[Samba] samba log level: ldap log file remains empty
Hoefle, Marco (Avnet Silica)
Marco.Hoefle at avnet.eu
Thu Dec 5 06:41:57 UTC 2024
Hi Kees,
this is not an LDAP issue. I have a Samba Fileserver joined to the Samba Domain controller and all 15 Minutes I get this on the Domain controller log:
| Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\[SAMBA-SRV$@XXX.XFAE] at [Wed, 04 Dec 2024 15:58:47.044307 CET]
I tried this on the AD side:
[kdcdefaults]
max_life = 10h # Default ticket lifetime
max_renewable_life = 7d
But I still see every ~15 Minutes the KDC authentication log. If I cannot have the LDAP requests in a separate log, with the samba version I use, than I would like to have
as little events in the main log as possible.
Do you have an idea where this 15 minute interval comes from?
Thanks,
Marco
> Thanks Kees,
>
> I have now installed the debian backports:
> root at dc:/# dpkg -l | grep samba-ad
> ii samba-ad-dc 2:4.21.2+dfsg-3 amd64 Samba control files to run AD Domain Controller
>
> and added this
> log level = 2 auth_json_audit:3@/var/log/samba/domain_join.log auth:2@/var/log/samba/auth.log ldapsrv:10@/var/log/samba/ldap.log passdb:2 rpc_srv:2 rpc_parse:2
>
> the file /var/log/samba/ldap.log remains empty even if a successful ldap request has occurred.
>
> I wanted to clean the logging. I noticed that I get every 15 minutes this:
>
> samba | Calling samba_kcc script
> samba | Calling samba_kcc script
> samba | Calling samba_kcc script
> samba | Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\[SAMBA-SRV$@XXX.XFAE] at [Wed, 04 Dec 2024 15:58:47.044307 CET] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_PROTOCOL_UNREACHABLE] workstation [(null)] remote host [ipv4:10.3.0.6:53159] mapped to [XXXX]\[SAMBA-SRV$]. local host [NULL]
>
>
> Do you know where this time comes from? There is on samba file server joined to the AD.
If you mean to say: "This is on samba file server joined to the AD.",
then that might be the reason. LDAP queries are made to DC servers, not
to file servers.
- Kees.
>
> /Marco
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
> We continuously commit to comply with the applicable data protection laws and ensure fair and transparent processing of your personal data.
> Please read our privacy statement including an information notice and data protection policy for detailed information on our website.
> We continuously commit to comply with the applicable data protection laws and ensure fair and transparent processing of your personal data.
> Please read our privacy statement including an information notice and data protection policy for detailed information on our website.
We continuously commit to comply with the applicable data protection laws and ensure fair and transparent processing of your personal data.
Please read our privacy statement including an information notice and data protection policy for detailed information on our website.
More information about the samba
mailing list