[Samba] eventlog functionality
Andrew Bartlett
abartlet at samba.org
Tue Sep 11 18:01:35 UTC 2018
On Tue, 2018-09-11 at 15:52 +0000, ray klassen via samba wrote:
> so I sent you the dump separately. and i tried a persistent drive
> mapping to \\DC\netlogon which I figured should create a more
> permanent session as you described. That worked the same.
>
> On Tuesday, 11 September 2018, 08:21:50 GMT-7, Andrew Bartlett
> via samba <samba at lists.samba.org> wrote:
>
> On Tue, 2018-09-11 at 15:14 +0000, ray klassen via samba wrote:
> >
> >
> > Yes, after further research the solution could possibly be to
> > create
> > a python script to monitor the json output in log.samba and push
> > out
> > eventlog formatted events to 'Security' with eventlogadm. Seems a
> > lot
> > of work.
> That still assumes the appliance is reading the same type of event
> log
> (because the eventlog RPC service was superseeded by eventlog6 and
> the
> WMI thin, which is the reason I asked for details).
>
> >
> > The appliance in question also supports getting the necessary info
> > via the netapi call "netsessionenum" I have tried that and a
> > wireshark dump shows samba replying with WERR_INVALID_LEVEL.
> >
> > if you could shed any light on that, I would appreciate it.
> If you could get the exact details on that, or the capture file if
> not
> confidential, that would be good.
This showed that it uses srvsvc_NetSessEnum level 10, whereas Samba
only supports level 0 and 1. Perhaps have a go at implementing level
10? It looks like just a cut down version of level 1.
source3/rpc_server/srvsvc/rpc_srvsvc_nt.c
The tests could do with some work however, they are at:
source4/torture/rpc/srvsvc.c
but don't actually check for anything, including if the call even
worked, let alone expected data...
> Note however that the Samba AD DC doesn't have a persistent
> connection
> from the client unless you mount a share, so even if it worked it
> wouldn't show up all the clients reliably.
>
> (A domain login to AD can be done with just a kerberos ticket
> exchange).
A persistent drive mapping would fix that, certainly.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list