similar to: Making Samba4 log data accessible in MsWindows EventLog Viewer?

On Tue, 2018-09-11 at 15:14 +0000, ray klassen via samba wrote: >   > Yes, after further research the solution could possibly be to create > a python script to monitor the json output in log.samba and push out > eventlog formatted events to 'Security' with eventlogadm. Seems a lot > of work. That still assumes the appliance is reading the same type of event log (because the

Yes, after further research the solution could possibly be to create a python script to monitor the json output in log.samba and push out eventlog formatted events to 'Security' with eventlogadm. Seems a lot of work. The appliance in question also supports getting the necessary info via the netapi call "netsessionenum" I have tried that and a wireshark dump shows samba replying

so I sent you the dump separately. and i tried a persistent drive mapping to \\DC\netlogon which I figured should create a more permanent session as you described. That worked the same. On Tuesday, 11 September 2018, 08:21:50 GMT-7, Andrew Bartlett via samba <samba at lists.samba.org> wrote: On Tue, 2018-09-11 at 15:14 +0000, ray klassen via samba wrote: >   > Yes, after

Because my debian sarge dist doesn't have eventlogadm i download the source and compile it. I follow the instructions on http://wiki.samba.org/index.php/Event_Logging and insert the line eventlog list = Application, System, Security, SyslogLinux in smb.conf in the main - section. But when i start the command tail -f /var/log/syslog | /usr/sbin/parselog.pl | eventlogadm -d SysLogLinux as

I started with one dc, 'dc1', running samba v4.0.21, in subnet1. I successfully added two more dc's, 'dc2' and 'dc3', both running samba v4.0.24, both in subnet2. There are several firewalls between subnets 1 & 2. I continued to make firewall holes on behalf of msad after I added dc's 2 & 3. I.e. when they were added, there were patterns of communication

Hi all, I have a RHEL5-update 3 x86_64 system, and I installed Samba 3.2.14-40 (from http://ftp.sernet.com/pub/samba/tested/rhel/5/x86_64/ ). I'm using OpenLDAP ( 2.3.43-3.el5 ,comes with RHEL5u3) as backend for winbind+samba in my PDC. With samba-3.0.33 that comes with RHEL5u3, i dont get that "eventlogadm" works how explain in http://wiki.samba.org/index.php/Event_Logging: For

Hello, I can't join a winxp box to my samba domain. I just have one samba server, meant to act as a PDC for domain='CHI'. Any ideas how to troubleshoot and/or remedy? Thanks, Jon Context: ------------ samba v3.3.8 on CentOS v5.5, using ldapsam backend. Domainname ='CHI'. smbldap-tools v0.9.6. I 'populated' the ldap with 'smbldap-populate'. I try to join

Hi I am trying to enable auditing and see logs (events) on the DC (samba4 on debian jessie). I am trying to follow/understand https://wiki.samba.org/index.php/Event_Logging [1] but with no success. I have edited smb.conf and restarted samba daemon. When trying to connect DC using event viewer on a windows server connected to the domain as administrator user, I get error: The procedure number is

Hello, I want to use samba v3.3.x to implement an NT4/Win2k style domain: a samba PDC and a samba BDC, using ldapsam for the 'passdb backend'. I plan to use RedHat Directory Server v8.2 as the ldap server. I'm trying to sort out how user/group management and nss will work. I'm confused about how/when the samba-supplied ldap schema is used (I mean the schema that's in the

we have recently purchased a security appliance that wants to poll the DC's for login info (ipaddress:logged-in-user) to give more granular access to internet resources this seems possible with samba 4.8.4 my smb.conf     log level = 1 auth_audit:3     eventlog list = Application System Security SyslogLinux It doesn't look like audit events are ending up in

I've configured a domain member server using version 4.4.7 on FreeBSD. I'm able to manage groups and shares from the Computer Management tool on a Windows 2008 server, but when I connect to the samba member server the following error occurs: Event Viewer cannot connect to computer 'XXXXXX'. The error reported is : The RPC server is unavailable. Clicking OK allows me to proceed.

On Tue, 2018-09-11 at 15:52 +0000, ray klassen via samba wrote: >  so I sent you the dump separately. and i tried a persistent drive > mapping to \\DC\netlogon which I figured should create a more > permanent session as you described. That worked the same. > >     On Tuesday, 11 September 2018, 08:21:50 GMT-7, Andrew Bartlett > via samba <samba at lists.samba.org> wrote:  

Suppose I want to upgrade a bunch of packages on a system, but in case the upgrade produces unexpected, undesired results, I want to be able to rollback the system to its original state. What is the best way to do that? Often, I won't have, or be able to find, packages for the current installed versions. I.e. If I haven't upgraded postgres for 2 years, it may be that I can no longer

On Mon, 2018-09-10 at 21:26 +0000, ray klassen via samba wrote: > we have recently purchased a security appliance that wants to poll > the DC's for login info (ipaddress:logged-in-user) to give more > granular access to internet resources > this seems possible with samba 4.8.4 > > my smb.conf > >     log level = 1 auth_audit:3 >     eventlog list = Application

Thanks a lot for your response. Just to sum up, there are no way to get the audit logs? For me it doesn't really matter if I use event viewer or if it gets logged to a regular log file. But if there are no way to get the audit logged at all this might be a show stopper for us. The way I have implemented this is via a GPO that applies to the computer account and I want to audit password

Are you saying that it could be as simple as adding a case like this one headed up by a 'case 10:' ?                 case 1:                        werr = init_srv_sess_info_1(p,                                                     r->in.info_ctr->ctr.ctr1,                                                     r->in.resume_handle,                                                    

On Mon, 2016-12-05 at 12:39 +0100, Stefan via samba wrote: >   > > Hi  > > I am trying to enable auditing and see logs (events) on the DC > (samba4 > on debian jessie). I am trying to follow/understand > https://wiki.samba.org/index.php/Event_Logging [1] but with no > success. > I have edited smb.conf and restarted samba daemon. When trying to > connect DC using

Hi, Can we export the samba audit logs (Authentication & Authorisation Logs) to Windows Event Viewer? I am trying to export the authentication & authorisation logs to a Windows Server to be shown in Windows Event Viewer. I read the link - https://wiki.samba.org/index.php/Event_Logging. But couldn't follow much. Can someone throw more light on the procedure, if it is possible? --

I forgot to said that I can access that share if I'm using Konqueror (smb://WINuname@server/Users$/WINuname) Jean-Philippe. ----- Message transf?r? de Jean-Philippe Blais <jphblais@zinfo.ca> ----- Date : Tue, 23 Nov 2004 11:07:54 -0500 De : Jean-Philippe Blais <jphblais@zinfo.ca> Adresse de retour :Jean-Philippe Blais <jphblais@zinfo.ca> Sujet : [Samba] Mounting a

I apologize but I made an error and just sent the message with the same 'subject' without saying that the files can be found in the R/bin/ms-windows/win-32-devel directory at CRAN (in this moment only at the Wien site, I suppose). In addition, please, replay to this message not to the one before. guido -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-