[Samba] Auditing user privileges and password changes

Paul Wiebes pw at theipcompany.nl
Fri Aug 22 04:38:47 MDT 2014

I need to be able to log all security information, like the creation of new
users, changes of password,  users added to groups.

I tried to extract this from the samba logs. To no success.
Also the creation of a user is not written to the logs clearly.  There is
only an entry of the request of the administrator to change the password of
(this newly created) user.
Nor can I find logoff times of users.

My smb.conf includes the statements
'log level = 5'
'event log list = Application Syslog Security SyslogLinux'

I had a look at the logs of the Samba server in the computer management on
a Windows station. That application mentions the logs, but refuses to show
them, because the RPC server should be not available.

Is scanning the log files the right way to get all this information? Or
should the event log via RSAT be the method, or maybe reading the .tdb
files ?

Any help will greatly be appreciated.

Paul Wiebes

More information about the samba mailing list