Generate a PAM Debug Log for AD Bridge
You can set the level of reporting in the PAM debug log for the AD Bridge authentication service on a Linux or Unix computer. PAM stands for pluggable authentication modules.
The log levels are:
- disabled
- error
- warning
- info
- verbose
The logged data is sent to your system's syslog message repository for security and authentication. The location of the repository varies by operating system.
Here are the typical locations for a few platforms:
- Ubuntu: /var/log/auth.log
- Red Hat: /var/log/secure
- Solaris: Check the syslog.conf file or rsyslog.conf file
The following procedure demonstrates how to change the value of the PAM key's LogLevel entry with the config command-line utility.
- Use the details option to list the values that the PAMLogLevel setting accepts:
/opt/pbis/bin/config --details PAMLogLevel Name: PAMLogLevel Description: Configure PAM lsass logging detail level Type: string Current Value: "disabled" Acceptable Value: "disabled" Acceptable Value: "error" Acceptable Value: "warning" Acceptable Value: "info" Acceptable Value: "verbose" Current Value is determined by local policy.
- As root change the setting to error so that AD Bridge will log PAM errors:
/opt/pbis/bin/config PAMLogLevel error
- Confirm that the change took effect:
/opt/pbis/bin/config --show PAMLogLevel string error local policy
For more information on the arguments of config, run the following command:
/opt/pbis/bin/config --help
