Visit the LQ Articles and Editorials section
Go Back > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Fedora This forum is for the discussion of the Fedora Project.


  Search this Thread
Old 09-02-2005, 04:10 PM   #1
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 366

Rep: Reputation: 41
ldap as auth server, users sometimes unknown ??

Since upgrading my FC3 to FC4, this problem is occurring even more than it already did.. I am curious if there is something I am doing wrong . . .

The case is this.

I have LDAP as my authentication server. Currently, as for testing purposes, my own user account is the ONLY one that doesn't exist in the local passwd / shadow files, so my own account fully relies on the LDAP authentication server to function right. The other users DO have passwd/shadow accounts, so luckily I am the only one having this issue.

As I log on to my machine (which works fine) I often do some sudo actions or even a 'su -'. but sometimes it says that user account 500 doesn't exist in the passwd file (true, 500 is located in LDAP instead).

When doing a directory listing, I see files are owned by 500 instead of my user name.

This, until I do a 'w', or 'who' which resolves my name correctly, after which I CAN do the sudo / su - / directory listing with the desired results.

I do have nscd running and the LDAP authentication IS working correctly. I have my LDAP server secured with TLS / SSL, so perhaps there is some certification problem ??

What to do to debug this problem, does anybody have (had) this same issue? does it sound ANY familiar??

Thanks in advance for any pointers you could provide.
Old 09-04-2005, 02:16 AM   #2
Registered: Oct 2003
Location: /illinois/chicago
Distribution: Slackware/Gentoo/FC/RHEL
Posts: 568

Rep: Reputation: 30
If I had to guess, I would vote nscd.
One thing I would try:
watch --interval=.1 "getent passwd | grep username"
This will allow you to see in tenth of a second intervals what PAM sees via NIS.

If you are having some sort of a caching issue, this may point it out to you. If it goes blank - you've lost the entry in the cache. See how long it remains missing.
If it is indefinite, I would bounce nscd, and see if it comes back.
It could be the lag for your LDAP query. What is your pam_login_attribute set to?
Old 09-05-2005, 02:39 AM   #3
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 366

Original Poster
Rep: Reputation: 41
I tried the watch, and it showed nicely the username.. wasn't able to catch a fault.

I didn't have any pam_login_attribute set in my /etc/ldap.conf or /etc/openldap/ldap.conf (don't know the exact difference in use between these two?

I have set them to 'uid' though, as in my LDAP server the users are in uid=<name,ou=People,dc=<domain>,dc=<tld>


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
pam.d/system-auth and LDAP? SheldonPlankton Linux - General 0 04-28-2005 02:11 PM
proftpd LDAP auth failing tisource Linux - Networking 1 03-30-2005 06:32 PM
Auth via LDAP on eDirectory jtweaker Linux - Networking 1 12-28-2004 09:18 AM
Postfix sending mail for unknown users to other server? Phaethar Linux - Software 2 03-18-2004 02:33 PM
Ldap + smb auth PcHammer Linux - Software 0 02-17-2003 04:19 AM

All times are GMT -5. The time now is 09:59 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration