Hi all,
I'm using fedora ds as authentication server for my network. I've
configured the environment so that linux gets users and groups
information from the ldap.
The problem is that I'm getting incomplete information! groups
definitions are missing.
I'll give you an example: a user has a uid, a primary gid and
secondary gids. I'm not getting secondary gids.
I would like "user" to be member of "group1" and "group2". If I ask
the ldap with getent I get these information:
getent passwd user
user:x:496:601:user:/home/user:/bin/bash
getent group group1
group1:*:601:
getent group group2
group2:*:600:496,494
as you can see user has id 496 and gid 601. user is member also of
group2 (gid 600)
But if I query the system about the "user", I get:
id user
uid=496(user) gid=601(group1) groups=601(group1)
Have you ever seen this behaviour? Have you got suggestions?
Regards,
Marco
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
04-02-2010, 02:33 PM
Renato Ribeiro da Silva
posix authentication - missing groups
Marco,
Try to stop the the nscd service. Sometimes it gives you the wrong information.
*
Regards,
Renato
*
*
Em 02/04/2010 07:27, Marco Strullato < marco.strullato@gmail.com > escreveu:
Hi all,
I'm using fedora ds as authentication server for my network. I've
configured the environment so that linux gets users and groups
information from the ldap.
The problem is that I'm getting incomplete information! groups
definitions are missing.
I'll give you an example: a user has a uid, a primary gid and
secondary gids. I'm not getting secondary gids.
I would like "user" to be member of "group1" and "group2". If I ask
the ldap with getent I get these information:
getent passwd user
user:x:496:601:user:/home/user:/bin/bash
getent group group1
group1:*:601:
getent group group2
group2:*:600:496,494
as you can see user has id 496 and gid 601. user is member also of
group2 (
gid 600)
But if I query the system about the "user", I get:
id user
uid=496(user) gid=601(group1) groups=601(group1)
Have you ever seen this behaviour? Have you got suggestions?
Regards,
Marco
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
04-02-2010, 02:38 PM
Marco Strullato
posix authentication - missing groups
Thanks for the answer but I already disabled nscd...
Marco
2010/4/2 Renato Ribeiro da Silva <capareci@uol.com.br>:
> Marco,
>
> Try to stop the the nscd service. Sometimes it gives you the wrong
> information.
>
>
>
> Regards,
>
> Renato
>
>
>
>
>
> Em 02/04/2010 07:27, Marco Strullato < marco.strullato@gmail.com > escreveu:
> Hi all,
> I'm using fedora ds as authentication server for my network. I've
> configured the environment so that linux gets users and groups
> information from the ldap.
> The problem is that I'm getting incomplete information! groups
> definitions are missing.
>
> I'll give you an example: a user has a uid, a primary gid and
> secondary gids. I'm not getting secondary gids.
>
> I would like "user" to be member of "group1" and "group2". If I ask
> the ldap with getent I get these information:
>
> getent passwd user
> user:x:496:601:user:/home/user:/bin/bash
>
> getent group group1
> group1:*:601:
>
> getent group group2
> group2:*:600:496,494
>
> as you can see user has id 496 and gid 601. user is member also of
> group2 ( gid 600)
>
> But if I query the system about the "user", I get:
>
> id user
> uid=496(user) gid=601(group1) groups=601(group1)
>
>
> Have you ever seen this behaviour? Have you got suggestions?
>
>
> Regards,
>
> Marco
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
Marco Strullato
cell: +393288462393
skype: marco.strullato
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
04-02-2010, 02:42 PM
Renato Ribeiro da Silva
posix authentication - missing groups
Are you sing the memberuid or the uniquemember attribute in the ldap? What are the values?
*
Renato
Em 02/04/2010 11:38, Marco Strullato < marco.strullato@gmail.com > escreveu:
Thanks for the answer but I already disabled nscd...
Marco
2010/4/2 Renato Ribeiro da Silva :
> Marco,
>
> Try to stop the the nscd service. Sometimes it gives you the wrong
> information.
>
>
>
> Regards,
>
> Renato
>
>
>
>
>
> Em 02/04/2010 07:27, Marco Strullato < marco.strullato@gmail.com > escreveu:
> Hi all,
> I'm using fedora ds as authentication server for my network. I've
> configured the environment so that linux gets users and groups
> information from the ldap.
> The problem is that I'm getting incomplete information! groups
> definitions are missing.
>
> I'll give you
an example: a user has a uid, a primary gid and
> secondary gids. I'm not getting secondary gids.
>
> I would like "user" to be member of "group1" and "group2". If I ask
> the ldap with getent I get these information:
>
> getent passwd user
> user:x:496:601:user:/home/user:/bin/bash
>
> getent group group1
> group1:*:601:
>
> getent group group2
> group2:*:600:496,494
>
> as you can see user has id 496 and gid 601. user is member also of
> group2 ( gid 600)
>
> But if I query the system about the "user", I get:
>
> id user
> uid=496(user) gid=601(group1) groups=601(group1)
>
>
> Have you ever seen this behaviour? Have you got suggestions?
>
>
> Regards,
>
> Marco
> --
> 389 users mailing list
> 389-users@lists.fedoraprojec
t.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
Marco Strullato
cell: +393288462393
skype: marco.strullato
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
04-02-2010, 02:53 PM
Marco Strullato
posix authentication - missing groups
I use the memberuid attribute: to be as clear as possible I'll paste
here the ldif.
I hope it will be useful.
2010/4/2 Renato Ribeiro da Silva <capareci@uol.com.br>:
> Are you sing the memberuid or the uniquemember attribute in the ldap? What
> are the values?
>
>
>
> Renato
>
> Em 02/04/2010 11:38, Marco Strullato < marco.strullato@gmail.com > escreveu:
> Thanks for the answer but I already disabled nscd...
>
> Marco
>
> 2010/4/2 Renato Ribeiro da Silva :
>> Marco,
>>
>> Try to stop the the nscd service. Sometimes it gives you the wrong
>> information.
>>
>>
>>
>> Regards,
>>
>> Renato
>>
>>
>>
>>
>>
>> Em 02/04/2010 07:27, Marco Strullato < marco.strullato@gmail.com >
>> escreveu:
>> Hi all,
>> I'm using fedora ds as authentication server for my network. I've
>> configured the environment so that linux gets users and groups
>> information from the ldap.
>> The problem is that I'm getting incomplete information! groups
>> definitions are missing.
>>
>> I'll give you an example: a user has a uid, a primary gid and
>> secondary gids. I'm not getting secondary gids.
>>
>> I would like "user" to be member of "group1" and "group2". If I ask
>> the ldap with getent I get these information:
>>
>> getent passwd user
>> user:x:496:601:user:/home/user:/bin/bash
>>
>> getent group group1
>> group1:*:601:
>>
>> getent group group2
>> group2:*:600:496,494
>>
>> as you can see user has id 496 and gid 601. user is member also of
>> group2 ( gid 600)
>>
>> But if I query the system about the "user", I get:
>>
>> id user
>> uid=496(user) gid=601(group1) groups=601(group1)
>>
>>
>> Have you ever seen this behaviour? Have you got suggestions?
>>
>>
>> Regards,
>>
>> Marco
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraprojec t.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
>
> --
> Marco Strullato
> cell: +393288462393
> skype: marco.strullato
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
Marco Strullato
cell: +393288462393
skype: marco.strullato
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
04-02-2010, 02:57 PM
Renato Ribeiro da Silva
posix authentication - missing groups
In the memberuid attribute you need to put the uid not the uidnumber.* In the memberuid attribute replace 496 by user and try again.
*
Regards,
Renato.
Em 02/04/2010 11:53, Marco Strullato < marco.strullato@gmail.com > escreveu:
I use the memberuid attribute: to be as clear as possible I'll paste
here the ldif.
I hope it will be useful.
2010/4/2 Renato Ribeiro da Silva :
> Are you sing the memberuid or the uniquemember attribute in the ldap? What
> are the values?
>
>
>
> Renato
>
> Em 02/04/2010 11:38, Marco Strullato < marco.strullato@gmail.com > escreveu:
> Thanks for the answer but I already disabled nscd...
>
> Marco
>
> 2010/4/2 Renato Ribeiro da Silva :
>> Marco,
>>
>> Try to stop the the nscd service. Sometimes it gives you the wrong
>> information.
>>
>>
>>
>> Regards,
>>
>> Renato
>>
>>
>>
>>
>>
>> Em 02/04/2010 07:27, Marco Strullato < marco.strullato@gmail.com >
>> escreveu:
>> Hi all,
>> I'm using fedora ds as authentication server for my network. I've
>&g
t; configured the environment so that linux gets users and groups
>> information from the ldap.
>> The problem is that I'm getting incomplete information! groups
>> definitions are missing.
>>
>> I'll give you an example: a user has a uid, a primary gid and
>> secondary gids. I'm not getting secondary gids.
>>
>> I would like "user" to be member of "group1" and "group2". If I ask
>> the ldap with getent I get these information:
>>
>> getent passwd user
>> user:x:496:601:user:/home/user:/bin/bash
>>
>> getent group group1
>> group1:*:601:
>>
>> getent group group2
>> group2:*:600:496,494
>>
>> as you can see user has id 496 and gid 601. user is member also of
>> group2 ( gid 600)
>>
>> But if I query the system about the "user"
, I get:
>>
>> id user
>> uid=496(user) gid=601(group1) groups=601(group1)
>>
>>
>> Have you ever seen this behaviour? Have you got suggestions?
>>
>>
>> Regards,
>>
>> Marco
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraprojec t.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
>
> --
> Marco Strullato
> cell: +393288462393
> skype: marco.strullato
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
Marco Strullato
cell: +393288462393
skype: marco.strullato
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
04-02-2010, 03:04 PM
Marco Strullato
posix authentication - missing groups
What you suggest solved my problem!
memberuid mustn't be the uid number but the username!
Thank you very much!
Marco
2010/4/2 Renato Ribeiro da Silva <capareci@uol.com.br>:
>
> In the memberuid attribute you need to put the uid not the uidnumber.* In
> the memberuid attribute replace 496 by user and try again.
>
>
>
> Regards,
>
> Renato.
>
> Em 02/04/2010 11:53, Marco Strullato < marco.strullato@gmail.com > escreveu:
> I use the memberuid attribute: to be as clear as possible I'll paste
> here the ldif.
> I hope it will be useful.
>
> This is the ldif of the user
>
> # entry-id: 709
> dn: uid=user,ou=ssh,c=it,o=organisation
> modifyTimestamp: 20100331104156Z
> modifiersName: cn=directory manager
> gidNumber: 601
> uidNumber: 496
> cn: user
> passwordGraceUserTime: 0
> userPassword: {SHA}TytvRdv..
> sshPublicKey: ssh-rsa AAAAB3NzaC1yc2..
> gecos: user
> homeDirectory: /home/user
> host: server_hostname
> loginShell: /bin/bash
> objectClass: top
> objectClass: posixaccount
> objectClass: shadowaccount
> objectClass: hostobject
> objectClass: account
> objectClass: sudorole
> objectClass: ldappublickey
> sudoCommand:
> sudoHost:< br />sudoOption:
> sudoRunAs:
> sudoUser:
> uid: user
> creatorsName: cn=directory manager
> createTimestamp: 20100316092928Z
> nsUniqueId: 51f09b01-1dd2..
>
>
>
> These are the ldifs of the groups:
>
> # entry-id: 742
> dn: cn=group2, ou=ssh, c=it, o=organisation
> modifyTimestamp: 20100331134146Z
> modifiersName: cn=directory manager
> memberUid: 496
> memberUid: 494
> gidNumber: 600
> objectClass: top
> objectClass: posixgroup
> cn: group2
> creatorsName: cn=directory manager
> createTimestamp: 20100331083223Z
> nsUniqueId: e55dca81-1dd11..
>
>
>
> # entry-id: 743
> dn: cn=group1,ou=ssh, c=it, o=organisation
> gidNumber: 601
> objectClass: top
> objectClass: posixgroup
> cn: group1
> creatorsName: cn=directory manager
> modifiersName: cn=directory manager
> createTimestamp: 20100331083429Z
> modifyTimestamp: 20100331083429Z
> nsUniqueId: 2ce45681-1dd2..
>
> 2010/4/2 Renato Ribeiro da Silva :
>> Are you sing the memberuid or the uniquemember attribute in the ldap? What
>> are the values?
>>
>>
>>
>> Renato
>>
>> Em 02/04/2010 11:38, Marco Strullato < marco.strullato@gmail.com >
>> escreveu:
>> Thanks for the answer but I already disabled nscd...
>>
>> Marco
>>
>> 2010/4/2 Renato Ribeiro da Silva :
>>> Marco,
>>>
>>> Try to stop the the nscd service. Sometimes it gives you the wrong
>>> information.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Renato
>>>
>>>
>>>
>>>
>>>
>>> Em 02/04/2010 07:27, Marco Strullato < marco.strullato@gmail.com >
>>> escreveu:
>>> Hi all,
>>> I'm using fedora ds as authentication server for my network. I've
>>&g t; configured the environment so that linux gets users and groups
>>> information from the ldap.
>>> The problem is that I'm getting incomplete information! groups
>>> definitions are missing.
>>>
>>> I'll give you an example: a user has a uid, a primary gid and
>>> secondary gids. I'm not getting secondary gids.
>>>
>>> I would like "user" to be member of "group1" and "group2". If I ask
>>> the ldap with getent I get these information:
>>>
>>> getent passwd user
>>> user:x:496:601:user:/home/user:/bin/bash
>>>
>>> getent group group1
>>> group1:*:601:
>>>
>>> getent group group2
>>> group2:*:600:496,494
>>>
>>> as you can see user has id 496 and gid 601. user is member also of
>>> group2 ( gid 600)
>>>
>>> But if I query the system about the "user" , I get:
>>>
>>> id user
>>> uid=496(user) gid=601(group1) groups=601(group1)
>>>
>>>
>>> Have you ever seen this behaviour? Have you got suggestions?
>>>
>>>
>>> Regards,
>>>
>>> Marco
>>> --
>>> 389 users mailing list
>>> 389-users@lists.fedoraprojec t.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users@lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>
>>
>>
>> --
>> Marco Strullato
>> cell: +393288462393
>> skype: marco.strullato
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
>
> --
> Marco Strullato
> cell: +393288462393
> skype: marco.strullato
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
Marco Strullato
cell: +393288462393
skype: marco.strullato
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
posix authentication - missing groups
