We are using a product called Likewise, which was purchased by beyond trust. I don't
know if I mentioned it before but the system works on the other rhel nodes we have.
From: Saunders, Thomas D. II [mailto:THOMAS.D.SAUNDERS.II@saic.com]
Sent: Tuesday, July 31, 2012 3:16 PM
To: Harris, Todd; linux-audit(a)redhat.com
Subject: RE: missing user name
Are you using OpenLDAP to connect to MS AD servers?
Tom Saunders | SAIC
Senior Information Assurance & Security Engineer
phone: 540-653-0986 | fax 540-663-0640
mobile: 540-408-3087| email: SaundersT@saic.com<mailto:SaundersT@saic.com>
SIPRnet:
Thomas.D.Saunders@us.army.smil.mil<mailto:Thomas.D.Saunders@us.army.smil.mil>
SIPRnet: Thomas.Saunders@navy.smil.mil<mailto:Thomas.Saunders@navy.smil.mil>
Science Applications International Corporation
SAIC
16442 Commerce Drive
King George, VA 22485
www.saic.com<http://www.saic.com/>
________________________________
From: linux-audit-bounces@redhat.com<mailto:linux-audit-bounces@redhat.com> on
behalf of Harris, Todd
Sent: Tue 7/31/2012 3:06 PM
To: linux-audit@redhat.com<mailto:linux-audit@redhat.com>
Subject: missing user name
I'm looking at a problem that has me really scratching my head.
I've got a rhel 5.4 system that's using likewise and active directory to
authenticate users, at least ones that are not defined locally. Locally defined users
work just fine, but any user that is defined in the active directory server is showing up
in events as "unknown(uid)" the uid appears to be filled out correctly, and if
the user is defined locally as well as in active directory it works just fine, but that
kind of defeats the purpose. Also failed logins are showing up correctly, but I can't
figure out what they have done to their system to cause this. Can anyone give me a little
direction on where I should look to determine what's actually going on. I haven't
been able to determine how the system actually resolves the user names.
Don't know if this is important but we are using the prelude plugin and where we
notice the discrepancy is in the output from the prelude-manager, I have not looked to see
if it's wrong in the aureords.
_______________________________
Todd Harris
Progeny Systems
Office Number: 703-368-6107 ext517