From: Douglas Bagnall Date: Wed, 8 Oct 2025 01:29:13 +0000 (+1300) Subject: docs: smb.conf: add auth info audit logging X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=121598c6ad4430d98b3b9f5cf0ea24309969bcbc;p=thirdparty%2Fsamba.git docs: smb.conf: add auth info audit logging Signed-off-by: Douglas Bagnall Reviewed-by: Gary Lockyer --- diff --git a/docs-xml/smbdotconf/logging/loglevel.xml b/docs-xml/smbdotconf/logging/loglevel.xml index 19ab2b77571..cd96786952e 100644 --- a/docs-xml/smbdotconf/logging/loglevel.xml +++ b/docs-xml/smbdotconf/logging/loglevel.xml @@ -123,10 +123,11 @@ 5: Replicated updates from another DC - Password changes and Password resets in the AD DC are logged - under dsdb_password_audit and a JSON + In the AD DC, password changes, password resets, and certain + authentication related attribute changes are logged under + dsdb_password_audit and a JSON representation is logged under the - dsdb_password_json_audit. Password changes + dsdb_password_json_audit. Password changes will also appears as authentication events via auth_audit and auth_audit_json. @@ -134,9 +135,24 @@ Log levels for dsdb_password_audit and dsdb_password_json_audit are: - 5: Successful password changes and resets + 5: Successful password changes and resets, and + authentication related attribute changes. + Changes to the following attributes are logged: + + altSecurityIdentities + dNSHostName + msDS-AdditionalDnsHostName + msDS-KeyCredentialLink + servicePrincipalName + + In the dsdb_password_json_audit log + these are given the value "Auth info change" in the "action" + field. Password changes and resets have the value "change" and + "reset" in this field, respectively. + + Transaction rollbacks and prepare commit failures are logged under the dsdb_transaction_audit and a JSON representation is logged under the dsdb_transaction_json_audit.