Displaying 11 results from an estimated 11 matches for "enabling_ad_dc_database_audit_log".
2024 Apr 24
1
domain join becomes invalid every 24h
...bind, as suggested,
or two different devices) joined under the same name somehow.
Samba DB change audit logs might give a clue, but every 24 hours is
very short, most tooling rotates their password every couple of weeks,
not every 24 hours.
https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Sam...
2024 Mar 11
1
How to diagnose a busy LDAP server process in the Samba AD DC
...ldn't is a detective task
- I always start with a wireshark trace. The client making all the
noise/traffic will be the one causing the trouble.
If it isn't clear from that, then look into the DB audit logging for
perhaps busy writes
https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging
Finally, set 'log level = 5' and look for logs like: LDAP Query:
Duration was
This will tell you about how long each query is taking, potentially
showing a particularly slow query that needs to be stopped.
Andrew Bartlett
On Sun, 2024-03-10 at 19:46 -0300, Elias Pereira wrote:
> >...
2024 Apr 25
1
domain join becomes invalid every 24h
...or two different devices) joined under the same name somehow.
>
> Samba DB change audit logs might give a clue, but every 24 hours is very short, most tooling rotates their password every couple of weeks, not every 24 hours.
>
> https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging
>
> Andrew Bartlett
>
> --
>
> Andrew Bartlett (he/him) https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead https://catalyst.net.nz/services/samba
> Catalyst.Net Ltd
>
> Proudly developing Samba...
2024 Mar 18
1
How to diagnose a busy LDAP server process in the Samba AD DC
...> start with a wireshark trace. The client making all the noise/traffic will
> be the one causing the trouble.
>
> If it isn't clear from that, then look into the DB audit logging for
> perhaps busy writes
>
>
> https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging
>
> Finally, set 'log level = 5' and look for logs like: LDAP Query: Duration
> was
>
> This will tell you about how long each query is taking, potentially
> showing a particularly slow query that needs to be stopped.
>
> Andrew Bartlett
>
> On Sun, 2024-03...
2024 Mar 25
1
How to diagnose a busy LDAP server process in the Samba AD DC
...trace. The client making all the noise/traffic will
>> be the one causing the trouble.
>>
>> If it isn't clear from that, then look into the DB audit logging for
>> perhaps busy writes
>>
>>
>> https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging
>>
>> Finally, set 'log level = 5' and look for logs like: LDAP Query:
>> Duration was
>>
>> This will tell you about how long each query is taking, potentially
>> showing a particularly slow query that needs to be stopped.
>>
>> Andrew Ba...
2024 Apr 24
2
domain join becomes invalid every 24h
Hello,
I'm facing an issue with a file server working under samba 4.17.12
and joined to my domain as domain member: Every 24h hours the domain
join becomes invalid:
#net ads testjoin
kerberos_kinit_password FILESERVER$@MY.DOMAIN failed: Preauthentication failed
Join to domain is not valid: LDAP_INVALID_CREDENTIALS
Then I need to rejoin to come back to normal:
net ads join
2024 Apr 02
1
How to diagnose a busy LDAP server process in the Samba AD DC
...ll the
>>> noise/traffic will be the one causing the trouble.
>>>
>>> If it isn't clear from that, then look into the DB audit logging for
>>> perhaps busy writes
>>>
>>>
>>> https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging
>>>
>>> Finally, set 'log level = 5' and look for logs like: LDAP Query:
>>> Duration was
>>>
>>> This will tell you about how long each query is taking, potentially
>>> showing a particularly slow query that needs to be stopped.
>...
2024 Apr 02
1
How to diagnose a busy LDAP server process in the Samba AD DC
...ise/traffic will be the one causing the
> > > > trouble.
> > > > If it isn't clear from that, then look into the DB audit
> > > > logging forperhaps busy writes
> > > >
> > > > https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging
> > > >
> > > > Finally, set 'log level = 5' and look for logs like: LDAP
> > > > Query:Duration was
> > > > This will tell you about how long each query is taking,
> > > > potentiallyshowing a particularly slow query that nee...
2024 Mar 10
1
kcc_periodic output
>
> Is the drepl local processes very busy doing inbound replication?
How can I check this?
My instinct is either the server is very busy (and this should show up in
> CPU use) or a transaction is being held open excessively.
I use VMs on Proxmox. In DC1, I installed the Proxmox agent, and CPU usage
via the dashboard is very low. However, when I checked using 'top,' the
LDAP
2024 Apr 11
1
How to diagnose a busy LDAP server process in the Samba AD DC
...ireshark trace. The client making all the
>
> noise/traffic will be the one causing the trouble.
>
>
> If it isn't clear from that, then look into the DB audit logging for
>
> perhaps busy writes
>
>
>
> https://wiki.samba.org/index.php/Setting_up_Audit_Logging#Enabling_AD_DC_Database_Audit_Logging
>
>
>
> Finally, set 'log level = 5' and look for logs like: LDAP Query:
>
> Duration was
>
>
> This will tell you about how long each query is taking, potentially
>
> showing a particularly slow query that needs to be stopped.
>
>
> Andrew Bart...
2024 Apr 11
1
How to diagnose a busy LDAP server process in the Samba AD DC
On Thu, 2024-04-11 at 14:21 -0300, Elias Pereira wrote:
> Hello?Andrew,
>
> 1. What is the explanation for the fact that when the log level is
> set to 5 or 7, the NT_STATUS_IO_TIMEOUT error does not appear, but
> when it is at the default log level, it does?
I don't have an explanation for this, sorry. ?Have you looked into the
1.5 second queries, what is sending them and