Another interesting error in Samba Linux I found the in logs of a clients Linux(RedHat 9.3) box: smb_full_audit_connect: Failing to connect

A client contacted me about setting up shares in a Linux server, so Windows clients can connect. No AD lives in this environment, so I decided to setup a stand-alone Samba server. First, I needed to brew my specialty coffee from Honduras using my new Aeropress coffee maker.

Install Samba as stand-alone server

First, you need to run yum. This is for RedHat based servers:

yum install samba

After the samba install is complete you need to configure the server in the /etc/smb.conf file. The below is an essential/basic share configuration I found un an older server:

[tt]
        comment = test
        path = /var/www
        writeable = yes
        browseable = yes
;       security = user
        follow symlinks = yes
        valid users = paco, example
;        vfs objects = full_audit
;        full_audit:prefix = nasaudit|%u|%I|%m
;        full_audit:success = mkdir rmdir pwrite ulink rename
;        full_audit:failure = mkdir rmdir pwrite ulink rename

This example was not working for me and gave me the error:

smb_full_audit_connect: Invalid success operations list. Failing connect

If you see above I had to comment out some sections that start with ‘full’, ‘vfs’ ‘security’ is optional for me. In the samba config file you can comment configuration lines using ‘ ; ‘.

After making the changes you have to verify you smb.conf file syntax is OK by running this command:

testparm

You should see something like this if everything is good:

Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
	log file = /var/log/samba/log.%m
	max log size = 50
	security = USER
	server string = Samba Server Version %v
	workgroup = MYGROUP
	idmap config * : backend = tdb
	create mask = 0664
	cups options = raw
	directory mask = 0775

[tt]
	comment = test
	path = /var/www
	read only = No
	valid users = pepe example

Next, make sure you allow samba if you have firewalld enabled. If not, you can skip the below commands:

# firewall-cmd --permanent --add-service=samba
# firewall-cmd --reload

Currently, we tend to disable the firewalld in Linux RedHat at this client’s location.

Finally, enable and start the Samba service in Linux:

systemctl enable --now smb

Remember to reload or restart Samba’s configuration if you make any changes to your /etc/smb.conf file:

Reload Samba: (Samba services reload every 3min automatically)

smbcontrol all reload-config

Restart Samba: (When you change parameters such as security and others)

systemctl restart smb

There are many options in Samba these are only essential ones. You can always contact me if you have any questions.

Remember to see my cool coffee mugs and T-Shirt designs in my shop. Let me know what you think. Thanks!

Leave a comment

Your email address will not be published. Required fields are marked *