Question

Can I monitor user operations (read, write, delete) on shares?

Answer

Samba (and therefore UCS) provide several ways to get user operations logged.
Note: When logging user operations this way make sure to be compliant to privacy regulations!

• Activate Kerberos logging (to be found in /var/log/samba/log.samba)

ucr set kerberos/defaults/debug=4
/etc/init.d/samba restart

• Adjust Samba logging for auth component to /var/log/samba/*
ucr set samba/debug/level="1 auth:4"
• Use GPO-Logonscript to write a log entry on logon See this article.
• Starting with UCS 4.3 there is an improve logging of authentication events.
• Last there is a Samba-Modul