Debug ipasam plugin for Samba

Last week I was working on an issue involving ipasam plugin for Samba. I started by enabling more logs:

$ cat /etc/ipa/default.conf
[global]
...
debug=True
$ ipactl restart
$ net conf setparm global "log level" 20

Note: if you add the debug=True parameter in /etc/ipa/default.conf, the settings applies to both IPA server and IPA client, meaning that ipa command line is also set into debug mode (and can be quite verbose…). To set only the server in debug mode, create or edit /etc/ipa/server.conf:

$ cat /etc/ipa/server.conf
[global]
...
debug=True

The logs were then in /var/log/samba. I could see traces corresponding to my issue logged in log.smbd.lsasd.<id> and decided to attach my debugger. The problem was that samba had forked a set of processes and it was impossible to know in advance which one would be used to process the requests.

A simple way to solve this issue is to configure the maximum number of processes forked for lsasd with the following command:

$ net conf setparm global "lsasd:prefork_max_children" 1
$ net conf setparm global "lsasd:prefork_min_children" 1
$ systemctl restart smb

This way, only one process will be used for lsasd. Its pid can be seen in /var/log/samba/log.smbd.lsasd.1:

[2017/03/22 10:19:56.973864, 10, pid=3982, effective(0, 0), real(0, 0)] ../source3/rpc_server/lsasd.c:237(parent_ping)
 Got message that the parent changed status.

Once the pid is known, it is possible to attach the debugger with

$ gdb -p 3982

At that point, it is easy to add breakpoints and debug with the usual methods!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s