We are using a product called Likewise, which was purchased by beyond trust. I don’t know if I mentioned it before but the system works on the other rhel nodes we have.
From: Saunders, Thomas D. II [mailto:THOMAS.D.SAUNDERS.II@saic.com]
Sent: Tuesday, July 31, 2012 3:16 PM
To: Harris, Todd; linux-audit@redhat.com
Subject: RE: missing user name
Are you using OpenLDAP to connect to MS AD servers?
Tom Saunders | SAIC
Senior Information Assurance & Security Engineer
phone: 540-653-0986 | fax 540-663-0640
mobile: 540-408-3087| email: SaundersT@saic.com
SIPRnet: Thomas.D.Saunders@us.army.smil.mil
SIPRnet: Thomas.Saunders@navy.smil.mil
Science Applications International Corporation
SAIC
16442 Commerce Drive
King George, VA 22485
www.saic.com
From: linux-audit-bounces@redhat.com on behalf of Harris, Todd
Sent: Tue 7/31/2012 3:06 PM
To: linux-audit@redhat.com
Subject: missing user name
I’m looking at a problem that has me really scratching my head.
I’ve got a rhel 5.4 system that’s using likewise and active directory to authenticate users, at least ones that are not defined locally. Locally defined users work just fine, but any user that is defined in the active directory server is showing up in events as “unknown(uid)” the uid appears to be filled out correctly, and if the user is defined locally as well as in active directory it works just fine, but that kind of defeats the purpose. Also failed logins are showing up correctly, but I can’t figure out what they have done to their system to cause this. Can anyone give me a little direction on where I should look to determine what’s actually going on. I haven’t been able to determine how the system actually resolves the user names.
Don’t know if this is important but we are using the prelude plugin and where we notice the discrepancy is in the output from the prelude-manager, I have not looked to see if it’s wrong in the aureords.
_______________________________
Todd Harris
Progeny Systems
Office Number: 703-368-6107 ext517