Manualshelf

LDAP-UX Client Services B.04.10 with Microsoft Windows Active Directory Server Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
121122123124125126127128129130
TIP: Enable LDAP logging only long enough to collect the data you need because logging can
significantly reduce performance and generate large log files.
You may want to move the existing log file and start with an empty file:
mv /var/adm/syslog/local0.log /var/adm/syslog/local0.log.save
Restart the syslogdaemon with the following command: (Refer to syslogd(1M)or details.)
kill -HUP 'cat /var/run/syslog.pid'.
Enabling and Disabling PAM Logging
When something is behaving incorrectly, enabling logging is one way to examine the events that
occur to determine where the problem is. Complete the following steps to enable PAM logging
on a particular client. Refer to pam(1), pam.conf(4), and Managing Systems and Workgroups for more
information about PAM.
1. Add the debug option to each line in /etc/pam.conf that contains libpam_krb5.1. For
example:
login account sufficient /usr/lib/security/libpam_krb5.1 debug
login account required /usr/lib/security/libpam_unix.1
su account sufficient /usr/lib/security/libpam_krb5.1 debug
su account required /usr/lib/security/libpam_unix.1
...
2. Edit the file /etc/syslog.confand add a new line at the bottom similar to the following:
*.debug <tab>/var/adm/syslog/debug.log
3. Restart the syslog daemon with the following command. (Refer to syslogd(1M) for details.)
kill -HUP 'cat /var/run/syslog.pid'
4. Once logging is enabled, run the HP-UX commands or applications that exhibit the problem.
5. Restore the file /etc/syslog.confto its previous state to stop logging.
6. Restart the syslogdaemon with the following command: (Refer to syslogd(1M) for details.)
kill -HUP 'cat /var/run/syslog.pid'
7. Remove the debug options from /etc/pam.conf.
8. Examine the log file at /var/adm/syslog/debug.log to see what actions were performed
and if any are unexpected. Look for lines containing PAM.
TIP: Enable PAM logging only long enough to collect the data you need because logging can
significantly reduce performance and generate large log files.
You may want to move the existing log file and start with an empty file: mv
/var/adm/syslog/debug.log /var/adm/syslog/debug.log.save. Restore the file
when finish.
Restart the syslog daemon with the following command (Refer to syslogd(1M) for details.)
kill -HUP 'cat /var/run/syslog.pid'
Viewing Active Directory Service Log Files
You can view Active Directory event log files using the Windows 2000 or 2003 Event Viewer. To
start the viewer, click Start->Programs->Administrative Tools->EventViewer.
Troubleshooting 129