--- ./smbd/sec_ctx.c.orig
+++ ./smbd/sec_ctx.c
@@ -18,6 +18,7 @@
 */
 
 #include "includes.h"
+#include <bsm/audit.h>
 
 extern struct current_user current_user;
 
@@ -243,6 +244,54 @@
 	return True;
 }
 
+static void set_audit(uid_t uid)
+{
+	static uid_t prev_uid = 0;
+	struct passwd *pwd;
+	auditinfo_t auinfo;
+	au_mask_t aumask;
+	const char *uname;
+
+	if (prev_uid == uid)
+		return;
+	prev_uid = uid;
+
+	if (uid == 0) {
+		/*
+		 * We don't want to generate audit records from opening
+		 * /etc/spwd.db or /etc/security/audit_control, so we
+		 * setup various things manually.
+		 */
+		uname = "root";
+		memset(&aumask, 0, sizeof(aumask));
+	} else {
+		pwd = getpwuid(uid);
+		if (pwd == NULL) {
+			DEBUG(1,("WARNING: getpwuid(%u) failed\n", uid));
+			return;
+		}
+		uname = pwd->pw_name;
+
+		/* Compute and set the user's preselection mask. */
+		if (au_user_mask(uname, &aumask) == -1) {
+			DEBUG(1,("WARNING: au_user_mask(%s) failed\n", uname));
+			return;
+		}
+	}
+
+	/* Set the audit info for the user. */
+	auinfo.ai_auid = uid;
+	auinfo.ai_asid = getpid();
+	memset(&auinfo.ai_termid, 0, sizeof(auinfo.ai_termid));
+	memcpy(&auinfo.ai_mask, &aumask, sizeof(auinfo.ai_mask));
+	if (setaudit(&auinfo) != 0) {
+		DEBUG(1,("WARNING: setaudit(%s) failed\n", uname));
+		return;
+	}
+
+	DEBUG(2,("audit set for user %s (%u)", uname, uid));
+}
+
 /****************************************************************************
  Change UNIX security context. Calls panic if not successful so no return value.
 ****************************************************************************/
@@ -255,6 +304,7 @@
 {
 	/* Start context switch */
 	gain_root();
+	set_audit(uid);
 #ifdef HAVE_SETGROUPS
 	if (sys_setgroups(gid, ngroups, groups) != 0 && !non_root_mode()) {
 		smb_panic("sys_setgroups failed");