pbis / BeyondTrust

Change Loglevel https://www.beyondtrust.com/docs/ad-bridge/how-to/troubleshoot/agent/logging/index.htm

There are debug logs for the following services in AD Bridge Enterprise:

lsass: The authentication service. Generate a debug log for lsass when you need to troubleshoot authentication errors or failures.
PAM: The pluggable authentication modules used by AD Bridge Enterprise. Create a debug log for PAM when you need to troubleshoot logon or authentication problems.
netlogon: The site affinity service that detects the optimal domain controller and global catalog. Generate a debug log for netlogon when you need to troubleshoot problems with sending requests to domain controllers or getting information from the global catalog.
lwio: The input-output service that manages interprocess communication.
eventlog: The event collection service. Generate a debug log for eventlog to troubleshoot the collection and processing of security events.
lwreg: The AD Bridge Enterprise registry service. Generate a debug log for lwreg to troubleshoot ill-fated configuration changes to the registry.
lwsm: The service manager.
reapsysl: Part of the data collection service. Capture a debug log for reapsysl to investigate the collection and processing of events.
gpagent: The Group Policy agent. Generate a debug log for gpagent to troubleshoot the application or processing of Group Policy Objects (GPOs).
eventfwd: The event forwarding service. Generate a debug log to verify that the service is receiving events and forwarding them to a collector server.
lwsc: The smart card service. Gather logging information for the smart card service when card-insertion or card-removal behavior is other than expected.
lwpkcs11: A service that aids in logging on and logging off with a smart card. Gather logging information about it when there is a problem logging on or logging off with a smart card.

Troubleshooting

Logging, Loglevels, Logfiles ... - PBIS AD logs, commands for logging

List Likewise/PBIS service

>/opt/pbis/bin/lwsm list

Example:

> /opt/pbis/bin/lwsm list
lwreg       running (container: 5544)
dcerpc      stopped
eventlog    stopped
lsass       running (container: 5660)
lwio        running (container: 5621)
netlogon    running (container: 5584)
rdr         running (io: 5621)

Delete AD Object/Computer Account

Add pbis to path:

> PATH=/opt/pbis/bin:$PATH

Create Kerberos ticket:

> kinit testzzdom@testdom.testads.de
Password for testzzdom@testdom.testads.de:

enter password. Now you can list the tickets with:

> klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: testzzdom@testdom.testads.de
 
Valid starting     Expires            Service principal
04/25/23 10:31:05  04/25/23 20:31:11  krbtgt/testdom.testads.de@testdom.testads.de
        renew until 05/02/23 10:31:05

Show all computer objects with filter server*:

> adtool -a search-computer --name 'server*'
CN=server,OU=Test-OU,OU=Computers,OU=Test,OU=Provider,DC=testdom,DC=testads,DC=de
CN=secondserver,OU=Test-OU,OU=Computers,OU=Test,OU=Provider,DC=testdom,DC=zzads,DC=de
 
Total computers: 2

Finally delete the object with:

> adtool -a delete-object --dn 'CN=secondserver,OU=Test-OU,OU=Computers,OU=Test,OU=Provider,DC=testdom,DC=testads,DC=de'
Object CN=secondserver,OU=Test-OU,OU=Computers,OU=Test,OU=Provider,DC=testdom,DC=testads,DC=de has been deleted.

Authors:

Claus Astheimer
Jochen Schnürle