Last week I was working on an issue involving ipasam plugin for Samba. I started by enabling more logs:
$ cat /etc/ipa/default.conf [global] ... debug=True $ ipactl restart $ net conf setparm global "log level" 20
Note: if you add the debug=True parameter in /etc/ipa/default.conf, the settings applies to both IPA server and IPA client, meaning that ipa command line is also set into debug mode (and can be quite verbose…). To set only the server in debug mode, create or edit /etc/ipa/server.conf:
$ cat /etc/ipa/server.conf [global] ... debug=True
The logs were then in /var/log/samba. I could see traces corresponding to my issue logged in log.smbd.lsasd.<id> and decided to attach my debugger. The problem was that samba had forked a set of processes and it was impossible to know in advance which one would be used to process the requests.
A simple way to solve this issue is to configure the maximum number of processes forked for lsasd with the following command:
$ net conf setparm global "lsasd:prefork_max_children" 1 $ net conf setparm global "lsasd:prefork_min_children" 1 $ systemctl restart smb
This way, only one process will be used for lsasd. Its pid can be seen in /var/log/samba/log.smbd.lsasd.1:
[2017/03/22 10:19:56.973864, 10, pid=3982, effective(0, 0), real(0, 0)] ../source3/rpc_server/lsasd.c:237(parent_ping) Got message that the parent changed status.
Once the pid is known, it is possible to attach the debugger with
$ gdb -p 3982
At that point, it is easy to add breakpoints and debug with the usual methods!