How do I collect debugging information for Samba?

Solution Verified - Updated

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • Samba

Issue

  • I'm being asked by my support representative to provide debug logs for the Samba problem I'm experiencing.
  • What's the maximum log level of Samba?

Resolution

The following steps stop and start samba services (smb, winbind).

If you don't want to restart the samba services,
use Solution 640203 - How can I increase the log level of winbind or samba without restarting the services?.

1. Stop all running Samba processes (winbind, smb)

# service winbind stop; service smb stop

2. Remove existing log files from /var/log/samba/

# rm -f /var/log/samba/*

3. Increase log level to maximum

Edit /etc/samba/smb.conf and set the following variables in the [global] section of the config:

     log level = 10
     debug pid = true
     max log size = 0

     # Set this option only if your Samba version is 4.17 or higher
     winbind debug traceid = yes

NOTE: If the variable log file is set it should be commented out. This will allow log entries to be written to the standard log file names.

Starting with samba-4.17, winbindd comes with additional debug logging functionality. To activate the additional debug logging, the option winbind debug traceid has to be set in the smb.conf configuration file. For more details, please refer to man smb.conf.

Issues with winbindd involving user authentication should also use the following in: /etc/security/pam_winbind.conf

debug =  yes

4. Start the processes again (winbind, smb)

# service winbind start; service smb start

5. Attempt to reproduce the issue

Please taking note of timestamps, command output, and results along the way.

For example, if the problem is that a particular Windows client cannot connect to a share, a good description of your test would be:

- 9:35 am: user1 connect to //10.0.0.1/testshare from Windows 7 client  IP 10.0.1.1 - Failed with "Access Denied"

Samba debug logging is very detailed and can result in huge log files.
With this kind of description, it becomes easier to locate the problem in the logs.

5.a. tcpdump (optional)

tcpdump is useful to have when troubleshooting certain problems (such as client/server file operations).
When collecting a tcpdump on the Samba server, you should point it to the IP of the client in question.

# tcpdump -i <interface name> -s0 -w /tmp/samba.pcap host <ip>
5.b. Linux samba client debug output (optional)

When debugging from Linux client, option -d 10 should be included when using either net or `smbclient. Like:

# net ads lookup -d10 &> /tmp/net_output.txt

Debug output from client is logged to stdout, not all debug messages will be in server logs.

6. Create a sosreport.

Please also note that running sosreport without --all-logs might not collect all the Samba debug logs.
But especially for debugging IdM/AD cross-forest trust related issues it's crucial to have all the Samba debug logs available.

# sosreport --all-logs

Alternatively collect the contents of /var/log/samba and a sosreport separately, as a sosreport may exclude log files that are too large.

# tar cjvf samba_debug.tar.bz2 /var/log/samba

7. Attach all collected data to the support case, then restore the previous configuration settings and restart all Samba services.

SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.