[Samba] Samba authentication logs
Andrew Bartlett
abartlet at samba.org
Tue Feb 7 10:09:00 UTC 2017
On Tue, 2017-02-07 at 10:15 +0100, Elton Agolli via samba wrote:
> Hi all,
>
> I am running a Samba 4.2.14 Active Directory server on Debian and it
> is
> working fine. I have Windows workstations, Linux servers and some web
> services authenticate against the Samba AD. The only thing that I am
> missing is a proper logging for the authentication events on this
> system.
> Especially in case of web services, which are using LDAP
> authentication
> against Samba, from the logs I can only see that there is a request
> for a
> certain user to authenticate and then the result which might be OK or
> WRONG.... but no info about the machine or IP initiating the request.
>
> Below is an example:
>
> *[2017/02/07 10:06:44.584159, 5]
> ../source4/auth/ntlm/auth.c:438(auth_check_password_recv)*
> * auth_check_password_recv: sam_ignoredomain authentication for user
> [DOMAIN\user] succeeded*
>
> Raising the logging level does not seem to help getting any more
> details.
>
> In addition, I would like to have audit logs for important events,
> like for
> example when administrators or users themselves change passwords.
> These do
> not seem to leave any trace at all in the system.
> Am I missing something in my config (smb.conf ..) or is this the
> expected
> behavior of the system?
> Is there a way to get more detailed authentication logs?
Sadly not at this stage. You can get more detail as you turn up the
debug level, but not a clear picture of all the details you need. I
hope to address this soon - I've had requests for this from a couple of
clients recently so hopefully Samba 4.7 will finally have decent
logging here.
I hope this helps a little,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list