I have a ubuntu samba server on my network and almost 70% of the office employee uses it everyday. It is not secured (free public shares) and anyone on my network can access it. As the office is expanding i need to secure it.
Is it possible to trace the user's history? Something like i can view the file he dumped, copied, or deleted. From what computer he logged in to use the file sharing server.
April 7th, 2011, 06:03 PM
Check out the logs in /var/log/samba/
Typically you can see from what IP a user logged in from, and what shares they have requested. However I'm not sure if even increasing the logging level would get you individual file access. You could always set something like "log level = 10" in the "[global]" section of your samba config file, and see if it records your needed information, then start lowering it to see what the lowest log level you can have while still getting your needed information.
You also may may want to look at the command "smbstatus" which would tell tell you what shares are currently being accessed etc...
As a last resort you could try doing something like these guys http://www.linuxjournal.com/article/7251 and edit samba's source code to add your own logging lines. This just becomes a larger pain having to then manually patch, and compile your samba code with every security issue that is found but if you've got the man power then it is certainly an option.
Samba has a ton of useful documentation out there. Here are two helpful resources if you need more configuration help with samba.