[Samba] force samba 4.12.5 to log failed and succeeding authentication

karel.de.macil at free.fr karel.de.macil at free.fr
Thu Sep 17 10:16:11 UTC 2020

Le 16/09/2020 20:04, Andrew Bartlett via samba a écrit :
> https://wiki.samba.org/index.php/Setting_up_Audit_Logging
> See eg (for password changes)
> dsdb_password_json_audit:4@/var/log/samba/password.log
> Sadly not yet fully documented in:
> https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server#Setting_Individual_Log_Levels_for_Debug_Classes
> (but feel free to fix that).  I think it is in the man smb.conf
> Andrew Bartlett

I have just try to add
log level = 1 auth_audit:7@/var/log/samba/log.auth_audit

to my smb.conf but no luck on this either , this indeed create a 
/var/log/samba/log.auth_audit who stay definetly empty...
even after auth attempt. And still after a failed or successfull attempt 
there is no trace in the log of the ip of the pc
where the failed/successfull attempt occur, the name of the computer, or 
the name of the account used, just nothing.

I have read and try you comment as well as this page :


but despite all my effort there is no message like :

[2017/07/04 21:07:41.410381,  4, pid=21757] 
   Successful AuthZ: [SMB2,krb5] user [SAMDOM]\[Administrator] 
[S-1-5-21-469703510-2364959079-1506205053-500] at [Di, 04 Jul 2017 
21:07:41.410364 CEST] Remote host [ipv4:] local host 

who appear in my log.

Thing that can play a role in y situation (or not)

i have 2 DC in different version, the one who is FMSO for all role is 
4.12.5 the other is much older. but i can't see any log in any of em.
i have pass GPO to enable log of authentication attemps on client side 
via :
Policies -> Windows Settings -> Security Settings -> Local Policies -> 
Audit Policy

> On Wed, 2020-09-16 at 16:50 +0200, karel de macil via samba wrote:
>> Hi all,
>> i'm strugling since a few hours to find what i can do to have some
>> debug
>> information in samba on succesfull or unsccessful login attempt.
>> I'm running the standard bulleye samba deb package.
>> Systemd is installed and see some thing , but whatever i put in
>> smb.conf
>> It seems like i can't have access to those information.
>> i have allready try :
>> -log level = 1 auth:5 winbind:5
>> -log level = 5
>> -log level = 10
>> neither the ip or the name of successful or unsuccessful login
>> attempt
>> appear in any place.
>> nor in journalctl -u samba-ad-dc nor in any file in /var/log/samba/
>> can any one help me on this one ?
>> best regards
> --
> Andrew Bartlett                       https://samba.org/~abartlet/
> Authentication Developer, Samba Team  https://samba.org
> Samba Developer, Catalyst IT
> https://catalyst.net.nz/services/samba

More information about the samba mailing list