Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba authentication logs
357 views
Skip to first unread message
Elton Agolli via samba
Feb 7, 2017, 4:20:02 AM2/7/17
to
Hi all,
I am running a Samba 4.2.14 Active Directory server on Debian and it is
working fine. I have Windows workstations, Linux servers and some web
services authenticate against the Samba AD. The only thing that I am
missing is a proper logging for the authentication events on this system.
Especially in case of web services, which are using LDAP authentication
against Samba, from the logs I can only see that there is a request for a
certain user to authenticate and then the result which might be OK or
WRONG.... but no info about the machine or IP initiating the request.
Below is an example:
*[2017/02/07 10:06:44.584159, 5]
../source4/auth/ntlm/auth.c:438(auth_check_password_recv)*
* auth_check_password_recv: sam_ignoredomain authentication for user
[DOMAIN\user] succeeded*
Raising the logging level does not seem to help getting any more details.
In addition, I would like to have audit logs for important events, like for
example when administrators or users themselves change passwords. These do
not seem to leave any trace at all in the system.
Am I missing something in my config (smb.conf ..) or is this the expected
behavior of the system?
Is there a way to get more detailed authentication logs?
Thanks,
Elton
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I am running a Samba 4.2.14 Active Directory server on Debian and it is
working fine. I have Windows workstations, Linux servers and some web
services authenticate against the Samba AD. The only thing that I am
missing is a proper logging for the authentication events on this system.
Especially in case of web services, which are using LDAP authentication
against Samba, from the logs I can only see that there is a request for a
certain user to authenticate and then the result which might be OK or
WRONG.... but no info about the machine or IP initiating the request.
Below is an example:
*[2017/02/07 10:06:44.584159, 5]
../source4/auth/ntlm/auth.c:438(auth_check_password_recv)*
* auth_check_password_recv: sam_ignoredomain authentication for user
[DOMAIN\user] succeeded*
Raising the logging level does not seem to help getting any more details.
In addition, I would like to have audit logs for important events, like for
example when administrators or users themselves change passwords. These do
not seem to leave any trace at all in the system.
Am I missing something in my config (smb.conf ..) or is this the expected
behavior of the system?
Is there a way to get more detailed authentication logs?
Thanks,
Elton
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Andrew Bartlett via samba
Feb 7, 2017, 5:20:02 AM2/7/17
to
debug level, but not a clear picture of all the details you need. I
hope to address this soon - I've had requests for this from a couple of
clients recently so hopefully Samba 4.7 will finally have decent
logging here.
I hope this helps a little,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Andrew Martin via samba
Feb 7, 2017, 10:20:04 AM2/7/17
to
See my recent post to the mailing list for at least a partial answer:
https://lists.samba.org/archive/samba/2017-February/206307.html
In short, this type of logging has not been implemented yet. I would also
find it very useful.
Andrew
0 new messages