[Samba] Sarbanes-Oxley headaches

Stuart Highlander fsb at ntwsdb.com
Fri May 13 14:36:53 GMT 2005


----- Original Message ----- 
From: "Tony Earnshaw" <tonye at billy.demon.nl>
To: <samba at lists.samba.org>
Sent: Thursday, May 12, 2005 12:55 PM
Subject: Re: [Samba] Sarbanes-Oxley headaches


> tor, 12.05.2005 kl. 18.54 skrev Robert Kelly:
>
> > With the new scrutinization by auditors on account policies and
> > auditing, how can Samba be SOX compliant?
> > Using 3.0.14a-sernet on Suse 9.1 - ldapsam
> >
> > Specifically, a couple of things seem to be lacking:
> >
> > 1) Logon/Logoff times are not being recorded
> > The last logon time recorded in my ldap entries are pre-nt4 migration.
>
> Bad luck?
>
> > 2) Do the Audit Policy values in user manager have any effect?
> > Are they implemented?
> > Can they be syslogged?
>
> No to both, please read the official Samba HOWTOs. Experiment. Like we
> all have to.
>
> > 3) How can I get a hook into logons?
> > Without turning up the debug values, how can I tell if an account has
> > had repeated login failures?
>
> Try 'man pdbedit' and search for "-P".
>
> I have never understood why people complain about any item of software's
> supposed limitations until they have read and thoroughly understand all
> aspects of all the documentation. Perhaps they aspire toward posthumous
> beatification, attaining al martyrs' brigade status or whatever.
>
> > Thanks,
>
> *Wake up* and at least make *some effort* to read the docs and follow
> the threads and experiment for yourself as 1001 others on this list,
> including the undersigned choose to do. Hanging yourself out is not to
> your own advantage.
>
> --Tonni

i had an examiner yesterday ask similar questions about my system yesterday.
thank you for direction to the pdbedit manpage.

suppose i wanted to set up account lockout for 3 failed login attempts for
my w2k workstations with the ability to try again in 5 minutes.  would these
be the commands to use:

pdbedit -P "bad lockout attempt" -C 3
pdbedit -P "reset count minutes" -C 5

as for logging some of the requests of the original poster, i have found a
free program that will log the windows event log to a remote syslog server.
here is the link:

http://www.netadmintools.com/art284.html

stu



More information about the samba mailing list