Hi team, Is there a way to grab Kerberos specific log entries? Example: /Auth: [Kerberos KDC,ENC-TS Pre-authentication] user.../ I have tried using the kerberos class but nothing was logged when I specified a path. This is what I have on my smb.conf. /[global] ??????? log level = 1 kerberos:2@/var/log/samba/kerberos.log auth_audit:3@/var/log/samba/audit.log winbind:2@/var/log/samba/winbind.log/ I have also noticed that the log.samba file has a limit of /4.9 MB/ before log rotation happens. Putting /max log size = 512002/ does not seem to help. I tried using the full_audit class for logging but the system returned with an error that it is an unknown class. //[2024/01/31 13:08:14.699574,? 0] ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) ? /usr/sbin/samba_kcc: debug_lookup_classname: Unknown classname[full_audit] -> adding it.../ / Any help is appreciated. Kind regards, -- *June Chong* *Technician | TechnologyWise* Basestation 148 Durham St Tauranga, NZ email: june at tw.co.nz office: +64 (0)7 571 1060 web: technologywise.co.nz
Sorry. I forgot to mention this is on Samba 4.18.6, Ubuntu 23.10 Kind regards, -- *June Chong* *Technician | TechnologyWise* Basestation 148 Durham St Tauranga, NZ email: june at tw.co.nz office: +64 (0)7 571 1060 web: technologywise.co.nz On 27/02/2024 4:46 pm, June Chong | TechnologyWise via samba wrote:> > CAUTION: This email originated from outside of the organization. Do > not click links or open attachments unless you recognize the sender > samba-bounces at lists.samba.org and know the content is safe. > > > > Hi team, > > Is there a way to grab Kerberos specific log entries? > > Example: > > /Auth: [Kerberos KDC,ENC-TS Pre-authentication] user.../ > > I have tried using the kerberos class but nothing was logged when I > specified a path. > > This is what I have on my smb.conf. > > /[global] > ??????? log level = 1 kerberos:2@/var/log/samba/kerberos.log > auth_audit:3@/var/log/samba/audit.log > winbind:2@/var/log/samba/winbind.log/ > > I have also noticed that the log.samba file has a limit of /4.9 MB/ > before log rotation happens. Putting /max log size = 512002/ does not > seem to help. > > I tried using the full_audit class for logging but the system returned > with an error that it is an unknown class. > > //[2024/01/31 13:08:14.699574,? 0] > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) > ? /usr/sbin/samba_kcc: debug_lookup_classname: Unknown > classname[full_audit] -> adding it.../ > / > > Any help is appreciated. > > Kind regards, >
On Tue, 2024-02-27 at 16:46 +1300, June Chong | TechnologyWise via samba wrote:> Hi team, > Is there a way to grab Kerberos specific log entries? > Example: > /Auth: [Kerberos KDC,ENC-TS Pre-authentication] user.../ > I have tried using the kerberos class but nothing was logged when I > specified a path. > This is what I have on my smb.conf. > /[global] log level = 1 > kerberos:2@/var/log/samba/kerberos.log > auth_audit:3@/var/log/samba/audit.log > winbind:2@/var/log/samba/winbind.log/ > I have also noticed that the log.samba file has a limit of /4.9 MB/ > before log rotation happens. Putting /max log size = 512002/ does not > seem to help. > I tried using the full_audit class for logging but the system > returned with an error that it is an unknown class. > //[2024/01/31 13:08:14.699574, 0] > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) > /usr/sbin/samba_kcc: debug_lookup_classname: Unknown > classname[full_audit] -> adding it...//Kia Ora June, I'm sorry this is less clear than it should be. kerberos actually refers only to logs from the Kerberos library itself, or the KDC But the ones you want are from Samba, in auth_audit (and the related auth_audit_json) like you have. https://wiki.samba.org/index.php/Setting_up_Audit_Logging This is different again to the VFS file change auditing, which is what full_audit is about. Setting 'max log size = 0' should stop the rotation. Let me know if this doesn't help, and I'll work with you to get to the bottom of what is going on. Andrew Bartlett-- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead https://catalyst.net.nz/services/samba Catalyst.Net Ltd Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company Samba Development and Support: https://catalyst.net.nz/services/samba Catalyst IT - Expert Open Source Solutions