[Samba] Samba authentication logs

Andrew Bartlett abartlet at samba.org
Tue Feb 7 10:09:00 UTC 2017

On Tue, 2017-02-07 at 10:15 +0100, Elton Agolli via samba wrote:
> Hi all,
> I am running a Samba 4.2.14 Active Directory server on Debian and it
> is
> working fine. I have Windows workstations, Linux servers and some web
> services authenticate against the Samba AD. The only thing that I am
> missing is a proper logging for the authentication events on this
> system.
> Especially in case of web services, which are using LDAP
> authentication
> against Samba, from the logs I can only see that there is a request
> for a
> certain user to authenticate and then the result which might be OK or
> WRONG.... but no info about the machine or IP initiating the request.
> Below is an example:
> *[2017/02/07 10:06:44.584159,  5]
> ../source4/auth/ntlm/auth.c:438(auth_check_password_recv)*
> *  auth_check_password_recv: sam_ignoredomain authentication for user
> [DOMAIN\user] succeeded*
> Raising the logging level does not seem to help getting any more
> details.
> In addition, I would like to have audit logs for important events,
> like for
> example when administrators or users themselves change passwords.
> These do
> not seem to leave any trace at all in the system.
> Am I missing something in my config (smb.conf ..) or is this the
> expected
> behavior of the system?
> Is there a way to get more detailed authentication logs?

Sadly not at this stage.  You can get more detail as you turn up the
debug level, but not a clear picture of all the details you need.  I
hope to address this soon - I've had requests for this from a couple of
clients recently so hopefully Samba 4.7 will finally have decent
logging here.

I hope this helps a little,

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list