[PATCH] samba3 auditing server-side

Stefan (metze) Metzmacher metze at samba.org
Wed Apr 12 07:33:44 GMT 2006

Hash: SHA1

Guenther Deschner schrieb:
> Hi,
> Jeremy, Lars and me recently discussed how we could have exact tracking of
> auditable events in the samba3 code. As we now understand better how to
> remotely manage auditing policies, here is draft patch of how we could do
> the server-side of auditing.
> The patch just works for ldapsam (the auditing settings are replicated
> between DCs). That way, we could add the matching audit events with the
> correct event IDs (which are mostly well known and documented) using
> AUDIT_SUCCESS/AUDIT_FAILURE calls where appropriate in a very similar
> manner as windows does. 
> It would be then rather easy to have a kind of "audit backend" parameter
> to send the audit events not only to the DEBUG macro but also to syslog or
> any other kind of auditing framework. 

Hi Guenther,

does this auditing also has to do with the SACL auditing or is this
completly different?

Does Windows machines return NT_STATUS_AUDIT_FAILED to the client,
if the auditing fails? Maybe AUDIT_SUCCESS() and AUDIT_FAILURE() should
be just void functions...


Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba-technical mailing list