Web lists-archives.com

Re: [Samba] kpasswd_samdb_set_password: domain\user (S-...) is changing password of user@domain




On Fri, 2018-09-14 at 11:01 -0400, Bill Baird via samba wrote:
> Hi All,
> 
> I'm prepping for a classicupgrade and noticed that if I set log level
> = 5,
> I get a log like this when we update a password for a user:
> 
> *kpasswd_samdb_set_password: DOMAIN\username(S--x-x-x-xxx-xxx-xxxx)
> is
> changing password of username@domain*
> 
> I can't seem to figure out what debug class I need to enable to still
> get
> this alert, but still set my default logging to 1.
> 
> Thanks in advance for any help!

Samba 4.9 includes comprehensive audit logging under specific debug
classes.

That is your best bet for finding these easily, and the JSON version is
great for auditing because it can be reliably parsed. 

 
https://wiki.samba.org/index.php/Samba_4.9_Features_added/changed#Password_change_audit_support

Password change audit support

Password changes in the AD DC are now logged to Samba's debug logs
under the "dsdb_password_audit" debug class and
"dsdb_password_json_audit" for JSON formatted log entries.

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba