From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel J Walsh Subject: Re: missing user name Date: Wed, 01 Aug 2012 08:30:07 -0400 Message-ID: <5019214F.1060706@redhat.com> References: <2131072AB2142D4DB1D8B979446D73F8141F7A@0015-its-exmb10.us.saic.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: "Harris, Todd" Cc: "Saunders, Thomas D. II" , "linux-audit@redhat.com" List-Id: linux-audit@redhat.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/31/2012 04:33 PM, Harris, Todd wrote: > We are using a product called Likewise, which was purchased by beyond > trust. I don?t know if I mentioned it before but the system works on the > other rhel nodes we have. > > Any SELinux issues? > > *From:*Saunders, Thomas D. II [mailto:THOMAS.D.SAUNDERS.II@saic.com] > *Sent:* Tuesday, July 31, 2012 3:16 PM *To:* Harris, Todd; > linux-audit@redhat.com *Subject:* RE: missing user name > > > > Are you using OpenLDAP to connect to MS AD servers? > > > > Tom Saunders | SAIC Senior Information Assurance & Security Engineer phone: > 540-653-0986 | fax 540-663-0640 > > mobile: 540-408-3087| email: SaundersT@saic.com > SIPRnet: Thomas.D.Saunders@us.army.smil.mil > > > SIPRnet: Thomas.Saunders@navy.smil.mil > > > > > Science Applications International Corporation SAIC 16442 Commerce Drive > King George, VA 22485 > > www.saic.com > > > > > > -------------------------------------------------------------------------------- > > *From:*linux-audit-bounces@redhat.com > on behalf of Harris, Todd *Sent:* > Tue 7/31/2012 3:06 PM *To:* linux-audit@redhat.com > *Subject:* missing user name > > I?m looking at a problem that has me really scratching my head. > > > > I?ve got a rhel 5.4 system that?s using likewise and active directory to > authenticate users, at least ones that are not defined locally. Locally > defined users work just fine, but any user that is defined in the active > directory server is showing up in events as ?unknown(uid)? the uid appears > to be filled out correctly, and if the user is defined locally as well as > in active directory it works just fine, but that kind of defeats the > purpose. Also failed logins are showing up correctly, but I can?t figure > out what they have done to their system to cause this. Can anyone give me > a little direction on where I should look to determine what?s actually > going on. I haven?t been able to determine how the system actually > resolves the user names. > > > > Don?t know if this is important but we are using the prelude plugin and > where we notice the discrepancy is in the output from the prelude-manager, > I have not looked to see if it?s wrong in the aureords. > > > > _______________________________ > > Todd Harris > > Progeny Systems > > Office Number: 703-368-6107 ext517 > > > > > > > > -- Linux-audit mailing list Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAZIU8ACgkQrlYvE4MpobPxqgCguRHT0pqj8ZkRzyOTGrOm9BNP PM0AoKDWAtY8OVQqzJbcM9QGQJmrDfzc =cCap -----END PGP SIGNATURE-----