samba - Oct 2016 - logging

Hello all :-)

there is a way to put (or better duplicate) authentication failures of 
users to /var/log/syslog and also add its ip?

ie: in /var/log/samba/ I have:

192.168.32.67.log with:

[2016/10/15 15:20:22.250647,  2] 
../source3/auth/auth.c:305(auth_check_ntlm_password)
   check_ntlm_password:  authentication for user [psycheye] -> [admin] 
-> [admin] succeeded
(END)

I'd like have this line inside /var/log/syslog with also IP of client 
(192.168.32.67)

is it possibile?

thanks all for help!

Pol

Hi,

On 10/15/2016 03:27 PM, Pol Hallen via samba wrote:
> Hello all :-)
>
> there is a way to put (or better duplicate) authentication failures of
> users to /var/log/syslog and also add its ip?
>
> ie: in /var/log/samba/ I have:
>
> 192.168.32.67.log with:
>
> [2016/10/15 15:20:22.250647,  2]
> ../source3/auth/auth.c:305(auth_check_ntlm_password)
>   check_ntlm_password:  authentication for user [psycheye] -> [admin]
->
> [admin] succeeded
> (END)
As far as we know, NO. :-( This question keeps coming up, and I think 
it's one of the biggest shortcomings of samba today.

This kind of info is essential in a corporate environment.

I tried to modify samba once to include ip in the logs, but as I'm no 
programmer, my attempts failed spectacularly. :-(

Maybe we could put some money together, to sponsor this? No idea what 
kind of money would be required, though...

MJ