[Samba] Samba Kerberos Logs
Andrew Bartlett
abartlet at samba.org
Wed Feb 28 20:57:29 UTC 2024
On Tue, 2024-02-27 at 16:46 +1300, June Chong | TechnologyWise via
samba wrote:
> Hi team,
> Is there a way to grab Kerberos specific log entries?
> Example:
> /Auth: [Kerberos KDC,ENC-TS Pre-authentication] user.../
> I have tried using the kerberos class but nothing was logged when I
> specified a path.
> This is what I have on my smb.conf.
> /[global] log level = 1
> kerberos:2@/var/log/samba/kerberos.log
> auth_audit:3@/var/log/samba/audit.log
> winbind:2@/var/log/samba/winbind.log/
> I have also noticed that the log.samba file has a limit of /4.9 MB/
> before log rotation happens. Putting /max log size = 512002/ does not
> seem to help.
> I tried using the full_audit class for logging but the system
> returned with an error that it is an unknown class.
> //[2024/01/31 13:08:14.699574, 0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> /usr/sbin/samba_kcc: debug_lookup_classname: Unknown
> classname[full_audit] -> adding it...//
Kia Ora June,
I'm sorry this is less clear than it should be. kerberos actually
refers only to logs from the Kerberos library itself, or the KDC
But the ones you want are from Samba, in auth_audit (and the related
auth_audit_json) like you have.
https://wiki.samba.org/index.php/Setting_up_Audit_Logging
This is different again to the VFS file change auditing, which is what
full_audit is about.
Setting 'max log size = 0' should stop the rotation.
Let me know if this doesn't help, and I'll work with you to get to the
bottom of what is going on.
Andrew Bartlett--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list