[Samba] unable to see event viewer on DC

Andrew Bartlett abartlet at samba.org
Mon Dec 5 15:53:33 UTC 2016


On Mon, 2016-12-05 at 16:40 +0100, Stefan via samba wrote:
> Thanks a lot for your response. Just to sum up, there are no way to
> get the 
> audit logs? For me it doesn't really matter if I use event viewer or
> if it 
> gets logged to a regular log file. 

Audit logs, such as they are, are logged to the log.samba log file for
the AD DC, per 'log file = ' in your smb.conf.

> But if there are no way to get the audit 
> logged at all this might be a show stopper for us.
> The way I have implemented this is via a GPO that applies to the
> computer 
> account and I want to audit password change events. The events does
> not 
> show up in the local event viewer at the windows host. Thanks in
> advance :-)

We don't parse or honour GPOs on the AD DC.  These only apply to
Windows clients.  Set the log level in the smb.conf instead.

Andrew Bartlett

> On December 5, 2016 4:35:16 PM Andrew Bartlett <abartlet at samba.org>
> wrote:
> 
> > 
> > On Mon, 2016-12-05 at 12:39 +0100, Stefan via samba wrote:
> > > 
> > >  
> > > 
> > > Hi 
> > > 
> > > I am trying to enable auditing and see logs (events) on the DC
> > > (samba4
> > > on debian jessie). I am trying to follow/understand
> > > https://wiki.samba.org/index.php/Event_Logging [1] but with no
> > > success.
> > > I have edited smb.conf and restarted samba daemon. When trying to
> > > connect DC using event viewer on a windows server connected to
> > > the
> > > domain as administrator user, I get error: The procedure number
> > > is
> > > out
> > > of range(1745). Anyone knows why, or what I can do to solve it? 
> > 
> > Sadly even if the RPC error was resolved, no events are logged.  We
> > write to log.samba, but the AD DC does not to 'event log'.  We know
> > this would be desirable, because I've had customers ask me what
> > would
> > be involved to implement it, as there are GUIs and tools that can
> > parse
> > those logs, but there are not currently any plans to implement
> > that.  
> > 
> > Thanks,
> > 
> > Andrew Bartlett
> > 
> > -- 
> > Andrew Bartlett                       http://samba.org/~abartlet/
> > Authentication Developer, Samba Team  http://samba.org
> > Samba Developer, Catalyst IT          http://catalyst.net.nz/servic
> > es/samba
> > 
> 
> 
> 
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba mailing list