LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
Search this Thread
Old 09-02-2005, 03:10 PM   #1
rhoekstra
Member
 
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 354

Rep: Reputation: 39
ldap as auth server, users sometimes unknown ??


Since upgrading my FC3 to FC4, this problem is occurring even more than it already did.. I am curious if there is something I am doing wrong . . .

The case is this.

I have LDAP as my authentication server. Currently, as for testing purposes, my own user account is the ONLY one that doesn't exist in the local passwd / shadow files, so my own account fully relies on the LDAP authentication server to function right. The other users DO have passwd/shadow accounts, so luckily I am the only one having this issue.

As I log on to my machine (which works fine) I often do some sudo actions or even a 'su -'. but sometimes it says that user account 500 doesn't exist in the passwd file (true, 500 is located in LDAP instead).

When doing a directory listing, I see files are owned by 500 instead of my user name.

This, until I do a 'w', or 'who' which resolves my name correctly, after which I CAN do the sudo / su - / directory listing with the desired results.

I do have nscd running and the LDAP authentication IS working correctly. I have my LDAP server secured with TLS / SSL, so perhaps there is some certification problem ??

What to do to debug this problem, does anybody have (had) this same issue? does it sound ANY familiar??

Thanks in advance for any pointers you could provide.
 
Old 09-04-2005, 01:16 AM   #2
PenguinPwrdBox
Member
 
Registered: Oct 2003
Location: /illinois/chicago
Distribution: Slackware/Gentoo/FC/RHEL
Posts: 568

Rep: Reputation: 30
If I had to guess, I would vote nscd.
One thing I would try:
Code:
watch --interval=.1 "getent passwd | grep username"
This will allow you to see in tenth of a second intervals what PAM sees via NIS.

If you are having some sort of a caching issue, this may point it out to you. If it goes blank - you've lost the entry in the cache. See how long it remains missing.
If it is indefinite, I would bounce nscd, and see if it comes back.
It could be the lag for your LDAP query. What is your pam_login_attribute set to?
 
Old 09-05-2005, 01:39 AM   #3
rhoekstra
Member
 
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 354

Original Poster
Rep: Reputation: 39
I tried the watch, and it showed nicely the username.. wasn't able to catch a fault.


I didn't have any pam_login_attribute set in my /etc/ldap.conf or /etc/openldap/ldap.conf (don't know the exact difference in use between these two?

I have set them to 'uid' though, as in my LDAP server the users are in uid=<name,ou=People,dc=<domain>,dc=<tld>
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pam.d/system-auth and LDAP? SheldonPlankton Linux - General 0 04-28-2005 01:11 PM
proftpd LDAP auth failing tisource Linux - Networking 1 03-30-2005 05:32 PM
Auth via LDAP on eDirectory jtweaker Linux - Networking 1 12-28-2004 08:18 AM
Postfix sending mail for unknown users to other server? Phaethar Linux - Software 2 03-18-2004 01:33 PM
Ldap + smb auth PcHammer Linux - Software 0 02-17-2003 03:19 AM


All times are GMT -5. The time now is 05:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration