[Samba] dsdb_password_json_audit and samba-tool
abartlet at samba.org
Thu Aug 20 22:53:25 UTC 2020
On Thu, 2020-08-20 at 18:24 -0400, Robert Marcano via samba wrote:
> Samba documentation states:
> Password changes and Password resets are logged under
> dsdb_password_audit and a JSON representation is logged under the
> I have enabled
> log level = 0
> and then tried a password change using
> samba-tool user setpassword <user>
> but no log entry was added. I wonder if samba-tool generated
> changes aren't logged because it wasn't generated by one of the AD
> I am trying to detect if some rogue sysadmin is changing passwords.
> Thanks in advance.
Thanks for the question. As samba-tool user setpassword operates
locally on the sam.ldb, the logging is done in the tool - typically to
We realise this isn't ideal. The cop-out is that someone with local
root access can just edit the database at even lower levels anyway.
Remote password changes should be logged, say if you use -H to specify
the ldap server and the administrator password.
I hope this helps,
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
More information about the samba