Bill Baird
2018-Sep-14 15:01 UTC
[Samba] kpasswd_samdb_set_password: domain\user (S-...) is changing password of user@domain
Hi All, I'm prepping for a classicupgrade and noticed that if I set log level = 5, I get a log like this when we update a password for a user: *kpasswd_samdb_set_password: DOMAIN\username(S--x-x-x-xxx-xxx-xxxx) is changing password of username at domain* I can't seem to figure out what debug class I need to enable to still get this alert, but still set my default logging to 1. Thanks in advance for any help! --Bill -- -- This electronic message, including its attachments (if any), is CONFIDENTIAL and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are not the intended recipient, you are hereby notified that any use, disclosure, copying, or distribution of this message, its attachments, or any of the information included therein, is unauthorized and strictly prohibited. If you have received this message in error, please immediately notify the sender by reply e-mail and permanently delete this message and its attachments, along with any copies thereof.
Andrew Bartlett
2018-Sep-14 16:49 UTC
[Samba] kpasswd_samdb_set_password: domain\user (S-...) is changing password of user@domain
On Fri, 2018-09-14 at 11:01 -0400, Bill Baird via samba wrote:> Hi All, > > I'm prepping for a classicupgrade and noticed that if I set log level > = 5, > I get a log like this when we update a password for a user: > > *kpasswd_samdb_set_password: DOMAIN\username(S--x-x-x-xxx-xxx-xxxx) > is > changing password of username at domain* > > I can't seem to figure out what debug class I need to enable to still > get > this alert, but still set my default logging to 1. > > Thanks in advance for any help!Samba 4.9 includes comprehensive audit logging under specific debug classes. That is your best bet for finding these easily, and the JSON version is great for auditing because it can be reliably parsed. https://wiki.samba.org/index.php/Samba_4.9_Features_added/changed#Password_change_audit_support Password change audit support Password changes in the AD DC are now logged to Samba's debug logs under the "dsdb_password_audit" debug class and "dsdb_password_json_audit" for JSON formatted log entries. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Bill Baird
2018-Sep-14 17:00 UTC
[Samba] kpasswd_samdb_set_password: domain\user (S-...) is changing password of user@domain
I have dsdb_password_audit:5 & dsdb_password_json_audit:5 enabled, but I don't get the message I included. I instead get an audit log that a password was changed...but not by who. Was hoping to get more info in a single log entry, so I can track who on my staff is doing password resets and setup email alerts via my logging system. On Fri, Sep 14, 2018 at 12:49 PM Andrew Bartlett <abartlet at samba.org> wrote:> On Fri, 2018-09-14 at 11:01 -0400, Bill Baird via samba wrote: > > Hi All, > > > > I'm prepping for a classicupgrade and noticed that if I set log level > > = 5, > > I get a log like this when we update a password for a user: > > > > *kpasswd_samdb_set_password: DOMAIN\username(S--x-x-x-xxx-xxx-xxxx) > > is > > changing password of username at domain* > > > > I can't seem to figure out what debug class I need to enable to still > > get > > this alert, but still set my default logging to 1. > > > > Thanks in advance for any help! > > Samba 4.9 includes comprehensive audit logging under specific debug > classes. > > That is your best bet for finding these easily, and the JSON version is > great for auditing because it can be reliably parsed. > > > > https://wiki.samba.org/index.php/Samba_4.9_Features_added/changed#Password_change_audit_support > > Password change audit support > > Password changes in the AD DC are now logged to Samba's debug logs > under the "dsdb_password_audit" debug class and > "dsdb_password_json_audit" for JSON formatted log entries. > > Andrew Bartlett > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT > http://catalyst.net.nz/services/samba > > > >-- *Bill Baird* Chief Technology Officer Office: 845-876-8228 x311 Mobile: 203-545-0437 www.phoenixmi.com *To create an IT ticket, please email itsupport at phoenixmi.com <itsupport at phoenixmi.com> or call 845-943-4222.* -- -- This electronic message, including its attachments (if any), is CONFIDENTIAL and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are not the intended recipient, you are hereby notified that any use, disclosure, copying, or distribution of this message, its attachments, or any of the information included therein, is unauthorized and strictly prohibited. If you have received this message in error, please immediately notify the sender by reply e-mail and permanently delete this message and its attachments, along with any copies thereof.
Seemingly Similar Threads
- kpasswd_samdb_set_password: domain\user (S-...) is changing password of user@domain
- kpasswd_samdb_set_password: domain\user (S-...) is changing password of user@domain
- ClassicUpgrade: ERROR(<type 'exceptions.ValueError'>): uncaught exception - zero length field name in format
- ClassicUpgrade: ERROR(<type 'exceptions.ValueError'>): uncaught exception - zero length field name in format
- Workstation Limited to NT1 Protocol