[Samba] unable to see event viewer on DC

Stefan stefan at tjugotre.se
Mon Dec 5 15:40:38 UTC 2016

Thanks a lot for your response. Just to sum up, there are no way to get the 
audit logs? For me it doesn't really matter if I use event viewer or if it 
gets logged to a regular log file. But if there are no way to get the audit 
logged at all this might be a show stopper for us.
The way I have implemented this is via a GPO that applies to the computer 
account and I want to audit password change events. The events does not 
show up in the local event viewer at the windows host. Thanks in advance :-)

On December 5, 2016 4:35:16 PM Andrew Bartlett <abartlet at samba.org> wrote:

> On Mon, 2016-12-05 at 12:39 +0100, Stefan via samba wrote:
>> Hi 
>> I am trying to enable auditing and see logs (events) on the DC
>> (samba4
>> on debian jessie). I am trying to follow/understand
>> https://wiki.samba.org/index.php/Event_Logging [1] but with no
>> success.
>> I have edited smb.conf and restarted samba daemon. When trying to
>> connect DC using event viewer on a windows server connected to the
>> domain as administrator user, I get error: The procedure number is
>> out
>> of range(1745). Anyone knows why, or what I can do to solve it? 
> Sadly even if the RPC error was resolved, no events are logged.  We
> write to log.samba, but the AD DC does not to 'event log'.  We know
> this would be desirable, because I've had customers ask me what would
> be involved to implement it, as there are GUIs and tools that can parse
> those logs, but there are not currently any plans to implement that.  
> Thanks,
> Andrew Bartlett
> -- 
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list