[Samba] DSDB Audit of User Creation/Deletion on Samba DC
joe at iachieved.it
Thu Feb 24 22:26:36 UTC 2022
I run Samba 4.13 on an Ubuntu 20.04 LTS server as an Active Directory Domain Controller, and one of my compliance responsibilities is to log and audit user creation, deletion, and modification (group member changes). I thought I could accomplish this with:
log level = 1 dsdb_json_audit:5 dsdb_password_json_audit:5 dsdb_group_json_audit:5 dsdb_transaction_json_audit:5
in smb.conf, and indeed, I do receive a lot of dsdbChange and groupChange notifications in log.samba. Further testing of this though leads me to believe that I either have something missing or user creation is not logged as a dsdb change.
My question is whether or not that is true, in which case how do I log user creation, and if it isn’t true, what am I missing in my configuration?
Thanks for any insights.
More information about the samba