diff options
author | Andrew Bartlett <abartlet@samba.org> | 2017-03-27 13:17:35 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-29 06:35:12 +0200 |
commit | 12cd7ab60a1d2cf891c061652fbcad6f8fed56d1 (patch) | |
tree | d9b0889656fb74355219b4a2c2bd5b345810b9fb /WHATSNEW.txt | |
parent | 49f3a92cb3e23c2233c1a35b7adfc89e667b0420 (diff) | |
download | samba-12cd7ab60a1d2cf891c061652fbcad6f8fed56d1.tar.gz |
WHATSNEW: Add entry for auth audit
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 29 06:35:12 CEST 2017 on sn-devel-144
Diffstat (limited to 'WHATSNEW.txt')
-rw-r--r-- | WHATSNEW.txt | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index cda61ef720b..4216c4f2759 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -22,13 +22,31 @@ obey client requests to synchronize unwritten data in operating system buffers safely onto disk. This is a safer default setting for modern SMB1/2/3 clients. +Authentication and Authorization audit support +---------------------------------------------- + +Detailed authentication and authorization audit information is now +logged to Samba's debug logs under the "auth_audit" debug class, +including in particular the client IP address triggering the audit +line. Additionally, if Samba is compiled against the jansson JSON +library, a JSON representation is logged under the "auth_json_audit" +debug class. + +Audit support is comprehensive for all authentication and +authorisation of user accounts in the Samba Active Directory Domain +Controller, as well as the implicit authentication in password +changes. In the file server and classic/NT4 domain controller, NTLM +authentication, SMB and RPC authorization is covered, however password +changes are not at this stage, and this support is not currently +backed by a testsuite. + smb.conf changes ================ Parameter Name Description Default -------------- ----------- ------- strict sync Default changed yes - + auth event notification New parameter no KNOWN ISSUES ============ |