[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?

Igor Belyi sambauser at katehok.ac93.org
Wed Sep 29 23:39:25 GMT 2004

Jim C. wrote:
> Can you reccomend 
> appropriate log levels for slapd/smbd?  I've always had trouble with 
> them which may explain a lot.

The easiest way with the logs is to do it step by step, increasing 
volume  of information on each step until you can say: "That's enough!" 
With practice you'll get the feeling with what level to start next time.

So, first without any 'log level' check if there's any error messages in 
the log. Since you are not able to login there's definitely at least 
something there. Then, since you have trouble with calls to ldap I would 
select 'log level=5' since this is the level smbldap_search prints its 
arguments at, but feel free to try anything between 1-4 too - maybe your 
intuition will guide you better with lesser volume of extra information.

Commenting out things which you've added is also good approach, but if 
you ask me - I prefer gradual approach - first try something simple, see 
if it works and them move on adding regular expressions all over the 
place. It's much easier to see difference in your logic and in logic of 
LDAP/Samba/or any other program on some simple things. If simple 
statement like:

access to dn.subtree="dc=j9starr,dc=net"
	by group="cnReplicator,ou=Group,dc=j9starr,dc=net"
	by * read

doesn't work, adding regexp to it won't help to resolve this problem. 
Did you check that it works without group with a simple 'by dn='?

Ok, sorry... I've got in a lecture mood. It's just too confusing to see 
what exactly you do and what kind of problems you encounter.


More information about the samba mailing list