[Samba] Samba authentication logs
Elton Agolli
elton.agolli at gmail.com
Tue Feb 7 09:15:06 UTC 2017
Hi all,
I am running a Samba 4.2.14 Active Directory server on Debian and it is
working fine. I have Windows workstations, Linux servers and some web
services authenticate against the Samba AD. The only thing that I am
missing is a proper logging for the authentication events on this system.
Especially in case of web services, which are using LDAP authentication
against Samba, from the logs I can only see that there is a request for a
certain user to authenticate and then the result which might be OK or
WRONG.... but no info about the machine or IP initiating the request.
Below is an example:
*[2017/02/07 10:06:44.584159, 5]
../source4/auth/ntlm/auth.c:438(auth_check_password_recv)*
* auth_check_password_recv: sam_ignoredomain authentication for user
[DOMAIN\user] succeeded*
Raising the logging level does not seem to help getting any more details.
In addition, I would like to have audit logs for important events, like for
example when administrators or users themselves change passwords. These do
not seem to leave any trace at all in the system.
Am I missing something in my config (smb.conf ..) or is this the expected
behavior of the system?
Is there a way to get more detailed authentication logs?
Thanks,
Elton
More information about the samba
mailing list