|
|
Re: -bash: [: : integer expression expected: msg#00026ldap.padl.nss
On Fri, 2006-09-15 at 08:23 +0100, Howard Wilkinson wrote: > Daniel, > > the use of '*' for the password field is standard practice and SHOULD > not be the cause of this problem. In this case, why are my working systems, which are running libnss-ldap 238, showing the standard shadow 'x'. This is the only system which shows an asterisk. > I do not remember from the previous message what platform you are > running on. Debian Sarge. > On our FC5 system the id utility comes from coreutils and we run > 5.97-1.2 which works with ldap/AD users. I suggest you find a > compatible version for your box and see if that fixes the problem. It > is possible that id uses regex in spliting the data and has > misinterpreted the '*' as a pattern. This is a complete guess. Also, > try to run the following as your user on the failing system > > getent passwd dcross > getent passwd | grep dcross > > If you do not get the same answer you have a problem with nscd or > permissions accessing the LDAP database as a standard user rather than > root. id is 5.2.1. However I think the issue is before id is used. Once again I think this is a further symptom but not the underlying issue. id is used when setting the path while inititialising the shell, no? I think whatever the issue is, it's before this point. Also, this is the same version that is installed on the boxes which work, running libnss-ldap 238. Also the nss, ldap, libuuid, pam libraries and packages are all the same versions. Actually, would id not be using libnss-ldap to look up this info? Also, as far as it being ldap permissions, how can this be the case, as it worked fine under an earlier libnss-ldap. I am also not running nscd. I cannot run the above as my user, as my user cannot do _anything_ once logged in. If I run sudo -u dcross getent passwd dcross I get the the same (asterisk) > If you want I will read through your ldap.conf and see if I can see > any problems. > As I said, as it works with an earlier version of libnss-ldap, I am very certain that this is an issue with this version of libnss-ldap. Here are my configs though: /etc/libnss-ldap.conf: host server1.acme.net server2.acme.net base ou=users,dc=acme,dc=net ldap_version 3 binddn cn=view,dc=acme,dc=net bindpw password timelimit 10 bind_timelimit 4 pam_check_host_attr yes nss_base_group ou=groups,dc=acme,dc=net?one ssl start_tls tls_cacertfile /etc/cacert.pem /etc/pam_ldap.conf: host server1.acme.net server2.acme.net base ou=users,dc=acme,dc=net ldap_version 3 binddn cn=view,dc=acme,dc=net bindpw password timelimit 10 bind_timelimit 4 pam_check_host_attr yes pam_password crypt nss_base_group ou=groups,dc=acme,dc=net?one ssl start_tls tls_cacertfile /etc/cacert.pem /etc/ldap/ldap.conf: host server1.acme.net server2.acme.net port 389 timelimit 3 bind_timelimit 3 ssl start_tls tls_cacertfile /etc/cacert.pem sudoers_base ou=sudo,dc=acme,dc=net And tracking the connection on the ldap server in syslog with debug on, which unless I've missed something, shows that it's getting all the info from ldap OK: Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 fd=255 ACCEPT from IP=58.28.6.16:53344 (IP=0.0.0.0:389) Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=0 STARTTLS Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=0 RESULT oid= err=0 text= Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 fd=255 TLS established tls_ssf=128 ssf=128 Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=1 BIND dn="cn=view,dc=wxnz,dc=net" method=128 Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=1 BIND dn="cn=view,dc=wxnz,dc=net" mech=SIMPLE ssf=0 Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=1 RESULT tag=97 err=0 text= Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=2 SRCH base="ou=users,dc=wxnz,dc=net" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=dcross))" Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=3 SRCH base="ou=users,dc=wxnz,dc=net" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=dcross))" Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=4 SRCH base="ou=groups,dc=wxnz,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(|(memberUid=dcross)(uniqueMember=cn=dcross,ou=users,dc=wxnz,dc=net)))" Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=4 SRCH attr=gidNumber Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=4 SEARCH RESULT tag=101 err=0 nentries=3 text= Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=5 SRCH base="ou=groups,dc=wxnz,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(uniqueMember=cn=admin,ou=groups,dc=wxnz,dc=net))" Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=5 SRCH attr=gidNumber Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text= Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=6 SRCH base="ou=groups,dc=wxnz,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(uniqueMember=cn=mail,ou=groups,dc=wxnz,dc=net))" Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=6 SRCH attr=gidNumber Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text= Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=7 SRCH base="ou=groups,dc=wxnz,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(uniqueMember=cn=freerad,ou=groups,dc=wxnz,dc=net))" Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=7 SRCH attr=gidNumber Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text= Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=8 SRCH base="ou=users,dc=wxnz,dc=net" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=dcross))" Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=8 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=8 SEARCH RESULT tag=101 err=0 nentries=1 text= Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=9 SRCH base="ou=users,dc=wxnz,dc=net" scope=2 deref=0 filter="(&(objectClass=shadowAccount)(uid=dcross))" Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=9 SRCH attr=uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire shadowFlag Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text= Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=10 SRCH base="ou=users,dc=wxnz,dc=net" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=dcross))" Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=10 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Sep 18 10:22:05 caliban slapd[1811]: conn=1392569 op=10 SEARCH RESULT tag=101 err=0 nentries=1 text= Regards, -- Daniel Cross Systems Administrator Cell +64 21535975 WorldxChange DDI +64 9 9501354 |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: -bash: [: : integer expression expected: 00026, Howard Wilkinson |
|---|---|
| Next by Date: | Re: slow group membership lookup: 00026, Archur |
| Previous by Thread: | Re: -bash: [: : integer expression expectedi: 00026, Howard Wilkinson |
| Next by Thread: | Re: -bash: [: : integer expression expected: 00026, Daniel Cross |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |