Beiträge von gwaitsi

put everything back to default. have only the below.

bind interfaces only = yes

dns proxy = yes

server min protocol = SMB2_10

client min protocol = SMB2

client max protocol = SMB3

no audit logs.

that doesn't me a lot to me m8.

what are you saying?

is journald stored in flash then? if the system hasn't been restarted, why would it be effected.

it is strange that i had audit logs from yesterday and this morning, until i tried to back out those parameters.

Even though i have put them back, i am back to no audit log again.

isn't there a way that flash and auditing can work together properly.

i have the flash memory plugin, yes

Zitat von votdev

No, this is already done when you check the 'Audit' checkbox in the share configuration page.

that's weird. it was never working. even under OMV4 nor after the upgrade. And it started working after the last OMV update 2.4.5, or from when i entered the above settings. not 100% which. i suppose i should probably try to back those settings out and see if it breaks.

ups log doesn't work though.... never ending saga.....

Audit log problem is solved.

Not sure if it is what i added below, or the 5.4.5 update that just came out.

but it is working now....and i say, if it ain't broke, don't fix it - so i will leave as is.

i do wonder though, the default config has "logging = syslog" - which i believe is no longer valid

- i added the folowing to the samba extra options page.

full_audit:prefix = %u|%I|%m|%S
full_audit:failure = connect
full_audit:success = mkdir rename unlink rmdir pwrite
full_audit:facility = LOCAL5
full_audit:priority = NOTICE
logging = syslog@1 /var/log/samba/log.%m

- on each of the shares, i entered the following in the extra options

vfs objects = recycle full_audit

votdev is that something that should be added to the openmediavault config when the audit option is selected, or at least should the logging = syslog be updated?

i have removed those two, and yes to the 2nd part.

I should also add, the windows 10 machines can see each other under explorer -> network, if on the same network.

They can map across different networks.

this sounds like a name resolution thing and which probably explains why it stopped after wins was disabled.

wsdd is supposed to be fulfilling this function now right. it doesn't have any errors under its status. and i have installed on the linux client now.

yes. both linux and windows client can map the shares if specifically added.

but it is an annoyance when you can't simply use the browser in either client. i agree it is not a show stopper, but i would still like to get to the bottom of it.

Zitat von donh

Sorry I don't know win 10 but on 7 the windows firewall would only allow same subnet. You might need to allow the other subnets.

Seems winbind may be installed by default in newer versions. In the good old days it wasn't. Sorry

i use comodo on my machines and they are configured to allow the appropriate ports. previously they could browse, until i followed some of the suggestions in the thread. I looked up the suggestions and found them to be sound, so am reluctant to reverse back. would rather find the real cause to maintain the win10 security standard

the other thing that is worth to mention,

if i \\nas or \\client the device and shares appear in the windows network browser

if i use nemo on the mint machine and connect to share it works also. just not the network browser

i have multiple vlans. the server is isolated, and as well as the other types of users

the server smb.conf has

domain master

local master

vlan 70 has windowsand libelec linux clients (libelec should only be a client and see the server,

windows should see all machines in all subnets - currently can map succesdfully - before it could see the other machines)

vlan 80 has linux and windows 10 clients (linux should see the server and windows clients, windows should see the linux and server)

re 23. I did that. didn't make any difference, but removing winbind per one of the earlier suggestions is what i suspect broke things.

oh. and the linux mint client can map to the nas box via autofs cifs setup, but not see any shares through the nemo browser

better to have cabin fever, than be a statistic

geaves after i did those recommendations i.e. removing winbind, etc, i can no longer browse devices in explorer or on the linux machines.
win10 machines can map the drives to the shares, just can't see the devices. i should probably mention.

nas / samba server is on subnet 60

clients are on subnets 70 or 80

I was previously able to see the server and clients in the win10 explorer when winbind was loaded

i had the same problem, you need to run the usrmerge the ups files are in the wrong location

RE: Unable to use Network UPS Tools to monitor my UPS

i can map shares from the windows 10 clients, but they devices in the workgroup are no longer visible via explorerer

no active directory or ldap. just windows 10 workgroup and linux clients

well, thank you.... at no point did you say, why did you enable wins.

You said why did you add that .given i have been talking the whole time about the name resolve order.....

one assumes you are talking about the same option that i have been.

Would have been easier to ask me in the first instance, about enabling wins.

am trying to connect windows 10, linux clients to the nas via the cifs shares

i disabled wins, and took out the name resolve order. It seems to have made some things come to life.

I do however get the following errors now: -

winbindd[1466]: idmap range not specified

smbd[1376]: WARNING: Failed to create BUILTIN\Administrators group! Can Winbind allocate gids?

WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?

I am also getting smb_audit journal entries with permissions now, which i wasn't getting before.

SMBD Empty Logs & no smbd_audit.log

But i still see nothing under system logs / smb/cifs audit.

i assume you to be antagonising because you are suffering cabin fever.

if you can't tell me why wins_registration is timing out on 127.0.0.1, i can't tell you why i have to put wins first.

obviously it is something to do with localhost and if i knew the answer, i wouldn't spend my time trying to find the solution here.

i am adding that option, because the default is

host wins lmhost bcast

and with that i get the error as described above (for the 3rd time).

if i add the option as

wins host lmhost bcast

i do not get the error.

did you not read my response? If i don't put wins first, i get the following error

"wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.24.10"

if i put wins first, i do not get that error

if i don't make the order "wins host lmhosts bcast" i get the following error

nmbd[984]: [2020/05/04 22:45:19.109990, 2] ../source3/nmbd/nmbd_nameregister.c:193(wins_registration_timeout)

nmbd[984]: wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.24.10

I see in openmediavault/deb/openmediavault/usr/share/openmediavault/engined/inc/90logfilespec.inc that logging in syslog should be via the file smb_audit.log

\OMV\System\LogFileSpec::registerSpecification("smbdaudit", [
  "command" => "export SYSTEMD_COLORS=0; journalctl --quiet --no-pager ".
    "--priority='notice' SYSLOG_FACILITY=23 SYSLOG_IDENTIFIER='smbd_audit' ".
    "--output=short",
  "filename" => "smbd_audit.log",

In my OMV4->5 upgraded system, get the standard samba log files created, but they are all with 0 bytes size.

I don't find any configuration element instructing smbd that logging should be via syslog.

In fact smb.conf shows under global

log level = 1

log file = /var/log/samba/log.%m

I don't know if i am missing some part of the config having upgraded from OMV4->5 or this is a bug, or what.

But i don't see how samba is supposed to know where the logging should be, because i find nothing pointing to smb_audit.log,

But oddly enough, it seems to be trying to write yet has permissions problems.

root@nas:/etc/samba# systemctl status smbd
● smbd.service - Samba SMB Daemon
   Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2020-05-04 06:35:03 CEST; 11h ago
     Docs: man:smbd(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 1477 (smbd)
   Status: "smbd: ready to serve connections..."
    Tasks: 4 (limit: 4915)
   Memory: 14.7M
   CGroup: /system.slice/smbd.service
           ├─ 1477 /usr/sbin/smbd --foreground --no-process-group
           ├─ 1507 /usr/sbin/smbd --foreground --no-process-group
           ├─ 1508 /usr/sbin/smbd --foreground --no-process-group
           └─30915 /usr/sbin/smbd --foreground --no-process-group

smbd[30915]: [2020/05/04 15:57:36.366110,  1] ../source3/smbd/service.c:529(make_connection_snum)
smbd[30915]:   create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
smbd_audit[30915]: [2020/05/04 16:57:43.413397,  1] ../source3/smbd/service.c:346(create_connection_session_info)
smbd_audit[30915]:   create_connection_session_info: guest user (from session setup) not permitted to access this share (nas_home)
smbd_audit[30915]: [2020/05/04 16:57:43.413548,  1] ../source3/smbd/service.c:529(make_connection_snum)
smbd_audit[30915]:   create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
smbd_audit[30915]: [2020/05/04 16:57:43.414783,  1] ../source3/smbd/service.c:346(create_connection_session_info)
smbd_audit[30915]:   create_connection_session_info: guest user (from session setup) not permitted to access this share (nas_home)
smbd_audit[30915]: [2020/05/04 16:57:43.414876,  1] ../source3/smbd/service.c:529(make_connection_snum)
smbd_audit[30915]:   create_connection_session_info failed: NT_STATUS_ACCESS_DENIED

On a side note, i get the below error/warning in my logs.

smbd[1477]: [2020/05/04 06:35:01.846371, 1] ../source3/profile/profile_dummy.c:30(set_profile_level)

smbd[1477]: INFO: Profiling support unavailable in this build.

I was under the impression "--no-process-group" was supposed to suppress that

The is a removable drive i use for the usbbackup