[Fwd: [K12OSN] RE: K12ltsp login]
bmead at lane.k12.or.us
Fri Jan 23 16:58:33 UTC 2009
Thanks Rob for the food for thought. In checking out my profile(s) there
was indeed a local user and an ldap user with the same username. It
further turns out that somewhere in all the failed attempts to make this
work, my ldap profile was compromised with strange files and/or
permissions on those files. Once I nuked or chmod'd/chown'd those files
, I can login as me. :-)
I'm going to attempt to document what I've done to make this work -
especially since I need to recreate this setup for another lab. Once
this finished, I will try to post it to the wiki.
Rob Owens wrote:
> Do you have a local user and an LDAP user with the same name? If so, the local user and the LDAP user will have different UID's. What *could* happen is that you authenticate to the LDAP server as "bob" with UID 10001, but your home directory is owned by "bob" with UID 1001 (different UID). *Maybe* that's what's causing your problems.
> On Wed, Jan 21, 2009 at 04:04:07PM -0800, Bob Mead wrote:
>> Turns out that my username and pwd do not work, but everyone else's
>> does. Poor testing regimen on my part. That said, I cannot figure out
>> what is wrong with my profile. It has the same permissions as everyone
>> else. It works on all other servers I log into. Just not *this one*.
>> Given that I had the previous problem with my .dmrc file, I can see that
>> there is an ongoing problem here that I did not solve by fixing the
>> .dmrc issue.
>> I tried tailing /var/log/messages on the ldap server to see what happens
>> when I login vs. anyone else. I copied the very first message of
>> successive logins as user <test1> and then as <me>. As you can see
>> below, the <test1> user has an additional filter
>> (&(objectClass=posixAccount) that I do not:
>> Jan 21 15:41:48 <server name> slapd: conn=121233 op=1 SRCH
>> base="dc=slane,dc=k12,dc=or,dc=us" scope=2
>> Jan 21 15:37:03 <server name> slapd: conn=120122 op=1 SRCH
>> base="dc=slane,dc=k12,dc=or,dc=us" scope=2 filter="(uid=<me>)"
>> The other messages that follow all have the "extra" filter for either
>> login uid.
>> I would like to tell you the version of openldap we run, but I have been
>> unsuccessful in finding out how to do this. The el5 install is x86.
>> Anyone have a thought on how to check out my profile and why its
>> failing? Or how to tell the version of ldap?
>> Barry Cisna wrote:
>>> try the following. create a new user johnsmith. then;
>>> ' chmod -c -R 777 /home/johnsmith '
>>> see if johnsmith can login.
>>> if johnsmith can not login look in /messages log and see what the exact
>>> error is.
>>> Also I may haved missed? what version is the ldap server and is your el5
>>> x86 or _x64?
>>> let us know your finding,please.
>>> Take Care,
>>> Barry Cisna
>>> K12OSN mailing list
>>> K12OSN at redhat.com
>>> For more info see <http://www.k12os.org>
>> fn:Bob Mead
>> org:South Lane School District;Technology Services Center
>> email;internet:bmead at lane.k12.or.us
>> title:Network Specialist
>> K12OSN mailing list
>> K12OSN at redhat.com
>> For more info see <http://www.k12os.org>
> K12OSN mailing list
> K12OSN at redhat.com
> For more info see <http://www.k12os.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 199 bytes
Desc: not available
More information about the K12OSN