Hi all, I'm running old Sernet samba 4.0.9 on Debian and trying to set up LDAP authentication for https://www.reviewboard.org/docs/manual/3.0/admin/configuration/authentication-settings/ To cut a long story short about half of users can log in and half not without any obvious reasons that ldapsearch comparisons would reveal. So I really want to see what the server is saying. I've set "log level = 5" in /etc/samba/smb.conf followed by "smbcontrol all reload-config" The only mention in smb.conf is: log file = /var/log/samba/log.%m I started spawning login attempts and hunting for entries in /var/log/samba/ followed by: /var/log/syslog /var/log/auth /var/log/sssd/ but couldn't find anything. What am I doing wrong? Thanks, Adam
On 26/05/2020 14:17, Adam Weremczuk via samba wrote:> Hi all, > > I'm running old Sernet samba 4.0.9 on Debian and trying to set up LDAP > authentication for > https://www.reviewboard.org/docs/manual/3.0/admin/configuration/authentication-settings/ > > To cut a long story short about half of users can log in and half not > without any obvious reasons that ldapsearch comparisons would reveal. > > So I really want to see what the server is saying. > > I've set "log level = 5" in /etc/samba/smb.conf followed by > "smbcontrol all reload-config" > > The only mention in smb.conf is: > > log file = /var/log/samba/log.%m > > I started spawning login attempts and hunting for entries in > /var/log/samba/ > > followed by: > > /var/log/syslog > /var/log/auth > /var/log/sssd/ > > but couldn't find anything. > > What am I doing wrong?For a start, you are running an version of Samba that is EOL, you should upgrade. You are also using sssd for authentication and asking here for help, Samba does not produce sssd and as such, we know little about it, you will get better help on the sssd-users mailing list, though I think they will probably advise doing the same thing as I am advising about Samba, upgrade. There is a problem though, if you upgrade to a supported Samba version and require shares, you cannot use sssd, you must use winbind. Rowland
On Tue, 2020-05-26 at 14:17 +0100, Adam Weremczuk via samba wrote:> Hi all, > > I'm running old Sernet samba 4.0.9 on Debian and trying to set up > LDAP > authentication for >https://www.reviewboard.org/docs/manual/3.0/admin/configuration/authentication-settings/> > To cut a long story short about half of users can log in and half > not > without any obvious reasons that ldapsearch comparisons would reveal. > > So I really want to see what the server is saying. > > I've set "log level = 5" in /etc/samba/smb.conf followed by > "smbcontrol > all reload-config"Sadly the 'samba' daemon does not support reloading the configuration on the fly, so you must restart it to get a new settings.> The only mention in smb.conf is: > > log file = /var/log/samba/log.%m > > I started spawning login attempts and hunting for entries in > /var/log/samba/ > > followed by: > > /var/log/syslog > /var/log/auth > /var/log/sssd/ > > but couldn't find anything. > > What am I doing wrong?Modern Samba versions have extensive, clear authentication logging. Please do upgrade, it will be much easier to debug this on a modern version. In the meantime, after setting the 'log level = 5', once you restart Samba then some errors will be in that log.%m file. If you need help upgrading, see the other thread about upgrading from Samba 4.1 or engage a commercial support provider, as this is a very long way behind our current versions. Sorry, Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba