FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 04-02-2010, 10:27 AM
Marco Strullato
 
Default posix authentication - missing groups

Hi all,
I'm using fedora ds as authentication server for my network. I've
configured the environment so that linux gets users and groups
information from the ldap.
The problem is that I'm getting incomplete information! groups
definitions are missing.

I'll give you an example: a user has a uid, a primary gid and
secondary gids. I'm not getting secondary gids.

I would like "user" to be member of "group1" and "group2". If I ask
the ldap with getent I get these information:

getent passwd user
user:x:496:601:user:/home/user:/bin/bash

getent group group1
group1:*:601:

getent group group2
group2:*:600:496,494

as you can see user has id 496 and gid 601. user is member also of
group2 (gid 600)

But if I query the system about the "user", I get:

id user
uid=496(user) gid=601(group1) groups=601(group1)


Have you ever seen this behaviour? Have you got suggestions?


Regards,

Marco
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 04-02-2010, 02:33 PM
Renato Ribeiro da Silva
 
Default posix authentication - missing groups

Marco,


Try to stop the the nscd service. Sometimes it gives you the wrong information.


*


Regards,


Renato


*


*

Em 02/04/2010 07:27, Marco Strullato < marco.strullato@gmail.com > escreveu:
Hi all,
I'm using fedora ds as authentication server for my network. I've
configured the environment so that linux gets users and groups
information from the ldap.
The problem is that I'm getting incomplete information! groups
definitions are missing.

I'll give you an example: a user has a uid, a primary gid and
secondary gids. I'm not getting secondary gids.

I would like "user" to be member of "group1" and "group2". If I ask
the ldap with getent I get these information:

getent passwd user
user:x:496:601:user:/home/user:/bin/bash

getent group group1
group1:*:601:

getent group group2
group2:*:600:496,494

as you can see user has id 496 and gid 601. user is member also of
group2 (
gid 600)

But if I query the system about the "user", I get:

id user
uid=496(user) gid=601(group1) groups=601(group1)


Have you ever seen this behaviour? Have you got suggestions?


Regards,

Marco
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 04-02-2010, 02:38 PM
Marco Strullato
 
Default posix authentication - missing groups

Thanks for the answer but I already disabled nscd...

Marco

2010/4/2 Renato Ribeiro da Silva <capareci@uol.com.br>:
> Marco,
>
> Try to stop the the nscd service. Sometimes it gives you the wrong
> information.
>
>
>
> Regards,
>
> Renato
>
>
>
>
>
> Em 02/04/2010 07:27, Marco Strullato < marco.strullato@gmail.com > escreveu:
> Hi all,
> I'm using fedora ds as authentication server for my network. I've
> configured the environment so that linux gets users and groups
> information from the ldap.
> The problem is that I'm getting incomplete information! groups
> definitions are missing.
>
> I'll give you an example: a user has a uid, a primary gid and
> secondary gids. I'm not getting secondary gids.
>
> I would like "user" to be member of "group1" and "group2". If I ask
> the ldap with getent I get these information:
>
> getent passwd user
> user:x:496:601:user:/home/user:/bin/bash
>
> getent group group1
> group1:*:601:
>
> getent group group2
> group2:*:600:496,494
>
> as you can see user has id 496 and gid 601. user is member also of
> group2 ( gid 600)
>
> But if I query the system about the "user", I get:
>
> id user
> uid=496(user) gid=601(group1) groups=601(group1)
>
>
> Have you ever seen this behaviour? Have you got suggestions?
>
>
> Regards,
>
> Marco
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>



--
Marco Strullato
cell: +393288462393
skype: marco.strullato
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 04-02-2010, 02:42 PM
Renato Ribeiro da Silva
 
Default posix authentication - missing groups

Are you sing the memberuid or the uniquemember attribute in the ldap? What are the values?


*


Renato



Em 02/04/2010 11:38, Marco Strullato < marco.strullato@gmail.com > escreveu:
Thanks for the answer but I already disabled nscd...

Marco

2010/4/2 Renato Ribeiro da Silva :
> Marco,
>
> Try to stop the the nscd service. Sometimes it gives you the wrong
> information.
>
>
>
> Regards,
>
> Renato
>
>
>
>
>
> Em 02/04/2010 07:27, Marco Strullato < marco.strullato@gmail.com > escreveu:
> Hi all,
> I'm using fedora ds as authentication server for my network. I've
> configured the environment so that linux gets users and groups
> information from the ldap.
> The problem is that I'm getting incomplete information! groups
> definitions are missing.
>
> I'll give you
an example: a user has a uid, a primary gid and
> secondary gids. I'm not getting secondary gids.
>
> I would like "user" to be member of "group1" and "group2". If I ask
> the ldap with getent I get these information:
>
> getent passwd user
> user:x:496:601:user:/home/user:/bin/bash
>
> getent group group1
> group1:*:601:
>
> getent group group2
> group2:*:600:496,494
>
> as you can see user has id 496 and gid 601. user is member also of
> group2 ( gid 600)
>
> But if I query the system about the "user", I get:
>
> id user
> uid=496(user) gid=601(group1) groups=601(group1)
>
>
> Have you ever seen this behaviour? Have you got suggestions?
>
>
> Regards,
>
> Marco
> --
> 389 users mailing list
> 389-users@lists.fedoraprojec
t.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>



--
Marco Strullato
cell: +393288462393
skype: marco.strullato
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 04-02-2010, 02:53 PM
Marco Strullato
 
Default posix authentication - missing groups

I use the memberuid attribute: to be as clear as possible I'll paste
here the ldif.
I hope it will be useful.

This is the ldif of the user

# entry-id: 709
dn: uid=user,ou=ssh,c=it,o=organisation
modifyTimestamp: 20100331104156Z
modifiersName: cn=directory manager
gidNumber: 601
uidNumber: 496
cn: user
passwordGraceUserTime: 0
userPassword: {SHA}TytvRdv..<cut>
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2..<cut>
gecos: user
homeDirectory: /home/user
host: server_hostname
loginShell: /bin/bash
objectClass: top
objectClass: posixaccount
objectClass: shadowaccount
objectClass: hostobject
objectClass: account
objectClass: sudorole
objectClass: ldappublickey
sudoCommand:
sudoHost:
sudoOption:
sudoRunAs:
sudoUser:
uid: user
creatorsName: cn=directory manager
createTimestamp: 20100316092928Z
nsUniqueId: 51f09b01-1dd2..<cut>



These are the ldifs of the groups:

# entry-id: 742
dn: cn=group2, ou=ssh, c=it, o=organisation
modifyTimestamp: 20100331134146Z
modifiersName: cn=directory manager
memberUid: 496
memberUid: 494
gidNumber: 600
objectClass: top
objectClass: posixgroup
cn: group2
creatorsName: cn=directory manager
createTimestamp: 20100331083223Z
nsUniqueId: e55dca81-1dd11..<cut>



# entry-id: 743
dn: cn=group1,ou=ssh, c=it, o=organisation
gidNumber: 601
objectClass: top
objectClass: posixgroup
cn: group1
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20100331083429Z
modifyTimestamp: 20100331083429Z
nsUniqueId: 2ce45681-1dd2..<cut>

2010/4/2 Renato Ribeiro da Silva <capareci@uol.com.br>:
> Are you sing the memberuid or the uniquemember attribute in the ldap? What
> are the values?
>
>
>
> Renato
>
> Em 02/04/2010 11:38, Marco Strullato < marco.strullato@gmail.com > escreveu:
> Thanks for the answer but I already disabled nscd...
>
> Marco
>
> 2010/4/2 Renato Ribeiro da Silva :
>> Marco,
>>
>> Try to stop the the nscd service. Sometimes it gives you the wrong
>> information.
>>
>>
>>
>> Regards,
>>
>> Renato
>>
>>
>>
>>
>>
>> Em 02/04/2010 07:27, Marco Strullato < marco.strullato@gmail.com >
>> escreveu:
>> Hi all,
>> I'm using fedora ds as authentication server for my network. I've
>> configured the environment so that linux gets users and groups
>> information from the ldap.
>> The problem is that I'm getting incomplete information! groups
>> definitions are missing.
>>
>> I'll give you an example: a user has a uid, a primary gid and
>> secondary gids. I'm not getting secondary gids.
>>
>> I would like "user" to be member of "group1" and "group2". If I ask
>> the ldap with getent I get these information:
>>
>> getent passwd user
>> user:x:496:601:user:/home/user:/bin/bash
>>
>> getent group group1
>> group1:*:601:
>>
>> getent group group2
>> group2:*:600:496,494
>>
>> as you can see user has id 496 and gid 601. user is member also of
>> group2 ( gid 600)
>>
>> But if I query the system about the "user", I get:
>>
>> id user
>> uid=496(user) gid=601(group1) groups=601(group1)
>>
>>
>> Have you ever seen this behaviour? Have you got suggestions?
>>
>>
>> Regards,
>>
>> Marco
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraprojec t.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
>
> --
> Marco Strullato
> cell: +393288462393
> skype: marco.strullato
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>



--
Marco Strullato
cell: +393288462393
skype: marco.strullato
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 04-02-2010, 02:57 PM
Renato Ribeiro da Silva
 
Default posix authentication - missing groups

In the memberuid attribute you need to put the uid not the uidnumber.* In the memberuid attribute replace 496 by user and try again.


*


Regards,


Renato.

Em 02/04/2010 11:53, Marco Strullato < marco.strullato@gmail.com > escreveu:
I use the memberuid attribute: to be as clear as possible I'll paste
here the ldif.
I hope it will be useful.

This is the ldif of the user

# entry-id: 709
dn: uid=user,ou=ssh,c=it,o=organisation
modifyTimestamp: 20100331104156Z
modifiersName: cn=directory manager
gidNumber: 601
uidNumber: 496
cn: user
passwordGraceUserTime: 0
userPassword: {SHA}TytvRdv..
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2..
gecos: user
homeDirectory: /home/user
host: server_hostname
loginShell: /bin/bash
objectClass: top
objectClass: posixaccount
objectClass: shadowaccount
objectClass: hostobject
objectClass: account
objectClass: sudorole
objectClass: ldappublickey
sudoCommand:
sudoHost:sudoOption:
sudoRunAs:
sudoUser:
uid: user
creatorsName: cn=directory manager
createTimestamp: 20100316092928Z
nsUniqueId: 51f09b01-1dd2..



These are the ldifs of the groups:

# entry-id: 742
dn: cn=group2, ou=ssh, c=it, o=organisation
modifyTimestamp: 20100331134146Z
modifiersName: cn=directory manager
memberUid: 496
memberUid: 494
gidNumber: 600
objectClass: top
objectClass: posixgroup
cn: group2
creatorsName: cn=directory manager
createTimestamp: 20100331083223Z
nsUniqueId: e55dca81-1dd11..



# entry-id: 743
dn: cn=group1,ou=ssh, c=it, o=organisation
gidNumber: 601
objectClass: top
objectClass: posixgroup
cn: group1
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20100331083429Z
modifyTimestamp: 20100331083429Z
nsUniqueId: 2ce45681-1dd2..


2010/4/2 Renato Ribeiro da Silva :
> Are you sing the memberuid or the uniquemember attribute in the ldap? What
> are the values?
>
>
>
> Renato
>
> Em 02/04/2010 11:38, Marco Strullato < marco.strullato@gmail.com > escreveu:
> Thanks for the answer but I already disabled nscd...
>
> Marco
>
> 2010/4/2 Renato Ribeiro da Silva :
>> Marco,
>>
>> Try to stop the the nscd service. Sometimes it gives you the wrong
>> information.
>>
>>
>>
>> Regards,
>>
>> Renato
>>
>>
>>
>>
>>
>> Em 02/04/2010 07:27, Marco Strullato < marco.strullato@gmail.com >
>> escreveu:
>> Hi all,
>> I'm using fedora ds as authentication server for my network. I've
>&g
t; configured the environment so that linux gets users and groups
>> information from the ldap.
>> The problem is that I'm getting incomplete information! groups
>> definitions are missing.
>>
>> I'll give you an example: a user has a uid, a primary gid and
>> secondary gids. I'm not getting secondary gids.
>>
>> I would like "user" to be member of "group1" and "group2". If I ask
>> the ldap with getent I get these information:
>>
>> getent passwd user
>> user:x:496:601:user:/home/user:/bin/bash
>>
>> getent group group1
>> group1:*:601:
>>
>> getent group group2
>> group2:*:600:496,494
>>
>> as you can see user has id 496 and gid 601. user is member also of
>> group2 ( gid 600)
>>
>> But if I query the system about the "user"
, I get:
>>
>> id user
>> uid=496(user) gid=601(group1) groups=601(group1)
>>
>>
>> Have you ever seen this behaviour? Have you got suggestions?
>>
>>
>> Regards,
>>
>> Marco
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraprojec t.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
>
> --
> Marco Strullato
> cell: +393288462393
> skype: marco.strullato
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>

>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>



--
Marco Strullato
cell: +393288462393
skype: marco.strullato
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 04-02-2010, 03:04 PM
Marco Strullato
 
Default posix authentication - missing groups

What you suggest solved my problem!
memberuid mustn't be the uid number but the username!

Thank you very much!

Marco


2010/4/2 Renato Ribeiro da Silva <capareci@uol.com.br>:
>
> In the memberuid attribute you need to put the uid not the uidnumber.* In
> the memberuid attribute replace 496 by user and try again.
>
>
>
> Regards,
>
> Renato.
>
> Em 02/04/2010 11:53, Marco Strullato < marco.strullato@gmail.com > escreveu:
> I use the memberuid attribute: to be as clear as possible I'll paste
> here the ldif.
> I hope it will be useful.
>
> This is the ldif of the user
>
> # entry-id: 709
> dn: uid=user,ou=ssh,c=it,o=organisation
> modifyTimestamp: 20100331104156Z
> modifiersName: cn=directory manager
> gidNumber: 601
> uidNumber: 496
> cn: user
> passwordGraceUserTime: 0
> userPassword: {SHA}TytvRdv..
> sshPublicKey: ssh-rsa AAAAB3NzaC1yc2..
> gecos: user
> homeDirectory: /home/user
> host: server_hostname
> loginShell: /bin/bash
> objectClass: top
> objectClass: posixaccount
> objectClass: shadowaccount
> objectClass: hostobject
> objectClass: account
> objectClass: sudorole
> objectClass: ldappublickey
> sudoCommand:
> sudoHost:< br />sudoOption:
> sudoRunAs:
> sudoUser:
> uid: user
> creatorsName: cn=directory manager
> createTimestamp: 20100316092928Z
> nsUniqueId: 51f09b01-1dd2..
>
>
>
> These are the ldifs of the groups:
>
> # entry-id: 742
> dn: cn=group2, ou=ssh, c=it, o=organisation
> modifyTimestamp: 20100331134146Z
> modifiersName: cn=directory manager
> memberUid: 496
> memberUid: 494
> gidNumber: 600
> objectClass: top
> objectClass: posixgroup
> cn: group2
> creatorsName: cn=directory manager
> createTimestamp: 20100331083223Z
> nsUniqueId: e55dca81-1dd11..
>
>
>
> # entry-id: 743
> dn: cn=group1,ou=ssh, c=it, o=organisation
> gidNumber: 601
> objectClass: top
> objectClass: posixgroup
> cn: group1
> creatorsName: cn=directory manager
> modifiersName: cn=directory manager
> createTimestamp: 20100331083429Z
> modifyTimestamp: 20100331083429Z
> nsUniqueId: 2ce45681-1dd2..
>
> 2010/4/2 Renato Ribeiro da Silva :
>> Are you sing the memberuid or the uniquemember attribute in the ldap? What
>> are the values?
>>
>>
>>
>> Renato
>>
>> Em 02/04/2010 11:38, Marco Strullato < marco.strullato@gmail.com >
>> escreveu:
>> Thanks for the answer but I already disabled nscd...
>>
>> Marco
>>
>> 2010/4/2 Renato Ribeiro da Silva :
>>> Marco,
>>>
>>> Try to stop the the nscd service. Sometimes it gives you the wrong
>>> information.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Renato
>>>
>>>
>>>
>>>
>>>
>>> Em 02/04/2010 07:27, Marco Strullato < marco.strullato@gmail.com >
>>> escreveu:
>>> Hi all,
>>> I'm using fedora ds as authentication server for my network. I've
>>&g t; configured the environment so that linux gets users and groups
>>> information from the ldap.
>>> The problem is that I'm getting incomplete information! groups
>>> definitions are missing.
>>>
>>> I'll give you an example: a user has a uid, a primary gid and
>>> secondary gids. I'm not getting secondary gids.
>>>
>>> I would like "user" to be member of "group1" and "group2". If I ask
>>> the ldap with getent I get these information:
>>>
>>> getent passwd user
>>> user:x:496:601:user:/home/user:/bin/bash
>>>
>>> getent group group1
>>> group1:*:601:
>>>
>>> getent group group2
>>> group2:*:600:496,494
>>>
>>> as you can see user has id 496 and gid 601. user is member also of
>>> group2 ( gid 600)
>>>
>>> But if I query the system about the "user" , I get:
>>>
>>> id user
>>> uid=496(user) gid=601(group1) groups=601(group1)
>>>
>>>
>>> Have you ever seen this behaviour? Have you got suggestions?
>>>
>>>
>>> Regards,
>>>
>>> Marco
>>> --
>>> 389 users mailing list
>>> 389-users@lists.fedoraprojec t.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users@lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>
>>
>>
>> --
>> Marco Strullato
>> cell: +393288462393
>> skype: marco.strullato
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
>
> --
> Marco Strullato
> cell: +393288462393
> skype: marco.strullato
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>



--
Marco Strullato
cell: +393288462393
skype: marco.strullato
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 09:32 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org