Re: [Samba] kpasswd_samdb_set_password: domain\user (S-...) is changing password of user@domain
- Date: Fri, 14 Sep 2018 13:19:33 -0400
- From: Bill Baird via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] kpasswd_samdb_set_password: domain\user (S-...) is changing password of user@domain
Is there a way to translate the userSid into a human readable format, so I
don't have to look it up each time?
For now, my workaround for now is to set my log level to 5, but then turn
lots of stuff down to 1 manually. Like this:
log level = 5 tdb:1 printdrivers:1 lanman:1 smb:1 rpc_parse:1 rpc_srv:1
rpc_cli:1 passdb:1 sam:1 auth:1 winbind:1 vfs:1 idmap:1 quota:1 acls:1
locking:1 msdfs:1 dmapi:1 registry:1 scavenger:1 dns:1 ldb:1 tevent:1
auth_audit:5 auth_json_audit:5 kerberos:1 drs_repl:1 smb2:1 smb2_credits:1
dsdb_audit:5 dsdb_json_audit:5 dsdb_password_audit:5
dsdb_transaction_json_audit:5 dsdb_group_audit:5 dsdb_group_json_audit:5
On Fri, Sep 14, 2018 at 1:17 PM Andrew Bartlett <abartlet@xxxxxxxxx> wrote:
> On Fri, 2018-09-14 at 13:00 -0400, Bill Baird via samba wrote:
> > I have dsdb_password_audit:5 & dsdb_password_json_audit:5 enabled,
> > but I
> > don't get the message I included.
> Correct, that message is generated by a different system.
> > I instead get an audit log that a password was changed...but not by
> > who.
> The userSid element should be the who.
> > Was hoping to get more info in a single log entry, so I can track who
> > on my
> > staff is doing password resets and setup email alerts via my logging
> > system.
> Certainly, that is what this was built for.
> Andrew Bartlett
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT
Chief Technology Officer
Office: 845-876-8228 x311
*To create an IT ticket, please email itsupport@xxxxxxxxxxxxx
<itsupport@xxxxxxxxxxxxx> or call 845-943-4222.*
This electronic message, including its attachments (if any), is
CONFIDENTIAL and may contain PROPRIETARY or LEGALLY PRIVILEGED information.
If you are not the intended recipient, you are hereby notified that any
use, disclosure, copying, or distribution of this message, its attachments,
or any of the information included therein, is unauthorized and strictly
prohibited. If you have received this message in error, please immediately
notify the sender by reply e-mail and permanently delete this message and
its attachments, along with any copies thereof.
To unsubscribe from this list go to the following URL and read the