[Samba] DSDB Audit of User Creation/Deletion on Samba DC

Andrew Bartlett abartlet at samba.org
Thu Feb 24 22:30:13 UTC 2022

On Thu, 2022-02-24 at 22:26 +0000, Joseph Bell via samba wrote:
> I run Samba 4.13 on an Ubuntu 20.04 LTS server as an Active Directory
> Domain Controller, and one of my compliance responsibilities is to
> log and audit user creation, deletion, and modification (group member
> changes).  I thought I could accomplish this with:
> log level = 1 dsdb_json_audit:5 dsdb_password_json_audit:5
> dsdb_group_json_audit:5 dsdb_transaction_json_audit:5
> in smb.conf, and indeed, I do receive a lot of dsdbChange and
> groupChange notifications in log.samba.  Further testing of this
> though leads me to believe that I either have something missing or
> user creation is not logged as a dsdb change.
> My question is whether or not that is true, in which case how do I
> log user creation, and if it isn’t true, what am I missing in my
> configuration?

How do you create the users?  If you use command-line tools locally,
then local access as root won't be logged to log.samba, it will be
logged to the terminal (this wasn't made a priority to address as the
root user could just turn off the logs anyway).

Perhaps your sudo logging might capture these, or use root less and do
remote operations to add users.

Andrew Bartlett

Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba mailing list