Lead Image © monsit jangariyawong, 123RF.com
Improved logging in Samba Winbind
Keeping Track
The Winbind service offers various services for the name service switch (NSS) and pluggable authentication modules (PAMs). On the Windows side, Winbind communicates with the Local Security Authority (LSA), Netlogon, and Lightweight Directory Access Protocol (LDAP) services of a domain controller to localize user accounts, read user data, and ultimately authenticate users. You can use Samba's own net tool, but also Realm [1], as the front end for joining a client to a domain. With Realm, you need to specify the --client-software=winbind option to ensure that the Winbind service and not the system security services daemon (SSSD) is used to join a domain.
Cluttered Logfiles
The primary Winbind process creates a separate child process for each logical AD domain that the service wants to access. Each process is also assigned its own logfile, where you will find varying amounts of information depending on the configured logging level. If you experience issues with integration into a Windows environment, you should set the logging level to a high value to glean as much information as possible for debugging.
The problem in this case is that the sheer volume of log data makes it difficult to understand communication between the Winbind process and a domain controller. The individual entries each comprise a header and the message. Besides a timestamp, the header also contains various other details, such as the configured logging level, Winbind's process ID, the log message class, and the Winbind function that was used, as shown in the following example of a log message from the nss_winbind library:
[2023/05/04 16:20:51.998105, 3, pid=1153814, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:502(process_request_send) process_request_send: [nss_winbind (1153856)] Handling async...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Save money with Samba as the domain controller on a legacy Windows NT-style domain
Samba can act as a PDC or BDC on a Windows NT4-style domain. Compared with a Windows-only solution, Samba saves money on licensing, and users can log in from Linux or OS X. -
Samba domain controller in a heterogeneous environment
The open source Samba service can act as an Active Directory domain controller in a heterogeneous environment. -
Protecting Samba file servers in heterogeneous environments
Because Samba can be integrated easily into heterogeneous environments, a kind of heterogeneous administration is often necessary, and security falls by the wayside. We show you how to use a Samba file server securely in heterogeneous environments. -
What's new in Samba 4
In December 2012, the open source world received the first, and very long awaited, release of the Samba 4.x series. -
Samba pitfalls in daily operation
Once you install Samba, you can still encounter errors, problems, and inconsistencies that plague your file server. We address some of these issues.