On Mon, 25 Nov 2024 09:48:19 +0000 "Hoefle, Marco \(Avnet Silica\) via samba" <samba at lists.samba.org> wrote:> Hello, > I have different services using ldap for user/passwd queries. I am > using the LDAP server integrated in the samba domain controller. For > debugging and login attempts I wanted to have all requests in a > separate log file. I am using the 2:4.19.5+dfsg-4ubuntu9 (standard > ubuntu 24.04 package) samba package. > > > This is the relevant samba dc config: > > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = TRAUTES > idmap_ldb:use rfc2307 = yes > allow dns updates = nonsecure and secure > log level = 2 > auth_json_audit:3@/var/log/samba/domain_join.log > ldap:10@/var/log/samba/ldap.log auth:5 passdb:5 rpc_srv:5 rpc_parse:5 > dnsupdate:10@/var/log/samba/dnsupdate.log log file > /var/log/samba/log.%m > > The domain join log file ( /var/log/samba/domain_join.log) is created > and works (I see each domain join approach). The LDAP queries are not > in the file. /var/log/samba/ldap.log is created but remains empty > even after a successful LDAP query. > > Generally, I cannot see any ldap requests in the other log files > either.Sorry, but this is because there is no 'ldap' debug class. If you read 'man smb.conf' under 'log level', you will find a full list of available debug classes. There is 'ldb' if you can use the ldb-tools instead (note: this may work with ldapsearch etc, but I haven't tried it.). Rowland
Kees van Vloten
2024-Nov-25 10:44 UTC
[Samba] samba log level: ldap log file remains empty
Op 25-11-2024 om 11:35 schreef Rowland Penny via samba:> On Mon, 25 Nov 2024 09:48:19 +0000 > "Hoefle, Marco \(Avnet Silica\) via samba" <samba at lists.samba.org> > wrote: > >> Hello, >> I have different services using ldap for user/passwd queries. I am >> using the LDAP server integrated in the samba domain controller. For >> debugging and login attempts I wanted to have all requests in a >> separate log file. I am using the 2:4.19.5+dfsg-4ubuntu9 (standard >> ubuntu 24.04 package) samba package. >> >> >> This is the relevant samba dc config: >> >> server role = active directory domain controller >> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, >> drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = TRAUTES >> idmap_ldb:use rfc2307 = yes >> allow dns updates = nonsecure and secure >> log level = 2 >> auth_json_audit:3@/var/log/samba/domain_join.log >> ldap:10@/var/log/samba/ldap.log auth:5 passdb:5 rpc_srv:5 rpc_parse:5 >> dnsupdate:10@/var/log/samba/dnsupdate.log log file >> /var/log/samba/log.%m >> >> The domain join log file ( /var/log/samba/domain_join.log) is created >> and works (I see each domain join approach). The LDAP queries are not >> in the file. /var/log/samba/ldap.log is created but remains empty >> even after a successful LDAP query. >> >> Generally, I cannot see any ldap requests in the other log files >> either. > Sorry, but this is because there is no 'ldap' debug class. If you read > 'man smb.conf' under 'log level', you will find a full list of > available debug classes. There is 'ldb' if you can use the ldb-tools > instead (note: this may work with ldapsearch etc, but I haven't tried > it.).In 4.21 there is "ldapsrv" to log ldap queries. - Kees.> > Rowland >