LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide

Administering LDAP-UX Client Services

Troubleshooting

Chapter 4126

kill -HUP ‘cat /var/run/syslog.pid‘

Step 7. Remove the

debug

options from /etc/pam.conf.

Step 8. Examine the log ﬁle at /var/adm/syslog/debug.log to see what actions

were performed and if any are unexpected. Look for lines containing PAM.

TIP Enable PAM logging only long enough to collect the data you need

because logging can signiﬁcantly reduce performance and generate large

log ﬁles.

You may want to move the existing log ﬁle and start with an empty ﬁle:

mv /var/adm/syslog/debug.log /var/adm/syslog/debug.log.save.

Restore the ﬁle when ﬁnish.

Restart the syslog daemon with the following command (Refer to

syslogd (1M) for details.)

kill -HUP ‘cat /var/run/syslog.pid‘

Viewing Active Directory Service Log Files

You can view Active Directory event log ﬁles using the Windows 2000 or

2003 Event Viewer. To start the viewer, click

Start->Programs->Administrative Tools->EventViewer.

User Cannot Log on to Client System

If a user cannot log in to a client system, perform the following checks.

• Use a command like pwget(1) with -n, or nsquery(1)

to verify that

NSS is working:

pwget -n username

nsquery passwd username

1. nsquery(1) is a contributed tool included with the ONC/NFS

product.