How to add Kerberos logging to troubleshoot Active Directory related problems
Article ID: 160744
Updated On:
Products
Data Loss Prevention Enforce
Issue/Introduction
Is there a way to enable Kerberos logging on Enforce for troubleshooting?
Resolution
The following log levels can be added within the Kerberos module:
Add to the krb5.ini the following:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
This will capture the Kerberos logging and tells where to write it to. In above examples it will be written to the designated files. You can also specify syslog servers as reference as in the following example
[logging]
kdc = SYSLOG:info:local1
admin-server = SYSLOG:info:local2
default = SYSLOG:err:auth
See also TECH220609 - Tips on setting up Active Directory Authentication
default = SYSLOG:err:auth
See also TECH220609 - Tips on setting up Active Directory Authentication
Feedback
Yes
No
Powered by
