[Samba] Samba authentication logs

Andrew Martin amartin at xes-inc.com
Tue Feb 7 15:15:23 UTC 2017

----- Original Message -----
> From: "samba" <samba at lists.samba.org>
> To: "samba" <samba at lists.samba.org>
> Sent: Tuesday, February 7, 2017 3:15:06 AM
> Subject: [Samba] Samba authentication logs

> Hi all,
> I am running a Samba 4.2.14 Active Directory server on Debian and it is
> working fine. I have Windows workstations, Linux servers and some web
> services authenticate against the Samba AD. The only thing that I am
> missing is a proper logging for the authentication events on this system.
> Especially in case of web services, which are using LDAP authentication
> against Samba, from the logs I can only see that there is a request for a
> certain user to authenticate and then the result which might be OK or
> WRONG.... but no info about the machine or IP initiating the request.
> Below is an example:
> *[2017/02/07 10:06:44.584159,  5]
> ../source4/auth/ntlm/auth.c:438(auth_check_password_recv)*
> *  auth_check_password_recv: sam_ignoredomain authentication for user
> [DOMAIN\user] succeeded*
> Raising the logging level does not seem to help getting any more details.
> In addition, I would like to have audit logs for important events, like for
> example when administrators or users themselves change passwords. These do
> not seem to leave any trace at all in the system.
> Am I missing something in my config (smb.conf ..) or is this the expected
> behavior of the system?
> Is there a way to get more detailed authentication logs?

See my recent post to the mailing list for at least a partial answer:

In short, this type of logging has not been implemented yet. I would also
find it very useful.


More information about the samba mailing list