Re: missing user name

From: Daniel J Walsh <dwalsh@redhat.com>
To: "Harris, Todd" <Brian.Harris@progeny.net>
Cc: "Saunders, Thomas D. II" <THOMAS.D.SAUNDERS.II@saic.com>,
	"linux-audit@redhat.com" <linux-audit@redhat.com>
Subject: Re: missing user name
Date: Wed, 01 Aug 2012 08:30:07 -0400	[thread overview]
Message-ID: <5019214F.1060706@redhat.com> (raw)
In-Reply-To: <CE9F636BC12CA0449033D1E0B8B57C440744D27BB1@ES2K7-MBX-1.progeny.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/31/2012 04:33 PM, Harris, Todd wrote:
> We are using a product called Likewise, which was purchased by beyond
> trust.  I don?t know if I mentioned it before but the system works on the
> other rhel nodes we have.
> 
> 
Any SELinux issues?
> 
> *From:*Saunders, Thomas D. II [mailto:THOMAS.D.SAUNDERS.II@saic.com] 
> *Sent:* Tuesday, July 31, 2012 3:16 PM *To:* Harris, Todd;
> linux-audit@redhat.com *Subject:* RE: missing user name
> 
> 
> 
> Are you using OpenLDAP to connect to MS AD servers?
> 
> 
> 
> Tom Saunders | SAIC Senior Information Assurance & Security Engineer phone:
> 540-653-0986 | fax 540-663-0640
> 
> mobile: 540-408-3087| email: SaundersT@saic.com
> <mailto:SaundersT@saic.com> SIPRnet: Thomas.D.Saunders@us.army.smil.mil 
> <mailto:Thomas.D.Saunders@us.army.smil.mil>
> 
> SIPRnet: Thomas.Saunders@navy.smil.mil
> <mailto:Thomas.Saunders@navy.smil.mil>
> 
> 
> 
> Science Applications International Corporation SAIC 16442 Commerce Drive 
> King George, VA  22485
> 
> www.saic.com <http://www.saic.com/>
> 
> 
> 
> 
> 
> --------------------------------------------------------------------------------
>
>  *From:*linux-audit-bounces@redhat.com
> <mailto:linux-audit-bounces@redhat.com> on behalf of Harris, Todd *Sent:*
> Tue 7/31/2012 3:06 PM *To:* linux-audit@redhat.com
> <mailto:linux-audit@redhat.com> *Subject:* missing user name
> 
> I?m looking at a problem that has me really scratching my head.
> 
> 
> 
> I?ve got a rhel 5.4 system that?s using likewise and active directory to 
> authenticate users, at least ones that are not defined locally.  Locally
> defined users work just fine, but any user that is defined in the active
> directory server is showing up in events as ?unknown(uid)? the uid appears
> to be filled out correctly, and if the user is defined locally as well as
> in active directory it works just fine, but that kind of defeats the
> purpose.  Also failed logins are showing up correctly, but I can?t figure
> out what they have done to their system to cause this.  Can anyone give me
> a little direction on where I should look to determine what?s actually
> going on.  I haven?t been able to determine how the system actually
> resolves the user names.
> 
> 
> 
> Don?t know if this is important but we are using the prelude plugin and
> where we notice the discrepancy is in the output from the prelude-manager,
> I have not looked to see if it?s wrong in the aureords.
> 
> 
> 
> _______________________________
> 
> Todd Harris
> 
> Progeny Systems
> 
> Office Number: 703-368-6107 ext517
> 
> 
> 
> 
> 
> 
> 
> -- Linux-audit mailing list Linux-audit@redhat.com 
> https://www.redhat.com/mailman/listinfo/linux-audit
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAZIU8ACgkQrlYvE4MpobPxqgCguRHT0pqj8ZkRzyOTGrOm9BNP
PM0AoKDWAtY8OVQqzJbcM9QGQJmrDfzc
=cCap
-----END PGP SIGNATURE-----