[Samba] DSDB Audit of User Creation/Deletion on Samba DC

Andrew Bartlett abartlet at samba.org
Thu Feb 24 23:06:39 UTC 2022 

That really should be logged then.

No idea right now on what is going on, you will have to dig further.

Andrew,

On Thu, 2022-02-24 at 22:36 +0000, Joseph Bell wrote:
> Thanks Andrew.  I actually use the AD DS RSAT tools on a Windows
> server that point to my Samba Domain Controller.  It has worked
> beautifully thus far.
>  
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Thursday, February 24, 2022 at 4:30 PM
> To: Joseph Bell <joe at iachieved.it>, samba at lists.samba.org <
> samba at lists.samba.org>
> Subject: Re: [Samba] DSDB Audit of User Creation/Deletion on Samba DC
> 
> On Thu, 2022-02-24 at 22:26 +0000, Joseph Bell via samba wrote:
> > I run Samba 4.13 on an Ubuntu 20.04 LTS server as an Active
> Directory
> > Domain Controller, and one of my compliance responsibilities is to
> > log and audit user creation, deletion, and modification (group
> member
> > changes).  I thought I could accomplish this with:
> > 
> > log level = 1 dsdb_json_audit:5 dsdb_password_json_audit:5
> > dsdb_group_json_audit:5 dsdb_transaction_json_audit:5
> > 
> > in smb.conf, and indeed, I do receive a lot of dsdbChange and
> > groupChange notifications in log.samba.  Further testing of this
> > though leads me to believe that I either have something missing or
> > user creation is not logged as a dsdb change.
> > 
> > My question is whether or not that is true, in which case how do I
> > log user creation, and if it isn’t true, what am I missing in my
> > configuration?
> 
> How do you create the users?  If you use command-line tools locally,
> then local access as root won't be logged to log.samba, it will be
> logged to the terminal (this wasn't made a priority to address as the
> root user could just turn off the logs anyway).
> 
> Perhaps your sudo logging might capture these, or use root less and
> do
> remote operations to add users.
> 
> Andrew Bartlett
> 
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

More information about the samba mailing list