[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fwd: [K12OSN] RE: K12ltsp login]



Thanks Rob for the food for thought. In checking out my profile(s) there was indeed a local user and an ldap user with the same username. It further turns out that somewhere in all the failed attempts to make this work, my ldap profile was compromised with strange files and/or permissions on those files. Once I nuked or chmod'd/chown'd those files , I can login as me. :-)

I'm going to attempt to document what I've done to make this work - especially since I need to recreate this setup for another lab. Once this finished, I will try to post it to the wiki.
    ~bob

Rob Owens wrote:
Do you have a local user and an LDAP user with the same name?  If so, the local user and the LDAP user will have different UID's.  What *could* happen is that you authenticate to the LDAP server as "bob" with UID 10001, but your home directory is owned by "bob" with UID 1001 (different UID).  *Maybe* that's what's causing your problems.

-Rob

On Wed, Jan 21, 2009 at 04:04:07PM -0800, Bob Mead wrote:
Turns out that my username and pwd do not work, but everyone else's does. Poor testing regimen on my part. That said, I cannot figure out what is wrong with my profile. It has the same permissions as everyone else. It works on all other servers I log into. Just not *this one*. Given that I had the previous problem with my .dmrc file, I can see that there is an ongoing problem here that I did not solve by fixing the .dmrc issue.

I tried tailing /var/log/messages on the ldap server to see what happens when I login vs. anyone else. I copied the very first message of successive logins as user <test1> and then as <me>. As you can see below, the <test1> user has an additional filter (&(objectClass=posixAccount) that I do not:

Jan 21 15:41:48 <server name> slapd[4228]: conn=121233 op=1 SRCH base="dc=slane,dc=k12,dc=or,dc=us" scope=2 filter="(&(objectClass=posixAccount)(uid=<test1>))"

Jan 21 15:37:03 <server name> slapd[5920]: conn=120122 op=1 SRCH base="dc=slane,dc=k12,dc=or,dc=us" scope=2 filter="(uid=<me>)"

The other messages that follow all have the "extra" filter for either login uid.

I would like to tell you the version of openldap we run, but I have been unsuccessful in finding out how to do this. The el5 install is x86.

Anyone have a thought on how to check out my profile and why its failing? Or how to tell the version of ldap?

Thanks,
   ~bob

Barry Cisna wrote:
Bob,

try the following. create a new user johnsmith. then;
' chmod -c -R 777 /home/johnsmith '
see if johnsmith can login.
if johnsmith can not login  look in /messages log and see what the exact
error is.
Also I may haved missed? what version is the ldap server and is your el5
x86 or _x64?
let us know your finding,please.

Take Care,
Barry Cisna

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>


begin:vcard
fn:Bob Mead
n:Mead;Bob
org:South Lane School District;Technology Services Center
email;internet:bmead lane k12 or us
title:Network Specialist
tel;work:541.762.1124
version:2.1
end:vcard


_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

begin:vcard
fn:Bob Mead
n:Mead;Bob
org:South Lane School District;Technology Services Center
email;internet:bmead lane k12 or us
title:Network Specialist
tel;work:541.762.1124
version:2.1
end:vcard


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]