June 2009 - 389-users - Fedora Mailing-Lists

by Dan Weintraub

Hi all, I'm trying to setup replication over ssl and am running into problems. I first tried it unencrypted and all worked fine. I then copied over the consumer's CA certificate and set up replication with SSL and Simple Authentication. It doesn't work and I now get the following errors: When I set it up: supplier error log: [01/Jun/2009:01:00:00 -0000] NSMMReplicationPlugin - agmt="cn=One" (fds:389): Simple bind failed, LDAP sdk error 81 (Can't contact LDAP server), Netscape Portable Runtime error -5938 (Encountered end of file.) these appear thereafter: consumer access log: [01/Jun/2009:01:01:01 -0000] conn=898 fd=64 slot=64 connection from 10.1.1.100 to 10.1.1.101 [01/Jun/2009:01:01:01 -0000] conn=898 op=-1 fd=64 closed error 71 (Protocol error) - B1 consumer error log: [01/Jun/2009:01:01:01 -0000] - conn=898 received a non-LDAP message (tag 0x80, expected 0x30) Versions: Supplier: fedora-ds-1.1.2-1.fc6 fedora-ds-dsgw-1.1.1-1.fc6 fedora-ds-base-1.1.3-2.fc6 fedora-ds-admin-1.1.6-1.fc6 fedora-ds-admin-console-1.1.2-1.fc6 fedora-ds-console-1.1.2-1.fc6 Consumer: fedora-ds-admin-1.1.7-3.fc6 fedora-ds-admin-console-1.1.3-1.fc6 fedora-ds-base-1.2.0-2.fc6 fedora-ds-dsgw-1.1.2-1.fc6 fedora-ds-console-1.2.0-1.fc6 fedora-ds-1.1.3-1.fc6 I'm at a loss as to how to proceed with troubleshooting and would appreciate any suggestions. Thanks, Dan Weintraub

14 years, 10 months

6
10
0 / 0

Re: [389-users] loss of group members in AD after initialization of sync

by Rich Megginson

----- "jean-Noël Chardron" <Jean-Noel.Chardron(a)dr15.cnrs.fr> wrote: > hello, > > When I initiate a first full synchronization of DS and AD I lost > members > in groups > > error log shows : > > [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: looking for local entry matching > > AD entry [CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] > [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid > > [c0e73a492ffbc04c9e85781a68f45023] > [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 > [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid > [SFC] > [...] > [10/Jun/2009:15:00:11 +0200] - Windows sync entry: Adding new local > entry dn: cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr > objectClass: top > objectClass: groupofuniquenames > objectClass: ntGroup > ntGroupDeleteGroup: true > cn: SFC > description: Service Financier et Comptable > uniqueMember: uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, > dc=cnrs, dc= > fr > uniqueMember:[...] > follow 10 members > > [...] > [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - received entry > from > dirsync: CN=MX,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr > [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: looking for local entry matching > > AD entry [CN=MX,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] > [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid > > [0cdf6e627d64684cb10c70b3b8753fda] > [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 > [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid > [MX] > [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: problem looking for username: > -1 > [10/Jun/2009:15:00:24 +0200] - Windows sync entry: Adding new local > entry dn: uid=MX,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, > dc=fr > objectClass: top > objectClass: person > objectClass: organizationalperson > objectClass: inetOrgPerson > objectClass: ntUser > ntUserDeleteAccount: true > uid: MX > sn: MX > givenName: Guillaume > cn: MX > ntUserCodePage: 0 > ntUserAcctExpires: 0 > ntUserDomainId: MX > mail: Guillaume.MX(a)dr15.cnrs.fr > ntUniqueId: 0cdf6e627d64684cb10c70b3b8753fda > > > [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): windows_process_total_entry: Looking > dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" (ours) > [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS > dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" > guid="c0e73a492ffbc04c9e85781a68f45023" > [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS > dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" > username="SFC" > [10/Jun/2009:15:01:34 +0200] - Calling windows entry search request > plugin > [10/Jun/2009:15:01:34 +0200] - windows_search_entry: recieved 2 > messages, 1 entries, 0 references > [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_outbound: found AD entry > dn="CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr" > [10/Jun/2009:15:01:34 +0200] - Calling windows entry search request > plugin > [10/Jun/2009:15:01:34 +0200] - windows_search_entry: recieved 2 > messages, 1 entries, 0 references > [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - > windows_generate_update_mods: > CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr, description : > values are equal > [10/Jun/2009:15:01:35 +0200] - map_dn_values: no local entry found for > > uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr > [10/Jun/2009:15:01:35 +0200] - map_dn_values: no local entry found for > uid= > > [follow 10 entries,] > > [10/Jun/2009:15:01:35 +0200] - Calling windows entry search request > plugin > [10/Jun/2009:15:01:35 +0200] - windows_search_entry: recieved 2 > messages, 1 entries, 0 references > [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: looking for local entry matching > > AD entry > [CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] > [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid > > [72a7171ffaa0d84a9ca4ec2d90a4ab2b] > [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 > [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid > [essaibug] > [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: problem looking for username: > -1 > [10/Jun/2009:15:01:35 +0200] - Calling windows entry search request > plugin > [10/Jun/2009:15:01:35 +0200] - windows_search_entry: recieved 2 > messages, 1 entries, 0 references > > [10/Jun/2009:15:01:38 +0200] NSMMReplicationPlugin - > windows_generate_update_mods: > CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr, sAMAccountName > : > values are equal > [10/Jun/2009:15:01:38 +0200] - smod - windows sync > [10/Jun/2009:15:01:38 +0200] - smod 0 - delete: member > [10/Jun/2009:15:01:38 +0200] - smod 0 - value: member: > CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr > [10/Jun/2009:15:01:38 +0200] - smod 1 - delete: member > [10/Jun/2009:15:01:38 +0200] - smod 1 - value: member: > > [follow the 10 entries] > > [10/Jun/2009:15:01:39 +0200] NSMMReplicationPlugin - > windows_update_remote_entry: modifying entry > CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr > [10/Jun/2009:15:01:39 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): Received result code 0 () for modify operation > > [10/Jun/2009:15:01:55 +0200] - map_dn_values: no local entry found for > > uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr > > [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - received entry > from > dirsync: > CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr > [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: looking for local entry matching > > AD entry > [CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] > [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid > > [72a7171ffaa0d84a9ca4ec2d90a4ab2b] > [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 > [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid > [essaibug] > [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_inbound: problem looking for username: > -1 > [10/Jun/2009:15:05:52 +0200] - Windows sync entry: Adding new local > entry dn: uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, > dc=fr > objectClass: top > objectClass: person > objectClass: organizationalperson > objectClass: inetOrgPerson > objectClass: ntUser > ntUserDeleteAccount: true > uid: essaibug > sn: essaibug > cn: essaibug > ntUserCodePage: 0 > ntUserAcctExpires: 9223372036854775807 > ntUserDomainId: essaibug > ntUniqueId: 72a7171ffaa0d84a9ca4ec2d90a4ab2b > > [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS > dn="uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, > dc=fr" > guid="72a7171ffaa0d84a9ca4ec2d90a4ab2b" > [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS > dn="uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, > dc=fr" > username="essaibug" > [10/Jun/2009:15:07:13 +0200] - Calling windows entry search request > plugin > [10/Jun/2009:15:07:13 +0200] - windows_search_entry: recieved 2 > messages, 1 entries, 0 references > [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - > agmt="cn=zebigbos" > (zebigbos:636): map_entry_dn_outbound: found AD entry > dn="CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr" > > (following the translation of google) > I suppose that during the initialization of the replication, groups > have > lost members (group sfc) with the logs in order explicit removal of > the > member in the group, sent by the DS to AD. The most likely explanation > > and that the process is sequential but with a dispatch from AD to > DS-anarchic, with a group can be created before members in DS users. > these are leading to a later stage in a request for suppresssion AD DS > > to members of the group that did not exist before the creation of the > > group. This is "normal" since DS checks the consistency of information > > and therefore the group members. The solution to this problem is to > create manually in the AD to add the lost members in the group or may > be > to initialize sync twice in a closed time. > > The administrator of the Windows server and the AD insulted me as a > result of this blunder > I asked him if he had a backup of the AD. he had not > So let me see if I understand what is happening: DS attempts to sync some groups from AD - since the user does not exist, it deletes the member from the group. Then it syncs the group back to AD, and deletes those users from AD. Is that correct? I suppose a workaround would be to make sure all of the users are first added to DS, then sync the groups. > -- > > Jean-Noel Chardron > > > -- > 389 users mailing list > 389-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users

14 years, 10 months

2
2
0 / 0

Re: [389-users] Unable to connect to Admin or DS from management console

by Rich Megginson

----- "Andrew Kerr" <andrew.kerr(a)amdocs.com> wrote: > I recently added a new fedora ds replica (1.2.0) to my master > (1.0.4). I was able to add the new machine, and replicate to it. I > set > up the replication via the console, and everything was working fine. > Today when I launch the console on the master and connect to the > replica > running 1.2.0 I get an error: "Failed to install a local copy of > fedora-admin-1.1.jar or one of its components" "Can not connect to > http://0.0.0.0:9830". > > 9830 is the correct port of the remote machine, but 0.0.0.0 > isn't the correct ip. The local admin console is running on a > different > port. I can do a wget on the remote machine http://<remote > machine>:9830 and I am able to connect and get the "download" page > that > has the quick console. So it isn't a network issue. > > The only change I've made is to add another replica, running > 1.0.4. I can connect to that one just fine, and all of the others. > I > just can't get to the one I added a few days ago that is running the > newer version. > > I'd suspect java, or something along those lines, except that it > worked yesterday and nothing (verified by the yum logs) has been > installed or changed on the server. > > My guess is that maybe the 1.0.4 ones work ok because they're > running the same version, and no additional jar files are needed. I > looked in the .fedora-console/jars and I don't see the new one. I > tried > removing that directory and letting it create a new one, also with no > luck. > > I tried adding another 1.2.0 installation, and same problem. > > Any ideas would be greatly appreciated! I think in general you will not be able to manage 1.2 instances with the 1.0 console. The specific problem is https://bugzilla.redhat.com/show_bug.cgi?id=430364 which was fixed in idm-console-framework 1.1.3 I suppose you could use ldapmodify to change the nsServerAddress to the real IP address ldapsearch -x -D "cn=directory manager" -w yourpassword -s sub -b o=netscaperoot "nsServerAddress=0.0.0.0" Then find which entry that is, and do something like ldapsearch -x -D "cn=directory manager" -w yourpassword dn: dn of the entry changetype: modify replace: nsServerAddress nsServerAddress: your real IP address > > > > This message and the information contained herein is proprietary and > confidential and subject to the Amdocs policy statement, > you may review at http://www.amdocs.com/email_disclaimer.asp > > -- > 389 users mailing list > 389-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users

14 years, 10 months

1
0
0 / 0

OS to authenticate to DS using TLS

by Doug Coats

So my next hurdle I am tackling SSL certificates. I produced self-signed certificates and have installed them in through the Management Console. I can run the Management Console using a secure connection. Linux uses DS to authenticate (configured using System > Administration > Authentication and enableing LDAP support). If I try to "Use TLS to encrypt connection" I can't program a URL that will let me download the CA Certificate successfully. I hope that all made sence. Am I missing something? Do I need this? Thanks for any advise!

14 years, 10 months

3
6
0 / 0

General LDAP security

by Dumbo Q

I setup a RHDS server for authentication along with my a test client, and everything seems to working well. Before I deploy this solution into production I would like to know what I can do in regards to security. I got rid of my ldap.secret file, as I don't think I need it. I do not mind if root cannot change other peoples passwords from anywhere. The next problem that I'm running into is that I currently have my binddn set to cn=Directory Manager, and thus my most important password is still writtent in clear text in ldap.conf. Can some one explain (or point to an article which shows) how to create another user to use for my binddn? Is it as simple as making a regular user, or do I need to adjust any particular permissions. I would prefer this user to be read-only. Any particular tools to scan and see what can be accessed anonomously and what can be access with a particular binddn? Any other recomendations?

14 years, 10 months

4
4
0 / 0

SSL Library Error: -12271 SSL client cannot verify your certificate

by dima vasiletc

Hello all encryption connections finished with error (Error code: sec_error_reused_issuer_and_serial) And server write to log SSL Library Error: -12271 SSL client cannot verify your certificate First i think need check dns querys. I see many A querys for example.com May be i must regenerate certificate ? Where i can read about that . Thanks. -- С уважением, Дмитрий

14 years, 10 months

1
0
0 / 0

Sharing scripts for AD<->RHDS integration

by Kenneth Holter

Hi all. I'm working on a few small scripts aimed at AD<->FDS/RHDS integration. The scripts basically add posix attributes to users synced over from AD, and use AD group memberships to create NIS netgroup membership (which can be used for controlling which users gets to access which servers). I hope to have the initial version of the scripts ready in a few weeks, and would like to share them with others that may be interested in them. Since this is my first time share code I've written, I could use some advice on how and where to share it. Could someone point me to info on this? Thanks. Regards, Kenneth Holter

14 years, 10 months

1
0
0 / 0

Error debianizing the 389-ds-base-1.2.1 package

by Morenisco

Hi, I tried to debianize the 389-ds-base-1.2.1 package in a clean directory and sources, and I got an error. The basic steps that I performed were the following: 1) 389-ds-base-1.2.1 package - Initial debianization: root@dirserv1:~/project-389/389-ds-base-1.2.1# dh_make -e morenisco(a)noc-root.net -c gpl -f ../389-ds-base-1.2.1.tar.gz Type of package: single binary, multiple binary, library, kernel module or cdbs? [s/m/l/k/b] s Maintainer name : root Email-Address : morenisco(a)noc-root.net Date : Thu, 04 Jun 2009 22:56:55 +0000 Package Name : 389-ds-base Version : 1.2.1 License : gpl Using dpatch : no Type of Package : Single Hit <enter> to confirm: Done. Please edit the files in the debian/ subdirectory now. 389-ds-base uses a configure script, so you probably don't have to edit the Makefiles. 2) I modified the control file as follows: Source: 389-ds-base Section: admin Priority: extra Maintainer: Morenisco <morenisco(a)noc-root.net> Build-Depends: debhelper (>= 7), autotools-dev Standards-Version: 3.7.3 Homepage: http://directory.fedoraproject.org Package: 389-ds-base Architecture: any Depends: libsvrcore0, libsvrcore-dev, libmozldap-0d, libmozldap-dev, libmozilla-ldap-perl, libdb4.6-dev, libicu-dev, libsnmp-dev, libkrb5-dev, libpam-dev, libnet-ldap-perl, libperl-dev Description: The enterprise-class Open Source LDAP server for Linux. It is hardened by real-world use, is full-featured, supports multi-master replication, and already handles many of the largest LDAP deployments in the world. 3) I tried to build the package with the following command: root@dirserv1:~/project-389/389-ds-base-1.2.1# dpkg-buildpackage -rfakeroot The generated output is too long, and the latest part is the following: ldap/servers/slapd/.libs/libslapd_la-snmp_collator.o: In function `snmp_collator_create_semaphore': /root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:532: undefined reference to `sem_open' /root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:536: undefined reference to `sem_unlink' /root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:542: undefined reference to `sem_open' ldap/servers/slapd/.libs/libslapd_la-snmp_collator.o: In function `snmp_collator_sem_wait': /root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:574: undefined reference to `sem_trywait' /root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:586: undefined reference to `sem_close' /root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:587: undefined reference to `sem_unlink' ldap/servers/slapd/.libs/libslapd_la-snmp_collator.o: In function `snmp_collator_update': /root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:629: undefined reference to `sem_post' ldap/servers/slapd/.libs/libslapd_la-snmp_collator.o: In function `snmp_collator_stop': /root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:505: undefined reference to `sem_close' /root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:506: undefined reference to `sem_unlink' ldap/servers/slapd/.libs/libslapd_la-snmp_collator.o: In function `snmp_collator_init': /root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:205: undefined reference to `sem_post' collect2: ld returned 1 exit status make[2]: *** [libslapd.la] Error 1 make[2]: Leaving directory `/root/project-389/389-ds-base-1.2.1' make[1]: *** [all] Error 2 make[1]: Leaving directory `/root/project-389/389-ds-base-1.2.1' make: *** [build-stamp] Error 2 dpkg-buildpackage: failure: debian/rules build gave error exit status 2 root@dirserv1:~/project-389/389-ds-base-1.2.1# The complete output is in the following URL: http://morenisco.noc-root.net/debian/files/Error_Debianizing_389-ds-base-... Some idea about why this can be failing please? Thanks a lot. -- Morenisco. Centro de Difusión del Software Libre. http://www.cdsl.cl http://trabajosfloss.noc-root.net Blog: http://morenisco.noc-root.net

14 years, 10 months

2
2
0 / 0

GID error

by Doug Coats

I have run into a issue with my system being able to correctly identify a user and their group. I am running CentOS 5.3 and centos-ds 8.1 I have created a user using the managment console. I set up the first name, last name, common name, user id, and password. Under Posix User I set up UID Number: 10009, GID Number: 10009, Home Directory: /home/user, and Shell: /bin/bash. I set up authentication using System > Administration > Authentication. I enabled LDAP support and configured it. Under the options tab I checke "Create home directories on first login." My user can log into the box and can ssh into the box. When I do log in I receive the following error. id: cannot find name for group ID 10009 When I ls -la the users home directory it displays. drwxr-xr-x 15 user 100009 4096 Jun 13 08:26 user I tried creating a "user" group but their is no way to attach a GID to that group so there is no way for LDAP or PAM to associate the two. I googled around but none of the solutions worked for me or seemed to apply to this situation. Thanks for any help! Doug

14 years, 10 months

4
7
0 / 0

cron no longer works after password expiration

by Aaron Mills

Hi all, I set up password policy on my FDS box and things were humming along just fine until people's passwords expired (100 days). Users can still log in to our linux boxen as normal (though we were seeing Invalid Credentials log entries). I disabled password policy, however now cron jobs no longer work. I tried setting something up like so: * * * * * /bin/date >> /var/tmp/test.txt But nothing gets logged. There's no even an entry in the cron logfile. This appears to be LDAP related since local user crons still work. I've looked in the /var/log/messages and /var/log/cron, but it's as if my boxes just stopped recognizing user crons altogether. Any ides on the right direction to look? Thanks, -Aaron -- Aaron Mills Systems Administrator Return Path, Inc. aaron.mills(a)returnpath.net

14 years, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users June 2009