Web lists-archives.com

Re: [Samba] Samba authentication logs




----- Original Message -----
> From: "samba" <samba@xxxxxxxxxxxxxxx>
> To: "samba" <samba@xxxxxxxxxxxxxxx>
> Sent: Tuesday, February 7, 2017 3:15:06 AM
> Subject: [Samba] Samba authentication logs

> Hi all,
> 
> I am running a Samba 4.2.14 Active Directory server on Debian and it is
> working fine. I have Windows workstations, Linux servers and some web
> services authenticate against the Samba AD. The only thing that I am
> missing is a proper logging for the authentication events on this system.
> Especially in case of web services, which are using LDAP authentication
> against Samba, from the logs I can only see that there is a request for a
> certain user to authenticate and then the result which might be OK or
> WRONG.... but no info about the machine or IP initiating the request.
> 
> Below is an example:
> 
> *[2017/02/07 10:06:44.584159,  5]
> ../source4/auth/ntlm/auth.c:438(auth_check_password_recv)*
> *  auth_check_password_recv: sam_ignoredomain authentication for user
> [DOMAIN\user] succeeded*
> 
> Raising the logging level does not seem to help getting any more details.
> 
> In addition, I would like to have audit logs for important events, like for
> example when administrators or users themselves change passwords. These do
> not seem to leave any trace at all in the system.
> Am I missing something in my config (smb.conf ..) or is this the expected
> behavior of the system?
> Is there a way to get more detailed authentication logs?
> 
Elton,

See my recent post to the mailing list for at least a partial answer:
https://lists.samba.org/archive/samba/2017-February/206307.html

In short, this type of logging has not been implemented yet. I would also
find it very useful.

Andrew

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba