I need to be able to log all security information, like the creation of new users, changes of password, users added to groups. I tried to extract this from the samba logs. To no success. Also the creation of a user is not written to the logs clearly. There is only an entry of the request of the administrator to change the password of (this newly created) user. Nor can I find logoff times of users. My smb.conf includes the statements 'log level = 5' 'event log list = Application Syslog Security SyslogLinux' I had a look at the logs of the Samba server in the computer management on a Windows station. That application mentions the logs, but refuses to show them, because the RPC server should be not available. Is scanning the log files the right way to get all this information? Or should the event log via RSAT be the method, or maybe reading the .tdb files ? Any help will greatly be appreciated. Paul Wiebes