[Samba] unable to see event viewer on DC
Stefan
stefan at tjugotre.se
Mon Dec 5 15:40:38 UTC 2016
Thanks a lot for your response. Just to sum up, there are no way to get the
audit logs? For me it doesn't really matter if I use event viewer or if it
gets logged to a regular log file. But if there are no way to get the audit
logged at all this might be a show stopper for us.
The way I have implemented this is via a GPO that applies to the computer
account and I want to audit password change events. The events does not
show up in the local event viewer at the windows host. Thanks in advance :-)
On December 5, 2016 4:35:16 PM Andrew Bartlett <abartlet at samba.org> wrote:
> On Mon, 2016-12-05 at 12:39 +0100, Stefan via samba wrote:
>>
>>
>> Hi
>>
>> I am trying to enable auditing and see logs (events) on the DC
>> (samba4
>> on debian jessie). I am trying to follow/understand
>> https://wiki.samba.org/index.php/Event_Logging [1] but with no
>> success.
>> I have edited smb.conf and restarted samba daemon. When trying to
>> connect DC using event viewer on a windows server connected to the
>> domain as administrator user, I get error: The procedure number is
>> out
>> of range(1745). Anyone knows why, or what I can do to solve it?
>
> Sadly even if the RPC error was resolved, no events are logged. We
> write to log.samba, but the AD DC does not to 'event log'. We know
> this would be desirable, because I've had customers ask me what would
> be involved to implement it, as there are GUIs and tools that can parse
> those logs, but there are not currently any plans to implement that.
>
> Thanks,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
>
More information about the samba
mailing list