[Samba] dsdb_password_json_audit and samba-tool

Robert Marcano robert at marcanoonline.com
Thu Aug 20 22:24:32 UTC 2020


Samba documentation states:

   Password changes and Password resets are logged under 
dsdb_password_audit and a JSON representation is logged under the 

I have enabled

   log level = 0 dsdb_password_json_audit:4@/var/log/samba/password.log

and then tried a password change using

   samba-tool user setpassword <user>

but no log entry was added. I wonder if samba-tool generated password 
changes aren't logged because it wasn't generated by one of the AD RPC 

I am trying to detect if some rogue sysadmin is changing passwords. 
Thanks in advance.

More information about the samba mailing list