FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 06-07-2011, 05:38 PM
"David Barr"
 
Default Does Oracle interfere with LDAP authentication?

Good Morning!

Take 30 hosts, all with identical

/etc/nsswitch.conf
/etc/ldap.conf
/etc/ssh/ssh_config
/etc/ssh/sshd_config
/etc/auto.master and subsidiary files

The only two hosts where LDAP authentication fails are the two Oracle
servers. All are running on the same RHEL 5.4.

Anyone seen anything like this, before?

Thanks!
David

--
David - Offbeat http://dafydd.livejournal.com
dafydd - Online http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
Integrity*Commitment*Communication*Support


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-07-2011, 05:49 PM
crashingdaily
 
Default Does Oracle interfere with LDAP authentication?

Oracle includes its own LDAP client and libs whose syntax is different
from OpenLDAP's. Is $ORACLE_HOME/bin/ earlier in your $PATH than /
usr/bin ?

On Jun 7, 2011, at 1:38 PM, David Barr wrote:

> Good Morning!
>
> Take 30 hosts, all with identical
>
> /etc/nsswitch.conf
> /etc/ldap.conf
> /etc/ssh/ssh_config
> /etc/ssh/sshd_config
> /etc/auto.master and subsidiary files
>
> The only two hosts where LDAP authentication fails are the two Oracle
> servers. All are running on the same RHEL 5.4.
>
> Anyone seen anything like this, before?
>
> Thanks!
> David
>
> --
> David - Offbeat http://dafydd.livejournal.com
> dafydd - Online http://pgp.mit.edu/
> Battalion 4 - Black Rock City Emergency Services Department
> Integrity*Commitment*Communication*Support
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-07-2011, 06:43 PM
"David Barr"
 
Default Does Oracle interfere with LDAP authentication?

This is occurring at login, before the user-specific path is set. (At
least, I hope we're waiting for authentication before setting the user's
path!) So, the relevant path is the one built into sshd at compile time,
and reported in /etc/ssh/sshd_config, right?[1] That's just
/usr/local/bin:/bin:/usr/bin.

I took at shot at "ps faux" to see if I could find any child processes
invoked by sshd to test the ldap authentication. I didn't catch anything.

"getent passwd" as root on these hosts does return the LDAP based users.
So, I can see at least that much of the RHDS. So, I know the server is
visible and talking to these hosts.

Thanks!
David

[1] -
http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1307470719578+28 353475&threadId=686313


On Tue, June 7, 2011 10:49, crashingdaily wrote:
> Oracle includes its own LDAP client and libs whose syntax is different
> from OpenLDAP's. Is $ORACLE_HOME/bin/ earlier in your $PATH than /
> usr/bin ?
>
> On Jun 7, 2011, at 1:38 PM, David Barr wrote:
>
>> Good Morning!
>>
>> Take 30 hosts, all with identical
>>
>> /etc/nsswitch.conf
>> /etc/ldap.conf
>> /etc/ssh/ssh_config
>> /etc/ssh/sshd_config
>> /etc/auto.master and subsidiary files
>>
>> The only two hosts where LDAP authentication fails are the two Oracle
>> servers. All are running on the same RHEL 5.4.
>>
>> Anyone seen anything like this, before?
>>
>> Thanks!
>> David

--
David - Offbeat http://dafydd.livejournal.com
dafydd - Online http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
Integrity*Commitment*Communication*Support


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-07-2011, 06:57 PM
Colin Panisset
 
Default Does Oracle interfere with LDAP authentication?

One useful method for tracking down oddness like this is to run a test-mode sshd on a different port:

server# /usr/sbin/sshd -ddd -p 28

and then, on the client:

client$ ssh server -p 28

and watch what sshd is doing. It's unlikely that Oracle elements are in the path prior though, since none of these are called directly on a command-line by sshd; instead it's more likely to be a PAM configuration oddness; check /etc/pam.d/* to see whether Oracle has put something strange in there.

-- C.
________________________________________
From: 389-users-bounces@lists.fedoraproject.org [389-users-bounces@lists.fedoraproject.org] On Behalf Of David Barr [dafydd@dafydd.com]
Sent: Wednesday, June 08, 2011 4:43 AM
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] Does Oracle interfere with LDAP authentication?

This is occurring at login, before the user-specific path is set. (At
least, I hope we're waiting for authentication before setting the user's
path!) So, the relevant path is the one built into sshd at compile time,
and reported in /etc/ssh/sshd_config, right?[1] That's just
/usr/local/bin:/bin:/usr/bin.

I took at shot at "ps faux" to see if I could find any child processes
invoked by sshd to test the ldap authentication. I didn't catch anything.

"getent passwd" as root on these hosts does return the LDAP based users.
So, I can see at least that much of the RHDS. So, I know the server is
visible and talking to these hosts.

Thanks!
David

[1] -
http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1307470719578+28 353475&threadId=686313


On Tue, June 7, 2011 10:49, crashingdaily wrote:
> Oracle includes its own LDAP client and libs whose syntax is different
> from OpenLDAP's. Is $ORACLE_HOME/bin/ earlier in your $PATH than /
> usr/bin ?
>
> On Jun 7, 2011, at 1:38 PM, David Barr wrote:
>
>> Good Morning!
>>
>> Take 30 hosts, all with identical
>>
>> /etc/nsswitch.conf
>> /etc/ldap.conf
>> /etc/ssh/ssh_config
>> /etc/ssh/sshd_config
>> /etc/auto.master and subsidiary files
>>
>> The only two hosts where LDAP authentication fails are the two Oracle
>> servers. All are running on the same RHEL 5.4.
>>
>> Anyone seen anything like this, before?
>>
>> Thanks!
>> David

--
David - Offbeat http://dafydd.livejournal.com
dafydd - Online http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
Integrity*Commitment*Communication*Support


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 02:24 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org