Re: missing user name
On Tuesday, July 31, 2012 03:06:44 PM Harris, Todd wrote:
I'm looking at a problem that has me really scratching my head.
I've got a rhel 5.4 system that's using likewise and active directory to
authenticate users, at least ones that are not defined locally. Locally
defined users work just fine, but any user that is defined in the active
directory server is showing up in events as "unknown(uid)" the uid appears
to be filled out correctly, and if the user is defined locally as well as
in active directory it works just fine, but that kind of defeats the
purpose.
Ausearch/report/libauparse all use the glibc function, getpwuid(). So, the
names would need to be available via that function. That said, there are ways
to hook it up so that it resolves with NSS or nscd. It would seem like more
than just ausearch would have problems resolving user names since getpwnam and
getpwuid are central to almost all Linux programs that display uid or names.
Also failed logins are showing up correctly,
This is because they are handled differently. They are in an acct field rather
than auid field.
-Steve