samba - Jan 2022 - Confiming Logs are "Normal"

Hi All,

So following an article to enable User Identification on our PaloAlto,
I'm noticing some new logs in syslog, notably:
Jan 26 16:43:26 dc2 sh[3158324]: lpcfg_do_global_parameter: WARNING:
The "syslog" option is deprecated
Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'gssapi_spnego'
registered
Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'gssapi_krb5' registered
Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'gssapi_krb5_sasl'
registered
Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'spnego' registered
Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'schannel' registered
Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'naclrpc_as_system'
registered
Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'sasl-EXTERNAL'
registered
Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'ntlmssp' registered
Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend
'ntlmssp_resume_ccache' registered
Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'http_basic' registered
Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'http_ntlm' registered
Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'http_negotiate'
registered
Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'krb5' registered
Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'fake_gssapi_krb5'
registered
Jan 26 16:43:26 dc2 sh[3158324]: Using binding ncacn_ip_tcp:dc2[,sign]
Jan 26 16:43:26 dc2 sh[3158324]: resolve_lmhosts: Attempting lmhosts
lookup for name dc2<0x20>
Jan 26 16:43:26 dc2 sh[3158324]: resolve_lmhosts: Attempting lmhosts
lookup for name dc2<0x20>

I understand the syslog option on smb.conf is deprecated, in this
instance, what should I do to still route these to the remote syslog
server?
As for the GENSEC entries and the "resolve_lmhosts" entries, are those
normal? Do they indicate any issues?

Thanks for any clarification,
Ralph

On Wed, 2022-01-26 at 16:47 -0500, ralph strebbing via samba
wrote:
> Hi All,
> 
> So following an article to enable User Identification on our
> PaloAlto,
> I'm noticing some new logs in syslog, notably:
> Jan 26 16:43:26 dc2 sh[3158324]: lpcfg_do_global_parameter: WARNING:
> The "syslog" option is deprecated
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'gssapi_spnego'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'gssapi_krb5'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'gssapi_krb5_sasl'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'spnego' registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'schannel'
registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'naclrpc_as_system'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'sasl-EXTERNAL'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'ntlmssp'
registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend
> 'ntlmssp_resume_ccache' registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'http_basic'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'http_ntlm'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'http_negotiate'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'krb5' registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'fake_gssapi_krb5'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: Using binding
> ncacn_ip_tcp:dc2[,sign]
> Jan 26 16:43:26 dc2 sh[3158324]: resolve_lmhosts: Attempting lmhosts
> lookup for name dc2<0x20>
> Jan 26 16:43:26 dc2 sh[3158324]: resolve_lmhosts: Attempting lmhosts
> lookup for name dc2<0x20>
> 
> I understand the syslog option on smb.conf is deprecated, in this
> instance, what should I do to still route these to the remote syslog
> server?
Just because something is deprecated doesn't mean you cannot use it.
> As for the GENSEC entries and the "resolve_lmhosts" entries, are
> those
> normal? Do they indicate any issues?
You can ignore the 'GENSEC' lines, they are just informative, however,
the 'resolve lmhosts' could just be informative, or if 'dc2' is
a PDC
or BDC, then they could be pointing out that it would be better to
upgrade to AD.

Rowland

On Wed, 2022-01-26 at 16:47 -0500, ralph strebbing via samba
wrote:
> Hi All,
> 
> So following an article to enable User Identification on our
> PaloAlto,
> I'm noticing some new logs in syslog, notably:
> Jan 26 16:43:26 dc2 sh[3158324]: lpcfg_do_global_parameter: WARNING:
> The "syslog" option is deprecated
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'gssapi_spnego'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'gssapi_krb5'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'gssapi_krb5_sasl'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'spnego' registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'schannel'
registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'naclrpc_as_system'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'sasl-EXTERNAL'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'ntlmssp'
registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend
> 'ntlmssp_resume_ccache' registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'http_basic'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'http_ntlm'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'http_negotiate'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'krb5' registered
> Jan 26 16:43:26 dc2 sh[3158324]: GENSEC backend 'fake_gssapi_krb5'
> registered
> Jan 26 16:43:26 dc2 sh[3158324]: Using binding
> ncacn_ip_tcp:dc2[,sign]
> Jan 26 16:43:26 dc2 sh[3158324]: resolve_lmhosts: Attempting lmhosts
> lookup for name dc2<0x20>
> Jan 26 16:43:26 dc2 sh[3158324]: resolve_lmhosts: Attempting lmhosts
> lookup for name dc2<0x20>
> 
> I understand the syslog option on smb.conf is deprecated, in this
> instance, what should I do to still route these to the remote syslog
> server?
> As for the GENSEC entries and the "resolve_lmhosts" entries, are
> those
> normal? Do they indicate any issues?
I think you simply have the log level turned up too high in something,
perhaps a command line tool.  These are very low level debugging
messages, and are harmless.

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

On Wed, Jan 26, 2022 at 04:47:41PM -0500, ralph strebbing via samba
wrote:
> So following an article to enable User Identification on our PaloAlto,
> I'm noticing some new logs in syslog, notably:
> Jan 26 16:43:26 dc2 sh[3158324]: lpcfg_do_global_parameter: WARNING:
> The "syslog" option is deprecated
[...]
> 
> I understand the syslog option on smb.conf is deprecated, in this
> instance, what should I do to still route these to the remote syslog
> server?
The same behavior is available through the "logging" parameter, which
is
a bit more flexible with regards of sending log messages to different
targets. See "man smb.conf":

       syslog (G)
[...]

	   The logging parameter should be used instead. When logging is
           set, it overrides the syslog parameter.

and

       logging (G)

	   This parameter configures logging backends. Multiple backends
           can be specified at the same time, with different log levels
           for each backend. The parameter is a list of backends, where each
           backend is specified as backend[:option][@loglevel].
[...]
           Example: logging = syslog at 1 file

So just set "logging" instead of "syslog".

Christof