Provisioning Reference Guide › Pluggable Authentication Module (PAM) › Troubleshooting PAM

Troubleshooting PAM

The Provisioning Server Trace log (regardless of the configured log level), upon start up of the Provisioning Server service, will contain information about whether PAM is enabled or disabled and whether there is a valid configured PAM managed endpoint. To see this information, view the PSHOME\Logs\etatransYYYYMMDD.log and look for lines containing the PAM: string.

Common messages include the following:

PAM: Initialization started

Signals the start of PAM processing.

PAM: Not enabled

Indicates that PAM is not being used and could mean any of the following:

• The etapam_id.conf file was not found or invalid.
• The etapam_id.conf file was found but the enabled parameter was not set to yes.
• The etapam.dll file was not found on the execution search path or that the supplied etapam.dll file could not be successfully loaded.

PAM: No PAM managed endpoint

Indicates that no managed endpoint was specified using endpoint-type, endpoint-domain and endpoint-name parameters in etapam_id.conf.

PAM: Missing EPType or EPName

PAM: Unable to find specified domain

PAM: Unable to find specified endpoint

These messages indicate that there was a problem identifying the managed endpoint using the supplied endpoint-type, endpoint-domain, and endpoint-name parameters in etapam_id.conf.

PAM: Managed endpoint configured

Indicates that the managed endpoint identified by endpoint-type, endpoint-domain, and endpoint-name was valid. The next line logged is the full LDAP distinguished name of the managed endpoint.