From 4f5791ebd03eaec1c7da0865a383175b05102712 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 5 May 2024 19:47:29 +0200 Subject: Adding upstream version 2:4.17.12+dfsg. Signed-off-by: Daniel Baumann --- docs-xml/smbdotconf/logging/debugclass.xml | 17 ++ .../smbdotconf/logging/debughirestimestamp.xml | 18 +++ docs-xml/smbdotconf/logging/debugpid.xml | 18 +++ .../smbdotconf/logging/debugprefixtimestamp.xml | 18 +++ docs-xml/smbdotconf/logging/debugsyslogformat.xml | 21 +++ docs-xml/smbdotconf/logging/debugtraceid.xml | 13 ++ docs-xml/smbdotconf/logging/debuguid.xml | 16 ++ docs-xml/smbdotconf/logging/ldapdebuglevel.xml | 28 ++++ docs-xml/smbdotconf/logging/ldapdebugthreshold.xml | 15 ++ docs-xml/smbdotconf/logging/logfile.xml | 18 +++ docs-xml/smbdotconf/logging/logging.xml | 45 ++++++ docs-xml/smbdotconf/logging/loglevel.xml | 171 +++++++++++++++++++++ docs-xml/smbdotconf/logging/maxlogsize.xml | 17 ++ docs-xml/smbdotconf/logging/syslog.xml | 25 +++ docs-xml/smbdotconf/logging/syslogonly.xml | 19 +++ docs-xml/smbdotconf/logging/timestamplogs.xml | 14 ++ 16 files changed, 473 insertions(+) create mode 100644 docs-xml/smbdotconf/logging/debugclass.xml create mode 100644 docs-xml/smbdotconf/logging/debughirestimestamp.xml create mode 100644 docs-xml/smbdotconf/logging/debugpid.xml create mode 100644 docs-xml/smbdotconf/logging/debugprefixtimestamp.xml create mode 100644 docs-xml/smbdotconf/logging/debugsyslogformat.xml create mode 100644 docs-xml/smbdotconf/logging/debugtraceid.xml create mode 100644 docs-xml/smbdotconf/logging/debuguid.xml create mode 100644 docs-xml/smbdotconf/logging/ldapdebuglevel.xml create mode 100644 docs-xml/smbdotconf/logging/ldapdebugthreshold.xml create mode 100644 docs-xml/smbdotconf/logging/logfile.xml create mode 100644 docs-xml/smbdotconf/logging/logging.xml create mode 100644 docs-xml/smbdotconf/logging/loglevel.xml create mode 100644 docs-xml/smbdotconf/logging/maxlogsize.xml create mode 100644 docs-xml/smbdotconf/logging/syslog.xml create mode 100644 docs-xml/smbdotconf/logging/syslogonly.xml create mode 100644 docs-xml/smbdotconf/logging/timestamplogs.xml (limited to 'docs-xml/smbdotconf/logging') diff --git a/docs-xml/smbdotconf/logging/debugclass.xml b/docs-xml/smbdotconf/logging/debugclass.xml new file mode 100644 index 0000000..eee3cc5 --- /dev/null +++ b/docs-xml/smbdotconf/logging/debugclass.xml @@ -0,0 +1,17 @@ + + + + With this boolean parameter enabled, the debug class (DBGC_CLASS) + will be displayed in the debug header. + + + For more information about currently available debug classes, see + section about . + + + +no + diff --git a/docs-xml/smbdotconf/logging/debughirestimestamp.xml b/docs-xml/smbdotconf/logging/debughirestimestamp.xml new file mode 100644 index 0000000..79d928a --- /dev/null +++ b/docs-xml/smbdotconf/logging/debughirestimestamp.xml @@ -0,0 +1,18 @@ + + + + Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this + boolean parameter adds microsecond resolution to the timestamp message header when turned on. + + + + Note that the parameter or + must be on for this to have an effect. + + + +yes + diff --git a/docs-xml/smbdotconf/logging/debugpid.xml b/docs-xml/smbdotconf/logging/debugpid.xml new file mode 100644 index 0000000..8e6436c --- /dev/null +++ b/docs-xml/smbdotconf/logging/debugpid.xml @@ -0,0 +1,18 @@ + + + + When using only one log file for more then one forked smbd + 8-process there may be hard to follow which process outputs which + message. This boolean parameter is adds the process-id to the timestamp message headers in the + logfile when turned on. + + + + Note that the parameter must be on for this to have an effect. + + +no + diff --git a/docs-xml/smbdotconf/logging/debugprefixtimestamp.xml b/docs-xml/smbdotconf/logging/debugprefixtimestamp.xml new file mode 100644 index 0000000..0a004d4 --- /dev/null +++ b/docs-xml/smbdotconf/logging/debugprefixtimestamp.xml @@ -0,0 +1,18 @@ + + + + With this option enabled, the timestamp message header is prefixed to the debug message without the + filename and function information that is included with the + parameter. This gives timestamps to the messages without adding an additional line. + + + + Note that this parameter overrides the parameter. + + + +no + diff --git a/docs-xml/smbdotconf/logging/debugsyslogformat.xml b/docs-xml/smbdotconf/logging/debugsyslogformat.xml new file mode 100644 index 0000000..f943f3a --- /dev/null +++ b/docs-xml/smbdotconf/logging/debugsyslogformat.xml @@ -0,0 +1,21 @@ + + + + With this option enabled, debug messages are printed in a + single-line format like that traditionally produced by syslog. + The timestamp consists of an abbreviated month, space-padded date, + and time including seconds. This is followed by the hostname and + the program name, with the process-ID in square brackets. + + + + If is also enabled + then an RFC5424 timestamp is used instead. + + + +no + diff --git a/docs-xml/smbdotconf/logging/debugtraceid.xml b/docs-xml/smbdotconf/logging/debugtraceid.xml new file mode 100644 index 0000000..61a451d --- /dev/null +++ b/docs-xml/smbdotconf/logging/debugtraceid.xml @@ -0,0 +1,13 @@ + + + + With this boolean parameter enabled, the per request unique traceid + will be displayed in the debug header for winbind processes. + + + +no + diff --git a/docs-xml/smbdotconf/logging/debuguid.xml b/docs-xml/smbdotconf/logging/debuguid.xml new file mode 100644 index 0000000..1dd1dbf --- /dev/null +++ b/docs-xml/smbdotconf/logging/debuguid.xml @@ -0,0 +1,16 @@ + + + + Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the + current euid, egid, uid and gid to the timestamp message headers in the log file if turned on. + + + + Note that the parameter must be on for this to have an effect. + + +no + diff --git a/docs-xml/smbdotconf/logging/ldapdebuglevel.xml b/docs-xml/smbdotconf/logging/ldapdebuglevel.xml new file mode 100644 index 0000000..2092b7d --- /dev/null +++ b/docs-xml/smbdotconf/logging/ldapdebuglevel.xml @@ -0,0 +1,28 @@ + + + + This parameter controls the debug level of the LDAP library + calls. In the case of OpenLDAP, it is the same + bit-field as understood by the server and documented in the + + slapd.conf + 5 + + manpage. + A typical useful value will be + 1 for tracing function calls. + + + The debug output from the LDAP libraries appears with the + prefix [LDAP] in Samba's logging output. + The level at which LDAP logging is printed is controlled by the + parameter ldap debug threshold. + + +0 +1 + diff --git a/docs-xml/smbdotconf/logging/ldapdebugthreshold.xml b/docs-xml/smbdotconf/logging/ldapdebugthreshold.xml new file mode 100644 index 0000000..2783ac9 --- /dev/null +++ b/docs-xml/smbdotconf/logging/ldapdebugthreshold.xml @@ -0,0 +1,15 @@ + + + + This parameter controls the Samba debug level at which + the ldap library debug output is + printed in the Samba logs. See the description of + ldap debug level for details. + + +10 +5 + diff --git a/docs-xml/smbdotconf/logging/logfile.xml b/docs-xml/smbdotconf/logging/logfile.xml new file mode 100644 index 0000000..07762ee --- /dev/null +++ b/docs-xml/smbdotconf/logging/logfile.xml @@ -0,0 +1,18 @@ + + + + This option allows you to override the name of the Samba log file (also known as the debug file). + + + + This option takes the standard substitutions, allowing you to have separate log files for each user or machine. + + +/usr/local/samba/var/log.%m + diff --git a/docs-xml/smbdotconf/logging/logging.xml b/docs-xml/smbdotconf/logging/logging.xml new file mode 100644 index 0000000..0ab2c1f --- /dev/null +++ b/docs-xml/smbdotconf/logging/logging.xml @@ -0,0 +1,45 @@ + + + + This parameter configures logging backends. Multiple + backends can be specified at the same time, with different log + levels for each backend. The parameter is a list of backends, + where each backend is specified as backend[:option][@loglevel]. + + The 'option' parameter can be used to pass backend-specific + options. + + The log level for a backend is optional, if it is not set for + a backend, all messages are sent to this backend. The parameter + determines overall log levels, + while the log levels specified here define what is sent to the + individual backends. + + When is set, it overrides the + and parameters. + + Some backends are only available when Samba has been compiled + with the additional libraries. The overall list of logging backends: + + + syslog + file + systemd + lttng + gpfs + ringbuf + + + The ringbuf backend supports an + optional size argument to change the buffer size used, the default is 1 MB: + ringbuf:size=NBYTES + + + +syslog@1 file + diff --git a/docs-xml/smbdotconf/logging/loglevel.xml b/docs-xml/smbdotconf/logging/loglevel.xml new file mode 100644 index 0000000..434c5d0 --- /dev/null +++ b/docs-xml/smbdotconf/logging/loglevel.xml @@ -0,0 +1,171 @@ + +debuglevel + + + The value of the parameter (a string) allows the debug level (logging level) to be specified in the + smb.conf file. + + + This parameter has been extended since the 2.2.x + series, now it allows one to specify the debug level for multiple + debug classes and distinct logfiles for debug classes. This is to give + greater flexibility in the configuration of the system. The following + debug classes are currently implemented: + + + + all + tdb + printdrivers + lanman + smb + rpc_parse + rpc_srv + rpc_cli + passdb + sam + auth + winbind + vfs + idmap + quota + acls + locking + msdfs + dmapi + registry + scavenger + dns + ldb + tevent + auth_audit + auth_json_audit + kerberos + drs_repl + smb2 + smb2_credits + dsdb_audit + dsdb_json_audit + dsdb_password_audit + dsdb_password_json_audit + dsdb_transaction_audit + dsdb_transaction_json_audit + dsdb_group_audit + dsdb_group_json_audit + + + Various modules register dynamic debug classes at first usage: + + catia + dfs_samba4 + extd_audit + fileid + fruit + full_audit + media_harmony + preopen + recycle + shadow_copy + shadow_copy + unityed_media + virusfilter + + + To configure the logging for specific classes to go into a different + file then , you can append + @PATH to the class, eg log level = 1 + full_audit:1@/var/log/audit.log. + + Authentication and authorization audit information is logged + under the auth_audit, and if Samba was not compiled with + --without-json, a JSON representation is logged under + auth_json_audit. + + Support is comprehensive for all authentication and authorisation + of user accounts in the Samba Active Directory Domain Controller, + as well as the implicit authentication in password changes. In + the file server, NTLM authentication, SMB and RPC authorization is + covered. + + Log levels for auth_audit and + auth_audit_json are: + + 2: Authentication Failure + 3: Authentication Success + 4: Authorization Success + 5: Anonymous Authentication and Authorization Success + + + Changes to the AD DC sam.ldb + database are logged under the dsdb_audit + and a JSON representation is logged under + dsdb_json_audit. + + Group membership changes to the AD DC sam.ldb database are logged under the + dsdb_group_audit and a JSON representation + is logged under + dsdb_group_json_audit. + + Log levels for dsdb_audit, + dsdb_json_audit, + dsdb_group_audit, + dsdb_group_json_audit and + dsdb_json_audit are: + + 5: Database modifications + 5: Replicated updates from another DC + + + Password changes and Password resets in the AD DC are logged + under dsdb_password_audit and a JSON + representation is logged under the + dsdb_password_json_audit. Password changes + will also appears as authentication events via + auth_audit and + auth_audit_json. + + Log levels for dsdb_password_audit and + dsdb_password_json_audit are: + + 5: Successful password changes and resets + + + Transaction rollbacks and prepare commit failures are logged under + the dsdb_transaction_audit and a JSON representation is logged under the + dsdb_transaction_json_audit. + + Log levels for dsdb_transaction_audit and + dsdb_transaction_json are: + + + 5: Transaction failure (rollback) + 10: Transaction success (commit) + + + Transaction roll-backs are possible in Samba, and whilst + they rarely reflect anything more than the failure of an + individual operation (say due to the add of a conflicting record), + they are possible. Audit logs are already generated and sent to + the system logs before the transaction is complete. Logging the + transaction details allows the identification of password and + sam.ldb operations that have + been rolled back, and so have not actually persisted. + + Changes to sam.ldb made locally by the root user with direct access to the + database are not logged to the system logs, but to the + administrator's own console. While less than ideal, any user able + to make such modifications could disable the audit logging in any + case. + +0 +3 passdb:5 auth:10 winbind:2 +1 full_audit:1@/var/log/audit.log winbind:2 + diff --git a/docs-xml/smbdotconf/logging/maxlogsize.xml b/docs-xml/smbdotconf/logging/maxlogsize.xml new file mode 100644 index 0000000..8a1979d --- /dev/null +++ b/docs-xml/smbdotconf/logging/maxlogsize.xml @@ -0,0 +1,17 @@ + + + + This option (an integer in kilobytes) specifies the max size the log file should grow to. + Samba periodically checks the size and if it is exceeded it will rename the file, adding + a .old extension. + + + A size of 0 means no limit. + + +5000 +1000 + diff --git a/docs-xml/smbdotconf/logging/syslog.xml b/docs-xml/smbdotconf/logging/syslog.xml new file mode 100644 index 0000000..78e694e --- /dev/null +++ b/docs-xml/smbdotconf/logging/syslog.xml @@ -0,0 +1,25 @@ + + + + This parameter maps how Samba debug messages are logged onto the system syslog logging levels. + Samba debug level zero maps onto syslog LOG_ERR, debug level one maps onto + LOG_WARNING, debug level two maps onto LOG_NOTICE, + debug level three maps onto LOG_INFO. All higher levels are mapped to LOG_DEBUG. + + + + This parameter sets the threshold for sending messages to syslog. Only messages with debug + level less than this value will be sent to syslog. There still will be some + logging to log.[sn]mbd even if syslog only is enabled. + + + The parameter should be used + instead. When is set, it + overrides the parameter. + +1 + diff --git a/docs-xml/smbdotconf/logging/syslogonly.xml b/docs-xml/smbdotconf/logging/syslogonly.xml new file mode 100644 index 0000000..b9aea2d --- /dev/null +++ b/docs-xml/smbdotconf/logging/syslogonly.xml @@ -0,0 +1,19 @@ + + + + If this parameter is set then Samba debug messages are logged into the system + syslog only, and not to the debug log files. There still will be some + logging to log.[sn]mbd even if syslog only is enabled. + + + + The parameter should be used + instead. When is set, it + overrides the parameter. + +no + diff --git a/docs-xml/smbdotconf/logging/timestamplogs.xml b/docs-xml/smbdotconf/logging/timestamplogs.xml new file mode 100644 index 0000000..28003c3 --- /dev/null +++ b/docs-xml/smbdotconf/logging/timestamplogs.xml @@ -0,0 +1,14 @@ + +debug timestamp + + + Samba debug log messages are timestamped by default. If you are running at a high + these timestamps can be distracting. This + boolean parameter allows timestamping to be turned off. + + +yes + -- cgit v1.2.3