diff options
| author | Gary Lockyer <gary@catalyst.net.nz> | 2018-07-10 13:57:18 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2018-07-10 12:53:54 +0200 |
| commit | b12f6c6f76440788cadda1fca4fe30531301f668 (patch) | |
| tree | 371cc9788eceeeedddee9e686b52e4f54d34da30 /WHATSNEW.txt | |
| parent | b84c0a896f48ba31eb4b2874e5c9c9b61d3bc2a7 (diff) | |
| download | samba-b12f6c6f76440788cadda1fca4fe30531301f668.tar.gz | |
WHATSNEW add entries audit logging and lmdb.
Add WHATSNEW entries for dsdb, password and group change audit logging,
as well as the ldb lmdb backend
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 10 12:53:54 CEST 2018 on sn-devel-144
Diffstat (limited to 'WHATSNEW.txt')
| -rw-r--r-- | WHATSNEW.txt | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2ceacc41995..5ddf7c45397 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -66,6 +66,52 @@ Kerberos would return ALICE as the username. Kerberos would not be able to map names can be correctly mapped. This only applies to GSSAPI authentication, not for the geting the initial ticket granting ticket. +Database audit support +---------------------- + +Changes to the Samba AD's sam.ldb database are now logged to Samba's debug log +under the "dsdb_audit" debug class and "dsdb_json_audit" for JSON formatted log +entries. + +Transaction commits and roll backs are now logged to Samba's debug logs under +the "dsdb_transaction_audit" debug class and "dsdb_transaction_json_audit" for +JSON formatted log entries. + +Password change audit support +----------------------------- + +Password changes in the AD DC are now logged to Samba's debug logs under the +"dsdb_password_audit" debug class and "dsdb_password_json_audit" for JSON +formatted log entries. + +Group membership change audit support +------------------------------------- + +Group membership changes on the AD DC are now logged to +Samba's debug log under the "dsdb_group_audit" debug class and +"dsdb_group_json_audit" for JSON formatted log entries. + +Log Authentication duration +--------------------------- + +For NTLM and Kerberos KDC authentication, the authentication duration is now +logged. Note that the duration is only included in the JSON formatted log +entries. + +New Experimental LMDB LDB backend +--------------------------------- + +A new experimental LDB backend using LMBD is now available. This allows +databases larger than 4Gb (Currently the limit is set to 6Gb, but this will be +increased in a future release). To enable lmdb, provision or join a domain using +the --backend-store=mdb option. + +This requires that a version of lmdb greater than 0.9.16 is installed and that +samba has not been built with the --without-ldb-lmdb option. + +Please note this is an experimental feature and is not recommended for +production deployments. + REMOVED FEATURES ================ |