[Samba] dsdb_password_json_audit and samba-tool
Robert Marcano
robert at marcanoonline.com
Thu Aug 20 22:24:32 UTC 2020
Greetings.
Samba documentation states:
Password changes and Password resets are logged under
dsdb_password_audit and a JSON representation is logged under the
dsdb_password_json_audit.
I have enabled
log level = 0 dsdb_password_json_audit:4@/var/log/samba/password.log
and then tried a password change using
samba-tool user setpassword <user>
but no log entry was added. I wonder if samba-tool generated password
changes aren't logged because it wasn't generated by one of the AD RPC
calls.
I am trying to detect if some rogue sysadmin is changing passwords.
Thanks in advance.
More information about the samba
mailing list