = /bin/sh
        winbind cache time = 7200
        winbind enum groups = Yes
        winbind enum users = Yes
        winbind max domain connections = 10
        winbind use default domain = Yes
        workgroup = MyDomain
        full_audit:priority = NOTICE
        full_audit:facility = LOCAL5
        full_audit:success = mkdir rename unlink rmdir pwrite
        full_audit:failure = connect
        full_audit:prefix = %u|%I|%m|%S
        idmap config *: range = 90000001-100000000
        idmap config gardien: range = 20000-90000000
        idmap config gardien: backend = rid
        idmap config * : backend = tdb
        directory name cache size = 0
        dos filemode = Yes


[GRID]
        ea support = No
        kernel share modes = No
        path = /mnt/StoreVol1/FloorShares/grid
        posix locking = No
        read only = No
        vfs objects = streams_xattr shadow_copy_zfs aio_fbsd full_audit
        nfs4:chown = true

Using this config Samba starts seemingly normally but the share GRID becomes inaccessible. Other shares remain functional.

If I remove the "full_audit" vfs object and make no other changes access to the GRID share is restored.

I am restarting the samba service after every change.

I am also aware that this config is woefully insecure. I am using this NAS to support old machinery in an industrial setting. It's not done that way out of lazyness.

Did something change with how vfs objects are applied with TrueNAS CORE, or were there other changes to the full_audit options I have not accounted for?

Thanks for any help.

 

[sretalla]

Have a look around this post:

How to configure SMB share to log user activities on FreeNas 11.x?

Hello, How can I follow user activities on FreeNas 11.2 (create/modify/delete files and folders). I read many topics about that on this forum but I still don’t understand some things. First, I saw that I need to add some code lines for vfs_audit to my SMB shares (in services/smb/Auxiliary...

www.truenas.com

 

[jtoninger]

Thanks that led me in the right direction.

It seems like things began working normally once I removed the Auxiliary Parameters from the global config (service level) and applied everything directly onto the config for a given share.

That being said, it still seems like several of the full_audit parameters are incompatible with TrueNAS and it is taking a lot of trial and error to see which work and which do not. There is also no documentation I can find that specifies what each parameter actually does, as some are quite ambiguous.

The full list is here: https://www.samba.org/samba/docs/current/man-html/vfs_full_audit.8.html but there is no definition for each entry and half of them seem to be incompatible with TrueNAS.