[Samba] Re: Sarbanes-Oxley headaches

Tony Earnshaw tonye at billy.demon.nl
Sat May 14 10:29:48 GMT 2005 

fre, 13.05.2005 kl. 20.51 skrev Robert Kelly:

> >>1) Logon/Logoff times are not being recorded
> >>	The last logon time recorded in my ldap entries are pre-nt4 migration.
> > Bad luck?
> 
> By bad luck, do you mean your sambaLogonTime and sambaLogoffTime
> attributes are get updated?

They don't get updated with Samba 3.0.14a and ldapsam backend.

> >>2) Do the Audit Policy values in user manager have any effect?
> >>	Are they implemented?
> >>	Can they be syslogged?
> >
> > No to both, please read the official Samba HOWTOs. Experiment. Like we
> > all have to.
> >
> Thanks, I didn't see any mention of audit policy only account and user
> rights.

This is "more or less" covered in the Samba HOWTO html doc, chapter 14
on ACLs "Viewing File Security on a Samba Share", where it says that
auditing doesn't work. Verifying this from a Windows ws confirms it.

> >>3) How can I get a hook into logons?
> >>	Without turning up the debug values, how can I tell if an account has
> >>had repeated login failures?
> > 
> > 
> > Try 'man pdbedit' and search for "-P". 

Hmmm ... a bit short winded. If you use ldapsam backend and a GUI tool
such as GQ you can see it literally under the sambaBadPasswordCount
attribute. Using ldapsearch from the CLI you can get a list, for all
users. It will be zeroed out, though, at the next successful login.

> > I have never understood why people complain about any item of software's
> > supposed limitations until they have read and thoroughly understand all
> > aspects of all the documentation. Perhaps they aspire toward posthumous
> > beatification, attaining al martyrs' brigade status or whatever.
> > 
> 
> Again, I'm aware of the account policies, how to view and set them. I'm
> asking about the auditing policies e.g. logon/logoff success or failure.

There are very few possibilities in Samba. What you ask you can get, at
least using the ldapsam backend.

> Thanks for your input Tonni. I've been using samba as our production
> fileservers for years and migrated our NT4 domain to Samba/ldapsam last
> August. It's been running great, but with the SOX audits, I don't have
> answers for them about the audit functions.

I just now learned about SOX audits. Being European, they don't apply to
"us" - I'm having to do some reading up. From what I've seen to date,
Samba has minimal auditing capability, but one of the more clued-up
people could comment more fully on this, would be useful if they could..

>  Of course I have gone
> through the documentation and googled. I'm posting to this forum because
> the information I needed wasn't found there. The documentation is
> excellent and without it I wouldn't have even thought about migrating
> domain control to samba. What I don't want is the auditors to make a
> recommendation to migrate from samba to Active Directory just because of
> the missing audit functions.

I understand that now. All that I can say is, that using LDAP as pdb
backend, together with an LDAP client GUI such as GQ will demonstrate
many things graphically that are not easily envisaged otherwise.

Best,

--Tonni

-- 
Nothing sucksseeds like a pigeon without a beak ...

mail: tonye at billy.demon.nl
http://www.billy.demon.nl
 
They'll love us, won't they? They feed us, don't they? ...

More information about the samba mailing list