search for: enabling_ad_dc_database_audit_log

...bind, as suggested, or two different devices) joined under the same name somehow. Samba DB change audit logs might give a clue, but every 24 hours is very short, most tooling rotates their password every couple of weeks, not every 24 hours. https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead https://catalyst.net.nz/services/sambaCatalyst.Net Ltd Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company Sam...

...ldn't is a detective task - I always start with a wireshark trace. The client making all the noise/traffic will be the one causing the trouble. If it isn't clear from that, then look into the DB audit logging for perhaps busy writes https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging Finally, set 'log level = 5' and look for logs like: LDAP Query: Duration was This will tell you about how long each query is taking, potentially showing a particularly slow query that needs to be stopped. Andrew Bartlett On Sun, 2024-03-10 at 19:46 -0300, Elias Pereira wrote: > &gt...

...or two different devices) joined under the same name somehow. > > Samba DB change audit logs might give a clue, but every 24 hours is very short, most tooling rotates their password every couple of weeks, not every 24 hours. > > https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging > > Andrew Bartlett > > -- > > Andrew Bartlett (he/him) https://samba.org/~abartlet/ > Samba Team Member (since 2001) https://samba.org > Samba Team Lead https://catalyst.net.nz/services/samba > Catalyst.Net Ltd > > Proudly developing Samba...

...> start with a wireshark trace. The client making all the noise/traffic will > be the one causing the trouble. > > If it isn't clear from that, then look into the DB audit logging for > perhaps busy writes > > > https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging > > Finally, set 'log level = 5' and look for logs like: LDAP Query: Duration > was > > This will tell you about how long each query is taking, potentially > showing a particularly slow query that needs to be stopped. > > Andrew Bartlett > > On Sun, 2024-03...

...trace. The client making all the noise/traffic will >> be the one causing the trouble. >> >> If it isn't clear from that, then look into the DB audit logging for >> perhaps busy writes >> >> >> https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging >> >> Finally, set 'log level = 5' and look for logs like: LDAP Query: >> Duration was >> >> This will tell you about how long each query is taking, potentially >> showing a particularly slow query that needs to be stopped. >> >> Andrew Ba...

Hello, I'm facing an issue with a file server working under samba 4.17.12 and joined to my domain as domain member: Every 24h hours the domain join becomes invalid: #net ads testjoin kerberos_kinit_password FILESERVER$@MY.DOMAIN failed: Preauthentication failed Join to domain is not valid: LDAP_INVALID_CREDENTIALS Then I need to rejoin to come back to normal: net ads join

...ll the >>> noise/traffic will be the one causing the trouble. >>> >>> If it isn't clear from that, then look into the DB audit logging for >>> perhaps busy writes >>> >>> >>> https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging >>> >>> Finally, set 'log level = 5' and look for logs like: LDAP Query: >>> Duration was >>> >>> This will tell you about how long each query is taking, potentially >>> showing a particularly slow query that needs to be stopped. &gt...

...ise/traffic will be the one causing the > > > > trouble. > > > > If it isn't clear from that, then look into the DB audit > > > > logging forperhaps busy writes > > > > > > > > https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging > > > > > > > > Finally, set 'log level = 5' and look for logs like: LDAP > > > > Query:Duration was > > > > This will tell you about how long each query is taking, > > > > potentiallyshowing a particularly slow query that nee...

> > Is the drepl local processes very busy doing inbound replication? How can I check this? My instinct is either the server is very busy (and this should show up in > CPU use) or a transaction is being held open excessively. I use VMs on Proxmox. In DC1, I installed the Proxmox agent, and CPU usage via the dashboard is very low. However, when I checked using 'top,' the LDAP

...ireshark trace. The client making all the > > noise/traffic will be the one causing the trouble. > > > If it isn't clear from that, then look into the DB audit logging for > > perhaps busy writes > > > > https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging > > > > Finally, set 'log level = 5' and look for logs like: LDAP Query: > > Duration was > > > This will tell you about how long each query is taking, potentially > > showing a particularly slow query that needs to be stopped. > > > Andrew Bart...

On Thu, 2024-04-11 at 14:21 -0300, Elias Pereira wrote: > Hello?Andrew, > > 1. What is the explanation for the fact that when the log level is > set to 5 or 7, the NT_STATUS_IO_TIMEOUT error does not appear, but > when it is at the default log level, it does? I don't have an explanation for this, sorry. ?Have you looked into the 1.5 second queries, what is sending them and