Re: missing user name

We are using a product called Likewise, which was purchased by beyond trust. I don?t know if I mentioned it before but the system works on the other rhel nodes we have.

*From:*Saunders, Thomas D. II [mailto:THOMAS.D.SAUNDERS.II@saic.com] *Sent:* Tuesday, July 31, 2012 3:16 PM *To:* Harris, Todd; linux-audit(a)redhat.com *Subject:* RE: missing user name Are you using OpenLDAP to connect to MS AD servers? Tom Saunders | SAIC Senior Information Assurance & Security Engineer phone: 540-653-0986 | fax 540-663-0640 mobile: 540-408-3087| email: SaundersT(a)saic.com <mailto:SaundersT@saic.com> SIPRnet: Thomas.D.Saunders(a)us.army.smil.mil <mailto:Thomas.D.Saunders@us.army.smil.mil> SIPRnet: Thomas.Saunders(a)navy.smil.mil <mailto:Thomas.Saunders@navy.smil.mil> Science Applications International Corporation SAIC 16442 Commerce Drive King George, VA 22485 www.saic.com <http://www.saic.com/> -------------------------------------------------------------------------------- *From:*linux-audit-bounces@redhat.com <mailto:linux-audit-bounces@redhat.com> on behalf of Harris, Todd *Sent:* Tue 7/31/2012 3:06 PM *To:* linux-audit(a)redhat.com <mailto:linux-audit@redhat.com> *Subject:* missing user name I?m looking at a problem that has me really scratching my head. I?ve got a rhel 5.4 system that?s using likewise and active directory to authenticate users, at least ones that are not defined locally. Locally defined users work just fine, but any user that is defined in the active directory server is showing up in events as ?unknown(uid)? the uid appears to be filled out correctly, and if the user is defined locally as well as in active directory it works just fine, but that kind of defeats the purpose. Also failed logins are showing up correctly, but I can?t figure out what they have done to their system to cause this. Can anyone give me a little direction on where I should look to determine what?s actually going on. I haven?t been able to determine how the system actually resolves the user names. Don?t know if this is important but we are using the prelude plugin and where we notice the discrepancy is in the output from the prelude-manager, I have not looked to see if it?s wrong in the aureords. _______________________________ Todd Harris Progeny Systems Office Number: 703-368-6107 ext517 -- Linux-audit mailing list Linux-audit(a)redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAZIU8ACgkQrlYvE4MpobPxqgCguRHT0pqj8ZkRzyOTGrOm9BNP PM0AoKDWAtY8OVQqzJbcM9QGQJmrDfzc =cCap -----END PGP SIGNATURE-----