[Samba] samba log level: ldap log file remains empty

Rowland Penny rpenny at samba.org
Mon Nov 25 10:35:39 UTC 2024


On Mon, 25 Nov 2024 09:48:19 +0000
"Hoefle, Marco \(Avnet Silica\) via samba" <samba at lists.samba.org>
wrote:

> Hello,
> I have different services using ldap for user/passwd queries. I am
> using the LDAP server integrated in the samba domain controller. For
> debugging and login attempts I wanted to have all requests in a
> separate log file. I am using the 2:4.19.5+dfsg-4ubuntu9 (standard
> ubuntu 24.04 package) samba package.
> 
> 
> This is the relevant samba dc config:
> 
> 	server role = active directory domain controller
> 	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = TRAUTES
> 	idmap_ldb:use rfc2307 = yes
> 	allow dns updates = nonsecure and secure
> 	log level = 2
> auth_json_audit:3@/var/log/samba/domain_join.log
> ldap:10@/var/log/samba/ldap.log auth:5 passdb:5 rpc_srv:5 rpc_parse:5
> dnsupdate:10@/var/log/samba/dnsupdate.log log file =
> /var/log/samba/log.%m
> 
> The domain join log file ( /var/log/samba/domain_join.log) is created
> and works (I see each domain join approach). The LDAP queries are not
> in the file. /var/log/samba/ldap.log is created but remains empty
> even after a successful LDAP query.
> 
> Generally, I cannot see any ldap requests in the other log files
> either.

Sorry, but this is because there is no 'ldap' debug class. If you read
'man smb.conf' under 'log level', you will find a full list of
available debug classes. There is 'ldb' if you can use the ldb-tools
instead (note: this may work with ldapsearch etc, but I haven't tried
it.).

Rowland



More information about the samba mailing list