fre, 13.05.2005 kl. 20.51 skrev Robert Kelly: > >>1) Logon/Logoff times are not being recorded > >> The last logon time recorded in my ldap entries are pre-nt4 migration. > > Bad luck? > > By bad luck, do you mean your sambaLogonTime and sambaLogoffTime > attributes are get updated?
They don't get updated with Samba 3.0.14a and ldapsam backend. > >>2) Do the Audit Policy values in user manager have any effect? > >> Are they implemented? > >> Can they be syslogged? > > > > No to both, please read the official Samba HOWTOs. Experiment. Like we > > all have to. > > > Thanks, I didn't see any mention of audit policy only account and user > rights. This is "more or less" covered in the Samba HOWTO html doc, chapter 14 on ACLs "Viewing File Security on a Samba Share", where it says that auditing doesn't work. Verifying this from a Windows ws confirms it. > >>3) How can I get a hook into logons? > >> Without turning up the debug values, how can I tell if an account has > >>had repeated login failures? > > > > > > Try 'man pdbedit' and search for "-P". Hmmm ... a bit short winded. If you use ldapsam backend and a GUI tool such as GQ you can see it literally under the sambaBadPasswordCount attribute. Using ldapsearch from the CLI you can get a list, for all users. It will be zeroed out, though, at the next successful login. > > I have never understood why people complain about any item of software's > > supposed limitations until they have read and thoroughly understand all > > aspects of all the documentation. Perhaps they aspire toward posthumous > > beatification, attaining al martyrs' brigade status or whatever. > > > > Again, I'm aware of the account policies, how to view and set them. I'm > asking about the auditing policies e.g. logon/logoff success or failure. There are very few possibilities in Samba. What you ask you can get, at least using the ldapsam backend. > Thanks for your input Tonni. I've been using samba as our production > fileservers for years and migrated our NT4 domain to Samba/ldapsam last > August. It's been running great, but with the SOX audits, I don't have > answers for them about the audit functions. I just now learned about SOX audits. Being European, they don't apply to "us" - I'm having to do some reading up. From what I've seen to date, Samba has minimal auditing capability, but one of the more clued-up people could comment more fully on this, would be useful if they could.. > Of course I have gone > through the documentation and googled. I'm posting to this forum because > the information I needed wasn't found there. The documentation is > excellent and without it I wouldn't have even thought about migrating > domain control to samba. What I don't want is the auditors to make a > recommendation to migrate from samba to Active Directory just because of > the missing audit functions. I understand that now. All that I can say is, that using LDAP as pdb backend, together with an LDAP client GUI such as GQ will demonstrate many things graphically that are not easily envisaged otherwise. Best, --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
