[Samba] unable to see event viewer on DC
Andrew Bartlett
abartlet at samba.org
Mon Dec 5 15:53:33 UTC 2016
On Mon, 2016-12-05 at 16:40 +0100, Stefan via samba wrote:
> Thanks a lot for your response. Just to sum up, there are no way to
> get the
> audit logs? For me it doesn't really matter if I use event viewer or
> if it
> gets logged to a regular log file.
Audit logs, such as they are, are logged to the log.samba log file for
the AD DC, per 'log file = ' in your smb.conf.
> But if there are no way to get the audit
> logged at all this might be a show stopper for us.
> The way I have implemented this is via a GPO that applies to the
> computer
> account and I want to audit password change events. The events does
> not
> show up in the local event viewer at the windows host. Thanks in
> advance :-)
We don't parse or honour GPOs on the AD DC. These only apply to
Windows clients. Set the log level in the smb.conf instead.
Andrew Bartlett
> On December 5, 2016 4:35:16 PM Andrew Bartlett <abartlet at samba.org>
> wrote:
>
> >
> > On Mon, 2016-12-05 at 12:39 +0100, Stefan via samba wrote:
> > >
> > >
> > >
> > > Hi
> > >
> > > I am trying to enable auditing and see logs (events) on the DC
> > > (samba4
> > > on debian jessie). I am trying to follow/understand
> > > https://wiki.samba.org/index.php/Event_Logging [1] but with no
> > > success.
> > > I have edited smb.conf and restarted samba daemon. When trying to
> > > connect DC using event viewer on a windows server connected to
> > > the
> > > domain as administrator user, I get error: The procedure number
> > > is
> > > out
> > > of range(1745). Anyone knows why, or what I can do to solve it?
> >
> > Sadly even if the RPC error was resolved, no events are logged. We
> > write to log.samba, but the AD DC does not to 'event log'. We know
> > this would be desirable, because I've had customers ask me what
> > would
> > be involved to implement it, as there are GUIs and tools that can
> > parse
> > those logs, but there are not currently any plans to implement
> > that.
> >
> > Thanks,
> >
> > Andrew Bartlett
> >
> > --
> > Andrew Bartlett http://samba.org/~abartlet/
> > Authentication Developer, Samba Team http://samba.org
> > Samba Developer, Catalyst IT http://catalyst.net.nz/servic
> > es/samba
> >
>
>
>
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list