[Samba] audit logging
Edouard Guigné
eguigne at pasteur-cayenne.fr
Wed Jul 24 14:31:23 UTC 2019
Hello,
I have set up audit logging and I find many entries of this type :
./auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [SMB2,(null)] user [MYDOMAIN]\[MYWORKSTATION$] at [mar., 23 juil. 2019 07:49:43.486619 -03] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [MYWORKSTATION] remote host [ipv4:10.x.x.x:49472] mapped to [MYDOMAIN]\[MYWORKSTATION$]. local host
What does it mean ?
When a domain user connect to the share, I find entries of this type :
../auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [SMB2,(null)] user [MYDOMAIN]\[user1] at [mar., 23 juil. 2019 11:03:23.304088 -03] with [NTLMv2] status [NT_STATUS_OK] workstation [MYWORKSTATION] remote host [ipv4:10.x.x.x:50090] became [MYDOMAIN]\[user1]
EdG
More information about the samba
mailing list