search for: auth_audit_json

...ebug_lookup_classname: Unknown > classname[full_audit] -> adding it...// Kia Ora June, I'm sorry this is less clear than it should be. kerberos actually refers only to logs from the Kerberos library itself, or the KDC But the ones you want are from Samba, in auth_audit (and the related auth_audit_json) like you have. https://wiki.samba.org/index.php/Setting_up_Audit_Logging This is different again to the VFS file change auditing, which is what full_audit is about. Setting 'max log size = 0' should stop the rotation. Let me know if this doesn't help, and I'll work with you to ge...

...rt for this is still untouched. > https://bugzilla.samba.org/show_bug.cgi?id=11998 I've closed that bug now. Extensive work has been done to add this feature to Samba 4.7, due out this week: https://wiki.samba.org/index.php/Setting_up_Audit_Logging Two new debug classes, auth_audit and auth_audit_json were added to control logging of text-string and structured JSON authentication and authorization logging. > Is vfs_full_audit not an option? > with %I you can log the IP address of the client machine. > But i dont know if that wil work of if vfs_full_audit hase that option. No, this w...

I am running Samba in AD mode with 3 Samba DCs. I am trying to verify that I really am seeing all incoming connections in the log files to help trouble shooting. We work with Sernet who are AWESOME people, especially Bjorn, but I was wondering if there were any other ideas. Right now we have "log level = 1 auth_audit:3 auth_json_audit:3" set in our smb.conf. Are there any other ways

Hi team, Is there a way to grab Kerberos specific log entries? Example: /Auth: [Kerberos KDC,ENC-TS Pre-authentication] user.../ I have tried using the kerberos class but nothing was logged when I specified a path. This is what I have on my smb.conf. /[global] ??????? log level = 1 kerberos:2@/var/log/samba/kerberos.log auth_audit:3@/var/log/samba/audit.log

This may have been asked before, but I can't find it. I am getting repeated external attempted to log into our AD/DC (running Samba 4.4.14). In /var/log/samba/log.samba I get entried like: 2017/09/19 05:02:25.562957, 2] ../source4/auth/ntlm/auth.c:430(auth_check_password_recv) auth_check_password_recv: sam_ignoredomain authentication for user [HPRS\333] FAILED with error