diff --git a/bin/pyntlm_auth/config_loader.py b/bin/pyntlm_auth/config_loader.py index 28c67c5f23b..79795d87d43 100644 --- a/bin/pyntlm_auth/config_loader.py +++ b/bin/pyntlm_auth/config_loader.py @@ -8,6 +8,7 @@ import config_generator import global_vars import utils +import log def get_boolean_value(v): @@ -38,45 +39,51 @@ def get_int_value(v): def config_load(): - global_vars.c_listen_port = os.getenv("LISTEN") - global_vars.c_domain_identifier = socket.gethostname() + " " + os.getenv("IDENTIFIER") + listen = os.getenv("LISTEN") + identifier = os.getenv("IDENTIFIER") - if global_vars.c_domain_identifier == "" or global_vars.c_listen_port == "": - print("Unable to start ntlm-auth-api: 'IDENTIFIER' or 'LISTEN' is missing.") + if not listen: + log.critical("unable to start ntlm-auth-api: missing environment variable 'LISTEN'") + exit(1) + if not identifier: + log.critical("unable to start ntlm-auth-api: missing environment variable 'IDENTIFIER'") exit(1) - print(f"ntlm-auth-api@{global_vars.c_domain_identifier} on port {global_vars.c_listen_port}...") + global_vars.c_listen_port = os.getenv("LISTEN") + global_vars.c_domain_identifier = socket.gethostname() + " " + os.getenv("IDENTIFIER") + + log.debug(f"ntlm-auth-api@{identifier} starting on port {global_vars.c_listen_port}") identifier = global_vars.c_domain_identifier conf_dm = "/usr/local/pf/conf/domain.conf" cp_dm = ConfigParser(interpolation=None) - print(f"Load domain config from {conf_dm}") + log.debug(f"Load domain config from {conf_dm}") try: with open(conf_dm, 'r') as file: cp_dm.read_file(file) if identifier not in cp_dm: - print(f" Section {identifier} does not exist in domain.conf. Terminated.") + log.critical(f"Section {identifier} does not exist in domain.conf. Terminated.") sys.exit(1) except FileNotFoundError: - print(f" {conf_dm} not found or unreadable. Terminated.") + log.critical(f"{conf_dm} not found or unreadable. Terminated.") sys.exit(1) except configparser.Error as e: - print(f" Error loading config from domain.conf: {e}. Terminated.") + log.critical(f"Error loading config from domain.conf: {e}. Terminated.") sys.exit(1) conf_db = f"/usr/local/pf/var/conf/ntlm-auth-api.d/db.ini" cp_db = ConfigParser(interpolation=None) - print(f"Load database config from {conf_db}") + log.debug(f"Load database config from {conf_db}") try: with open(conf_db, 'r') as file: cp_db.read_file(file) if 'DB' not in cp_db: - print(f" Section [DB] not found, ntlm-auth-api starts without NT Key caching capability.") + log.warning(f"Section [DB] not found, ntlm-auth-api starts without NT Key caching capability.") except FileNotFoundError: - print(f" {conf_db} not found, ntlm-auth-api@{identifier} starts without NT Key caching capability.") + log.warning(f"{conf_db} not found, ntlm-auth-api@{identifier} starts without NT Key caching capability.") except configparser.Error as e: - print(f" Error loading {conf_db}: {e}, ntlm-auth-api@{identifier} starts without NT Key caching capability.") + log.warning(f"Error loading {conf_db}: {e}, ntlm-auth-api@{identifier} starts without NT Key caching capability.") server_name_raw = cp_dm.get(identifier, 'server_name') server_name_or_hostname = server_name_raw @@ -111,12 +118,11 @@ def config_load(): c_db_pass = cp_db.get('DB', "DB_PASS", fallback=None) c_db = cp_db.get('DB', "DB", fallback=None) c_db_unix_socket = cp_db.get('DB', 'DB_UNIX_SOCKET', fallback=None) - print(f" {c_db_user}:{utils.mask_password(c_db_pass)}@{c_db_host}:{c_db_port}/{c_db}") + log.debug(f"db config: {c_db_user}:{utils.mask_password(c_db_pass)}@{c_db_host}:{c_db_port}/{c_db}") # validate domain.conf - print(f"starting ntlm-auth-api@{identifier}") if ad_fqdn == "": - print(" 'ad_fqdn' is not set. NTLM Auth API wasn't able to start") + log.critical("'ad_fqdn' is not set. NTLM Auth API wasn't able to start") sys.exit(1) if dns_servers != "": @@ -124,33 +130,33 @@ def config_load(): time.sleep(1) ip, err_msg = utils.dns_lookup(ad_fqdn, "") if ip != "" and err_msg == "": - print(f" AD FQDN: {ad_fqdn} resolved with IP: {ip}.") + log.debug(f"AD FQDN: {ad_fqdn} resolved with IP: {ip}.") else: if utils.is_ipv4(ad_server): # if it's not resolvable, we use static IP provided in domain.conf - print(f" AD FQDN resolving failed. Starting with static hosts entry: {ad_server} {ad_fqdn}.") + log.debug(f"AD FQDN resolving failed. Starting with static hosts entry: {ad_server} {ad_fqdn}.") config_generator.generate_hosts_entry(ad_server, ad_fqdn) else: - print(" Failed to retrieve IP address of AD server. Terminated.") + log.critical("Failed to retrieve IP address of AD server. Terminated.") sys.exit(1) else: if utils.is_ipv4(ad_server): config_generator.generate_hosts_entry(ad_server, ad_fqdn) - print(f" DNS servers not available, Starting using static hosts entry: {ad_server} {ad_fqdn}.") + log.warning(f"DNS servers not available, Starting using static hosts entry: {ad_server} {ad_fqdn}.") else: - print(" Unable to start NTLM Auth API. 'ad_server' must be a valid IPv4 if DNS servers not specified.") + log.critical("Unable to start NTLM Auth API. 'ad_server' must be a valid IPv4 if DNS servers not specified.") sys.exit(1) - print("NTLM Auth API started with the following parameters:") - print(f" ad_fqdn : {ad_fqdn}") - print(f" ad_server : {ad_server}") - print(f" server_name : {server_name_raw}") - print(f" server_name (parsed) : {server_name_or_hostname}") - print(f" dns_name : {realm}") - print(f" workgroup : {workgroup}") - print(f" machine_account_password : {utils.mask_password(password)}") - print(f" dns_servers : {dns_servers}") - print(f" nt_key_cache_enabled : {nt_key_cache_enabled}") - print(f" nt_key_cache_expire : {nt_key_cache_expire}") + log.debug("NTLM Auth API started with the following parameters:") + log.debug(f" ad_fqdn : {ad_fqdn}") + log.debug(f" ad_server : {ad_server}") + log.debug(f" server_name : {server_name_raw}") + log.debug(f" server_name (parsed) : {server_name_or_hostname}") + log.debug(f" dns_name : {realm}") + log.debug(f" workgroup : {workgroup}") + log.debug(f" machine_account_password : {utils.mask_password(password)}") + log.debug(f" dns_servers : {dns_servers}") + log.debug(f" nt_key_cache_enabled : {nt_key_cache_enabled}") + log.debug(f" nt_key_cache_expire : {nt_key_cache_expire}") # validate NT Key cache configuration nt_key_cache_enabled = get_boolean_value(nt_key_cache_enabled) @@ -159,29 +165,29 @@ def config_load(): for i in range(1): nt_key_cache_expire, error = get_int_value(nt_key_cache_expire) if error is not None: - print(" NT Key cache: can not parse 'nt_key_cache_expire', cache disabled.") + log.warning(" NT Key cache: can not parse 'nt_key_cache_expire', cache disabled.") nt_key_cache_enabled = False break if nt_key_cache_expire < 60: - print(f" NT key cache: expire value '{nt_key_cache_expire}' too small, set to minimum value: 60") + log.warning(f" NT key cache: expire value '{nt_key_cache_expire}' too small, set to minimum value: 60") nt_key_cache_expire = 60 if nt_key_cache_expire > 864000: - print(f" NT key cache: expire value '{nt_key_cache_expire}' too large, set to maximum value: 864000") + log.warning(f" NT key cache: expire value '{nt_key_cache_expire}' too large, set to maximum value: 864000") nt_key_cache_expire = 864000 ad_old_password_allowed_period, error = get_int_value(ad_old_password_allowed_period) if error is not None: - print(f" NT Key cache: unable to parse 'ad_old_password_allowed_period', cache disabled.") + log.warning(f" NT Key cache: unable to parse 'ad_old_password_allowed_period', cache disabled.") nt_key_cache_enabled = False break if ad_old_password_allowed_period < 0 or ad_old_password_allowed_period > 99999: - print(f" NT Key cache: 'ad_old_password_allowed_period' ranges from 0..99999, cache disabled.") + log.warning(f" NT Key cache: 'ad_old_password_allowed_period' ranges from 0..99999, cache disabled.") nt_key_cache_enabled = False break ad_account_lockout_threshold, error = get_int_value(ad_account_lockout_threshold) if error is not None: - print(" NT Key cache: can not parse 'ad_account_lockout_threshold', cache disabled.") + log.warning(" NT Key cache: can not parse 'ad_account_lockout_threshold', cache disabled.") nt_key_cache_enabled = False break if ad_account_lockout_threshold == 0: @@ -193,33 +199,33 @@ def config_load(): if error is not None: ad_old_password_allowed_period = 0 break if ad_account_lockout_threshold < 2 or ad_account_lockout_threshold > 999: - print(f" NT Key cache: 'ad_account_lock_threshold' ranges from 2..999, cache disabled.") + log.warning(f" NT Key cache: 'ad_account_lock_threshold' ranges from 2..999, cache disabled.") nt_key_cache_enabled = False break ad_account_lockout_duration, error = get_int_value(ad_account_lockout_duration) if error is not None: - print(f" NT Key cache: can not parse 'account_lockout_duration', cache disabled.") + log.warning(f" NT Key cache: can not parse 'account_lockout_duration', cache disabled.") nt_key_cache_enabled = False break if ad_account_lockout_duration < 1 or ad_account_lockout_duration > 99999: - print(f" NT Key cache: 'ad_account_lockout_duration' ranges from 1..99999, cache disabled.") + log.warning(f" NT Key cache: 'ad_account_lockout_duration' ranges from 1..99999, cache disabled.") nt_key_cache_enabled = False break ad_reset_account_lockout_count_after, error = get_int_value(ad_reset_account_lockout_count_after) if error is not None: - print(f" NT Key cache: can not parse 'ad_reset_account_lockout_after', cache disabled.") + log.warning(f" NT Key cache: can not parse 'ad_reset_account_lockout_after', cache disabled.") nt_key_cache_enabled = False break if ad_reset_account_lockout_count_after < 1 or ad_reset_account_lockout_count_after > 99999: - print(f" NT Key cache: 'ad_reset_account_lockout_counter_after' ranges from 1..99999, cache disabled.") + log.warning(f" NT Key cache: 'ad_reset_account_lockout_counter_after' ranges from 1..99999, cache disabled.") nt_key_cache_enabled = False break if ad_reset_account_lockout_count_after > ad_account_lockout_duration: s_reset = 'ad_reset_account_lockout_counter_after' s_duration = 'ad_account_lockout_duration' - print(f" NT Key cache: '{s_reset}' larger than '{s_duration}', cache disabled.") + log.warning(f" NT Key cache: '{s_reset}' larger than '{s_duration}', cache disabled.") nt_key_cache_enabled = False break @@ -227,25 +233,25 @@ def config_load(): s_device = 'max_allowed_attempts_per_device' s_threshold = 'ad_account_lockout_threshold' if error is not None: - print(f" NT Key cache: unable to parse '{s_device}', set to '{s_threshold}' by default.") + log.warning(f" NT Key cache: unable to parse '{s_device}', set to '{s_threshold}' by default.") max_allowed_attempts_per_device = ad_account_lockout_threshold break if max_allowed_attempts_per_device < 0 or max_allowed_attempts_per_device > 999: - print(f" NT Key cache: '{s_device}' ranges from 0..999, set to '{s_threshold}' by default.") + log.warning(f" NT Key cache: '{s_device}' ranges from 0..999, set to '{s_threshold}' by default.") break if max_allowed_attempts_per_device > ad_account_lockout_threshold: - print(f" NT Key cache: '{s_device}' larger than '{s_threshold}', set to '{s_threshold}' by default.") + log.warning(f" NT Key cache: '{s_device}' larger than '{s_threshold}', set to '{s_threshold}' by default.") if None in (c_db_host, c_db_port, c_db_user, c_db_pass, c_db, c_db_unix_socket): - print(f" DB config: Missing settings, NT Key cache will be disabled") + log.warning(f" DB config: Missing settings, NT Key cache will be disabled") nt_key_cache_enabled = False - print("NT Key caching:") - print(f" ad_account_lockout_threshold : {ad_account_lockout_threshold}") - print(f" ad_account_lockout_duration (in minutes) : {ad_account_lockout_duration}") - print(f" ad_reset_account_lockout_counter_after (in minutes) : {ad_reset_account_lockout_count_after}") - print(f" ad_old_password_allowed_period (in minutes) : {ad_old_password_allowed_period}") - print(f" max_allowed_password_attempts_per_device : {max_allowed_attempts_per_device}") + log.debug("NT Key caching:") + log.debug(f" ad_account_lockout_threshold : {ad_account_lockout_threshold}") + log.debug(f" ad_account_lockout_duration (in minutes) : {ad_account_lockout_duration}") + log.debug(f" ad_reset_account_lockout_counter_after (in minutes) : {ad_reset_account_lockout_count_after}") + log.debug(f" ad_old_password_allowed_period (in minutes) : {ad_old_password_allowed_period}") + log.debug(f" max_allowed_password_attempts_per_device : {max_allowed_attempts_per_device}") global_vars.c_server_name = ad_fqdn global_vars.c_ad_server = ad_server diff --git a/bin/pyntlm_auth/log.py b/bin/pyntlm_auth/log.py new file mode 100644 index 00000000000..59ae2984355 --- /dev/null +++ b/bin/pyntlm_auth/log.py @@ -0,0 +1,60 @@ +import logging +import os + + +def init_logging(): + available_logging_levels = {'DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL'} + logging_level = os.getenv('LOG_LEVEL') + + if not logging_level: + logging_level = 'DEBUG' + + if logging_level not in available_logging_levels: + logging_level = 'DEBUG' + + default_logging_level = logging.DEBUG + + if logging_level == 'INFO': + default_logging_level = logging.INFO + elif logging_level == 'WARNING': + default_logging_level = logging.WARNING + elif logging_level == 'ERROR': + default_logging_level = logging.ERROR + elif logging_level == 'CRITICAL': + default_logging_level = logging.CRITICAL + + logger = logging.getLogger("ntlm-auth") + logger.setLevel(default_logging_level) + + console_handler = logging.StreamHandler() + console_handler.setLevel(default_logging_level) + + formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s', datefmt="%Y-%m-%d %H:%M:%S") + console_handler.setFormatter(formatter) + + logger.addHandler(console_handler) + + return logger + + +def debug(msg): + logger.debug(msg) + + +def info(msg): + logger.info(msg) + + +def warning(msg): + logger.warning(msg) + + +def error(msg): + logger.error(msg) + + +def critical(msg): + logger.critical(msg) + + +logger = init_logging() diff --git a/bin/pyntlm_auth/ms_event.py b/bin/pyntlm_auth/ms_event.py index e23e19a044d..97173c94a8b 100644 --- a/bin/pyntlm_auth/ms_event.py +++ b/bin/pyntlm_auth/ms_event.py @@ -2,6 +2,8 @@ import ncache import utils +import log + EVENT_TYPE_USER_CREATED = 4720 EVENT_TYPE_USER_ENABLED = 4722 @@ -40,7 +42,7 @@ def process_event_password_reset(event): account = event['TargetUserName'] event['EventTime'] = event_time - print(f" ---- handling event password reset : happens on {utils.to_ymd_hms(event_time)} ({event_time}) for ID {record_id}: {account}@{domain} ") + log.debug(f"handling event password reset : happens on {utils.to_ymd_hms(event_time)} ({event_time}) for ID {record_id}: {account}@{domain} ") key_root = ncache.build_cache_key(domain, account) cache_entry_root = ncache.get_cache_entry(key_root) @@ -76,7 +78,7 @@ def process_event_password_change(event): account = event['TargetUserName'] event['EventTime'] = event_time - print(f" ---- handling event password change: happens on {utils.to_ymd_hms(event_time)} ({event_time}) for ID {record_id}: {account}@{domain} ") + log.debug(f"handling event password change: happens on {utils.to_ymd_hms(event_time)} ({event_time}) for ID {record_id}: {account}@{domain} ") key_root = ncache.build_cache_key(domain, account) cache_entry_root = ncache.get_cache_entry(key_root) diff --git a/bin/pyntlm_auth/ncache.py b/bin/pyntlm_auth/ncache.py index a129ec924af..7beb7dcd50d 100644 --- a/bin/pyntlm_auth/ncache.py +++ b/bin/pyntlm_auth/ncache.py @@ -7,6 +7,7 @@ import utils import datetime +import log NT_KEY_USER_LOCKED = "*" NT_KEY_USER_DISABLED = "-" @@ -286,7 +287,7 @@ def device_miss_root_hit(domain, account_username, mac, challenge, nt_response, cache_v_root = json.loads(c_root['value']) cache_v_device = cache_v_template(domain, account_username, mac) except Exception as e: - print(f" Exception caught while handling cached authentication, error was: {e}") + log.warning(f"Exception caught while handling cached authentication, error was: {e}") return '', -1, None if is_ndl(cache_v_root['nt_status']): @@ -357,7 +358,7 @@ def device_hit_root_hit(domain, account_username, mac, challenge, nt_response, c cache_v_root = json.loads(c_root['value']) cache_v_device = json.loads(c_device['value']) except Exception as e: - print(f" Exception caught while handling cached authentication, error was: {e}") + log.warning(f"Exception caught while handling cached authentication, error was: {e}") return '', -1, None if is_ndl(cache_v_root['nt_status']): diff --git a/bin/pyntlm_auth/rpc.py b/bin/pyntlm_auth/rpc.py index c0c988404ab..159b10856bf 100644 --- a/bin/pyntlm_auth/rpc.py +++ b/bin/pyntlm_auth/rpc.py @@ -8,6 +8,7 @@ from samba.dcerpc.netlogon import (netr_Authenticator, MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT, MSV1_0_ALLOW_MSVCHAPV2) import binascii from samba.net import Net +import log def find_dc(lp): @@ -94,22 +95,31 @@ def init_secure_connection(): except NTSTATUSError as e: error_code = e.args[0] error_message = e.args[1] - print(f"Error in init secure connection: NT_Error, error_code={error_code}, error_message={error_message}.") - print("Parameter used in establish secure channel are:") - print(f" lp.netbios_name: {netbios_name}") - print(f" lp.realm: {realm}") - print(f" lp.server_string: {server_string}") - print(f" lp.workgroup: {workgroup}") - print(f" workstation: {workstation}") - print(f" username: {username}") - print(f" password: {utils.mask_password(password)}") - print(f" set_NT_hash_flag: True") - print(f" domain: {domain}") - print(f" server_name(ad_fqdn): {server_name}") + log.error(f"Error in init secure connection: NTError: {hex(error_code)}, {error_message}.") + + if error_code == 0xc0000001: + log.error("Did you give the wrong 'workstation' parameter in domain configuration ?") + if error_code == 0xc0000022: + log.error("Are you using a wrong password for a machine account?") + log.error("If you are in a cluster, did you re-used the machine account and reset with another password?") + if error_code == 0xc0000122: + log.error(f"This is usually due to a incorrect AD FQDN. The current AD FQDN you are using is: {server_name}") + + log.debug("Parameter used in establish secure channel are:") + log.debug(f" lp.netbios_name: {netbios_name}") + log.debug(f" lp.realm: {realm}") + log.debug(f" lp.server_string: {server_string}") + log.debug(f" lp.workgroup: {workgroup}") + log.debug(f" workstation: {workstation}") + log.debug(f" username: {username}") + log.debug(f" password: {utils.mask_password(password)}") + log.debug(f" set_NT_hash_flag: True") + log.debug(f" domain: {domain}") + log.debug(f" server_name(ad_fqdn): {server_name}") except Exception as e: error_code = e.args[0] error_message = e.args[1] - print(f"Error in init secure connection: General, error_code={error_code}, error_message={error_message}.") + log.error(f"Error in init secure connection: ErrCode: {error_code}, {error_message}.") return global_vars.s_secure_channel_connection, global_vars.s_machine_cred, error_code, error_message @@ -180,17 +190,21 @@ def transitive_login(account_username, challenge, nt_response, domain=None): nt_key = [x if isinstance(x, str) else hex(x)[2:].zfill(2) for x in info.base.key.key] nt_key_str = ''.join(nt_key) - print(f" Successfully authenticated '{account_username}', NT_KEY is: '{utils.mask_password(nt_key_str)}'.") + log.debug(f"Successfully authenticated '{account_username}', NT_KEY is: '{utils.mask_password(nt_key_str)}'.") return nt_key_str.encode('utf-8').strip().decode('utf-8'), 0, info except NTSTATUSError as e: nt_error_code = e.args[0] nt_error_message = f"NT Error: code: {nt_error_code}, message: {str(e)}" - print(f" Failed while authenticating user: '{account_username}' with NT Error: {e}.") + log.warning(f"Failed authenticating user: '{account_username}' with NT Error: {e}.") + + if error_code == 0xc0000022: + log.warning("Is this machine account is shared by another ntlm_auth process (or another cluster node)?") + global_vars.s_reconnect_id = global_vars.s_connection_id return nt_error_message, nt_error_code, None except Exception as e: global_vars.s_reconnect_id = global_vars.s_connection_id - print(f" Failed while authenticating user: '{account_username}' with General Error: {e}.") + log.debug(f"Failed while authenticating user: '{account_username}' with General Error: {e}.") if isinstance(e.args, tuple) and len(e.args) > 0: return f"General Error: code {e.args[0]}, {str(e)}", e.args[0], None else: diff --git a/bin/pyntlm_auth/t_api.py b/bin/pyntlm_auth/t_api.py index e38e756e6e6..ac79ceb9104 100644 --- a/bin/pyntlm_auth/t_api.py +++ b/bin/pyntlm_auth/t_api.py @@ -1,11 +1,17 @@ import logging import pymysql -from flask import Flask, g, request +from flask import Flask, g from flaskext.mysql import MySQL import config_loader import global_vars import handlers +import os + + +class HealthCheckFilter(logging.Filter): + def filter(self, record): + return 'GET /ping' not in record.getMessage() def api(): @@ -14,13 +20,12 @@ def api(): app = Flask(__name__) werkzeug_logger = logging.getLogger('werkzeug') + werkzeug_logger.addFilter(HealthCheckFilter()) - @app.before_request - def register_logger(): - if request.path.startswith("/ping"): - werkzeug_logger.setLevel(logging.CRITICAL) - else: - werkzeug_logger.setLevel(logging.INFO) + if app.logger.hasHandlers(): + f = logging.Formatter('[%(asctime)s] %(levelname)s in %(module)s: %(message)s', datefmt="%Y-%m-%d %H:%M:%S") + for handler in app.logger.handlers: + handler.setFormatter(f) for i in range(1): if not global_vars.c_nt_key_cache_enabled: @@ -49,7 +54,8 @@ def before_request(): except Exception as e: e_code = e.args[0] e_msg = str(e) - print(f" error while init database: {e_code}, {e_msg}. Started without NT Key cache capability.") + app.logger.warning(f"error {e_code}: {e_msg} when initializing database.") + app.logger.warning(f"ntlm-auth-api@{os.getenv('IDENTIFIER')} started without NT Key cache capability.") @app.teardown_request def teardown_request(exception=None): diff --git a/bin/pyntlm_auth/t_sdnotify.py b/bin/pyntlm_auth/t_sdnotify.py index 03cc366454c..3bf744b9a89 100644 --- a/bin/pyntlm_auth/t_sdnotify.py +++ b/bin/pyntlm_auth/t_sdnotify.py @@ -8,7 +8,6 @@ def sd_notify(): n.notify("READY=1") count = 1 while True: - # print("Running... {}".format(count)) n.notify("STATUS=Count is {}".format(count)) count += 1 time.sleep(30) diff --git a/bin/pyntlm_auth/utils.py b/bin/pyntlm_auth/utils.py index c14f28c13db..b0d7fe70ebd 100644 --- a/bin/pyntlm_auth/utils.py +++ b/bin/pyntlm_auth/utils.py @@ -3,6 +3,8 @@ import constants import dns.resolver import pytz +import log + # simplified IPv4 validator. def is_ipv4(address): @@ -81,13 +83,13 @@ def find_ldap_servers(domain, dns_server): return ldap_servers except dns.resolver.NoAnswer: - print(f'No SRV records found for {query_name}') + log.debug(f'No SRV records found for {query_name}') return [] except dns.resolver.NXDOMAIN: - print(f'Domain {domain} does not exist') + log.debug(f'Domain {domain} does not exist') return [] except Exception as e: - print(f'An error occurred: {e}') + log.debug(f'An error occurred: {e}') return [] diff --git a/conf/log.conf.d/ntlm-auth-api.conf.example b/conf/log.conf.d/ntlm-auth-api.conf.example new file mode 100644 index 00000000000..1cd557c0bfc --- /dev/null +++ b/conf/log.conf.d/ntlm-auth-api.conf.example @@ -0,0 +1,10 @@ +# Copyright (C) Inverse inc. +## Update Log level for ntlm-auth-api +## + +# Available log levels are: +# DEBUG, INFO, WARNING, ERROR, CRITICAL +# Default log level is DEBUG + +LOG_LEVEL=DEBUG + diff --git a/conf/systemd/packetfence-ntlm-auth-api-domain@.service b/conf/systemd/packetfence-ntlm-auth-api-domain@.service index 4f61d5c87f6..293826c9fad 100644 --- a/conf/systemd/packetfence-ntlm-auth-api-domain@.service +++ b/conf/systemd/packetfence-ntlm-auth-api-domain@.service @@ -16,6 +16,7 @@ ExecStop=/bin/bash -c "docker stop ntlm-auth-api-%i; echo Stopped" Restart=on-failure Slice=packetfence.slice PIDFile=/usr/local/pf/var/run/ntlm-auth-api-%i-systemd-notify.pid +EnvironmentFile=-/usr/local/pf/conf/log.conf.d/ntlm-auth-api.conf [Install] WantedBy=packetfence.target diff --git a/rpm/packetfence.spec b/rpm/packetfence.spec index 166df2676f9..e7e331be24e 100644 --- a/rpm/packetfence.spec +++ b/rpm/packetfence.spec @@ -940,6 +940,7 @@ fi %attr(0755, pf, pf) /usr/local/pf/bin/pyntlm_auth/flags.py %attr(0755, pf, pf) /usr/local/pf/bin/pyntlm_auth/global_vars.py %attr(0755, pf, pf) /usr/local/pf/bin/pyntlm_auth/handlers.py +%attr(0755, pf, pf) /usr/local/pf/bin/pyntlm_auth/log.py %attr(0755, pf, pf) /usr/local/pf/bin/pyntlm_auth/ms_event.py %attr(0755, pf, pf) /usr/local/pf/bin/pyntlm_auth/ncache.py %attr(0755, pf, pf) /usr/local/pf/bin/pyntlm_auth/rpc.py