Tony Earnshaw wrote: > tor, 12.05.2005 kl. 18.54 skrev Robert Kelly: > > >>With the new scrutinization by auditors on account policies and >>auditing, how can Samba be SOX compliant? >>Using 3.0.14a-sernet on Suse 9.1 - ldapsam >> >>Specifically, a couple of things seem to be lacking: >> >>1) Logon/Logoff times are not being recorded >> The last logon time recorded in my ldap entries are pre-nt4 migration. > > > Bad luck?
By bad luck, do you mean your sambaLogonTime and sambaLogoffTime attributes are get updated? > > >>2) Do the Audit Policy values in user manager have any effect? >> Are they implemented? >> Can they be syslogged? > > > No to both, please read the official Samba HOWTOs. Experiment. Like we > all have to. > Thanks, I didn't see any mention of audit policy only account and user rights. > >>3) How can I get a hook into logons? >> Without turning up the debug values, how can I tell if an account has >>had repeated login failures? > > > Try 'man pdbedit' and search for "-P". > > I have never understood why people complain about any item of software's > supposed limitations until they have read and thoroughly understand all > aspects of all the documentation. Perhaps they aspire toward posthumous > beatification, attaining al martyrs' brigade status or whatever. > Again, I'm aware of the account policies, how to view and set them. I'm asking about the auditing policies e.g. logon/logoff success or failure. > >>Thanks, > > > *Wake up* and at least make *some effort* to read the docs and follow > the threads and experiment for yourself as 1001 others on this list, > including the undersigned choose to do. Hanging yourself out is not to > your own advantage. > > --Tonni > Thanks for your input Tonni. I've been using samba as our production fileservers for years and migrated our NT4 domain to Samba/ldapsam last August. It's been running great, but with the SOX audits, I don't have answers for them about the audit functions. Of course I have gone through the documentation and googled. I'm posting to this forum because the information I needed wasn't found there. The documentation is excellent and without it I wouldn't have even thought about migrating domain control to samba. What I don't want is the auditors to make a recommendation to migrate from samba to Active Directory just because of the missing audit functions. Thanks, Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
