search cancel

How to add Kerberos logging to troubleshoot Active Directory related problems


Article ID: 160744


Updated On:


Data Loss Prevention Enforce


Is there a way to enable Kerberos logging on Enforce for troubleshooting?


The following log levels can be added within the Kerberos module:

 Add to the krb5.ini the following:


default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log

This will capture the Kerberos logging and tells where to write it to. In above examples it will be written to the designated files. You can also specify syslog servers as reference as in the following example


kdc = SYSLOG:info:local1
admin-server = SYSLOG:info:local2
default = SYSLOG:err:auth

See also TECH220609 - Tips on setting up Active Directory Authentication