LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 11-09-2006, 02:26 AM   #1
PhillipHuang
Member
 
Registered: Aug 2006
Location: Shen Zhen
Distribution: Ubuntu 10.04
Posts: 198

Rep: Reputation: 33
Duplicate users in both local group and LDAP?


Hello all,

There's some trouble with using LDAP: when the LDAP have accounts whose usernames are same as local users, I found LDAP "admin" user even is able to control my whole system, add/delete local user, and remove volumes/RAIDs, it seems as a serious security problems.

So,would you give me some advises on how to do with the duplicated users in LDAP and Local?

Any suggestion would be appreciated.

Kind regards,
Phillip
 
Old 11-09-2006, 03:03 AM   #2
kstan
Member
 
Registered: Sep 2004
Location: Malaysia, Johor
Distribution: Dual boot MacOS X/Ubuntu 9.10
Posts: 851

Rep: Reputation: 31
if I not mistaken once you use ldap to authenticate your system, the local user won't able to authenticate your sistem anymore. About the admin user inside ldap have high permission, probably because of your previous setting. I'd not yet implement ldap to manage entire enterprise, so below is only a possible reason:-
-Before set the PAM and nsswitch.conf, open 1 terminal and login as root (standby)
-using openldap + ssl for authentication (as I mentioned just now, after this not able to authenticate local userm include root)
-try using ldap user login
-after you able to login successfully, at terminal which you open just now, type visudo and let admin have all permission(At this momment, admin user can assume as root user, because we still need a superuser)
-or, probably the admin uid=0 inside ldap, which same with local root

So, above is the my opinion why this happening, and I really not very sure yet.
The conclusion is, local user no longer use for authentication, the super user 'admin' in your sistem is replacement for 'root'.
Regarding the security, sure you need to have a good network infrastructure like ssl, kerberos, lv3 switch, latest patches and etc, tight ldap permission and authorisation.

Am I answering your question?
Ks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Struggling to setup a Debian/etch desktop: LDAP users and LOCAL users jferrando Linux - Networking 1 05-05-2006 03:44 PM
how to authenticate external users but bypass prompt on local LAN users? taiwf Linux - Security 5 07-13-2005 09:01 AM
/etc/group - the group users empty Artanicus Linux - General 2 02-22-2005 04:25 AM
LDAP based group problems looseCannon Solaris / OpenSolaris 3 12-02-2004 03:42 PM
Duplicate users accounts mneves Linux - General 3 04-19-2004 06:38 AM


All times are GMT -5. The time now is 06:02 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration