Generate a PAM Debug Log for AD Bridge
You can set the level of reporting in the PAM debug log for the AD Bridge Enterprise authentication service on a Linux or Unix computer. PAM stands for pluggable authentication modules.
The log levels are:
The logged data is sent to your system's syslog message repository for security and authentication. The location of the repository varies by operating system.
Here are the typical locations for a few platforms:
- Ubuntu: /var/log/auth.log
- Red Hat: /var/log/secure
- Solaris: /var/log/authlog
- macOS: /var/log/system.log
The following procedure demonstrates how to change the value of the PAM key's LogLevel entry with the config command-line utility.
- Use the details option to list the values that the DomainManagerIgnoreAllTrusts setting accepts:
/opt/pbis/bin/config --details PAMLogLevel Name: PAMLogLevel Description: Configure PAM lsass logging detail level Type: string Current Value: "disabled" Acceptable Value: "disabled" Acceptable Value: "error" Acceptable Value: "warning" Acceptable Value: "info" Acceptable Value: "verbose" Current Value is determined by local policy.
- As root change the setting to error so that AD Bridge Enterprise will log PAM errors:
/opt/pbis/bin/config PAMLogLevel error
- Confirm that the change took effect:
/opt/pbis/bin/config --show PAMLogLevel string error local policy
For more information on the arguments of config, run the following command: