[Fwd: [K12OSN] RE: K12ltsp login]

Rob Owens rowens at ptd.net
Fri Jan 23 18:11:56 UTC 2009 

Good to hear you've got it fixed!

-Rob

On Fri, Jan 23, 2009 at 08:58:33AM -0800, Bob Mead wrote:
> Thanks Rob for the food for thought. In checking out my profile(s) there 
> was indeed a local user and an ldap user with the same username. It 
> further turns out that somewhere in all the failed attempts to make this 
> work, my ldap profile was compromised with strange files and/or 
> permissions on those files. Once I nuked or chmod'd/chown'd those files 
> , I can login as me. :-)
> 
> I'm going to attempt to document what I've done to make this work - 
> especially since I need to recreate this setup for another lab. Once 
> this finished, I will try to post it to the wiki.
>     ~bob
> 
> Rob Owens wrote:
> >Do you have a local user and an LDAP user with the same name?  If so, the 
> >local user and the LDAP user will have different UID's.  What *could* 
> >happen is that you authenticate to the LDAP server as "bob" with UID 
> >10001, but your home directory is owned by "bob" with UID 1001 (different 
> >UID).  *Maybe* that's what's causing your problems.
> >
> >-Rob
> >
> >On Wed, Jan 21, 2009 at 04:04:07PM -0800, Bob Mead wrote:
> >  
> >>Turns out that my username and pwd do not work, but everyone else's 
> >>does. Poor testing  regimen on my part. That said, I cannot figure out 
> >>what is wrong with my profile. It has the same permissions as everyone 
> >>else. It works on all other servers I log into. Just not *this one*. 
> >>Given that I had the previous problem with my .dmrc file, I can see that 
> >>there is an  ongoing problem here that I did not solve by fixing the 
> >>.dmrc issue.
> >>
> >>I tried tailing /var/log/messages on the ldap server to see what happens 
> >>when I login vs. anyone else. I copied the very first message of 
> >>successive logins as user <test1> and then as <me>. As you can see 
> >>below, the <test1> user has an additional filter 
> >>(&(objectClass=posixAccount) that I do not:
> >>
> >>Jan 21 15:41:48 <server name> slapd[4228]: conn=121233 op=1 SRCH 
> >>base="dc=slane,dc=k12,dc=or,dc=us" scope=2 
> >>filter="(&(objectClass=posixAccount)(uid=<test1>))"
> >>
> >>Jan 21 15:37:03 <server name> slapd[5920]: conn=120122 op=1 SRCH 
> >>base="dc=slane,dc=k12,dc=or,dc=us" scope=2 filter="(uid=<me>)"
> >>
> >>The other messages that follow all have the "extra" filter for either 
> >>login uid.
> >>
> >>I would like to tell you the version of openldap we run, but I have been 
> >>unsuccessful in finding out how to do this. The el5 install is x86.
> >>
> >>Anyone have a thought on how to check out my profile and why its 
> >>failing? Or how to tell the version of ldap?
> >>
> >>Thanks,
> >>   ~bob
> >>
> >>Barry Cisna wrote:
> >>    
> >>>Bob,
> >>>
> >>>try the following. create a new user johnsmith. then;
> >>>' chmod -c -R 777 /home/johnsmith '
> >>>see if johnsmith can login.
> >>>if johnsmith can not login  look in /messages log and see what the exact
> >>>error is.
> >>>Also I may haved missed? what version is the ldap server and is your el5
> >>>x86 or _x64?
> >>>let us know your finding,please.
> >>>
> >>>Take Care,
> >>>Barry Cisna
> >>>
> >>>_______________________________________________
> >>>K12OSN mailing list
> >>>K12OSN at redhat.com
> >>>https://www.redhat.com/mailman/listinfo/k12osn
> >>>For more info see <http://www.k12os.org>
> >>>
> >>> 
> >>>      
> >
> >  
> >>begin:vcard
> >>fn:Bob Mead
> >>n:Mead;Bob
> >>org:South Lane School District;Technology Services Center
> >>email;internet:bmead at lane.k12.or.us
> >>title:Network Specialist
> >>tel;work:541.762.1124
> >>version:2.1
> >>end:vcard
> >>
> >>    
> >
> >  
> >>_______________________________________________
> >>K12OSN mailing list
> >>K12OSN at redhat.com
> >>https://www.redhat.com/mailman/listinfo/k12osn
> >>For more info see <http://www.k12os.org>
> >>    
> >
> >_______________________________________________
> >K12OSN mailing list
> >K12OSN at redhat.com
> >https://www.redhat.com/mailman/listinfo/k12osn
> >For more info see <http://www.k12os.org>
> >
> >  

> begin:vcard
> fn:Bob Mead
> n:Mead;Bob
> org:South Lane School District;Technology Services Center
> email;internet:bmead at lane.k12.or.us
> title:Network Specialist
> tel;work:541.762.1124
> version:2.1
> end:vcard
> 

> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

More information about the K12OSN mailing list