3:52 p.m.
I am having a problem with sudo when I am running in a TSL/SSL connection, I
am able to ssh into the client and verified that the connection is secure,
but once logged in to the client machine I am unable to use sudo.
I am seeing multiple re-tries in the access logs that appear to close,:
When I do the same thing without a TLS/SSL connection sudo works fine.
Here is what I am seeing in the log
31/Jul/2007:15:48:18 -0500] conn=607 fd=74 slot=74 connection from <ipaddr>
to <ipaddr>
[31/Jul/2007:15:48:18 -0500] conn=607 op=0 EXT oid="1.3.6.1.4.1.1466.20037"
name="startTLS"
[31/Jul/2007:15:48:18 -0500] conn=607 op=0 RESULT err=0 tag=120 nentries=0
etime=0
[31/Jul/2007:15:48:18 -0500] conn=607 SSL 256-bit AES
[31/Jul/2007:15:48:18 -0500] conn=607 op=1 UNBIND
[31/Jul/2007:15:48:18 -0500] conn=607 op=1 fd=74 closed - U1
and eventually, I get
sudo: uid 1000 does not exist in the passwd file!
for the user config, it is simple, the user exists in ldap, the group exists
on the box (wheel) and I give the user in ldap a gid of 10
-bash-3.1$ id
uid=1000(testuser) gid=10(wheel) groups=10(wheel)
Thoughts?
Greg
10:07 a.m.
On 7/31/07, Greg Hetrick <greg.hetrick(a)gmail.com> wrote:
I am having a problem with sudo when I am running in a TSL/SSL
connection, I
am able to ssh into the client and verified that the connection is secure,
but once logged in to the client machine I am unable to use sudo.
I am seeing multiple re-tries in the access logs that appear to close,:
When I do the same thing without a TLS/SSL connection sudo works fine.
and eventually, I get
sudo: uid 1000 does not exist in the passwd file!
Based on the symptoms and logs, this sounds more like a client problem
than a problem with FDS. What OS / distro are you running? What does
your /etc/ldap.conf look like? Recent versions of Fedora, for
example, are fairly strict in how /etc/ldap.conf is configured. The
following configuration works for me, although it could probably be
improved:
uri ldaps://ldap1.example.com/ ldaps://ldap2.example.com/
ssl on
tls_cacertfile /etc/pki/tls/certs/ca-localauthority.crt
host ldap1.example.com ldap2.example.com
Josh Kelley
2:31 p.m.
This client is RHEL 5 -- I tried various different configs including the one
you paste below.
What I did find out eventually, is that sudo on rhel 5 is compiled with
libldap support, this was not the case in rhel 4.5 -- so I recompiled and
re-installed the rpm to exclude libldap support and it now it works fine.
Thanks,
Greg
On 8/1/07, Josh Kelley <joshkel(a)gmail.com> wrote:
On 7/31/07, Greg Hetrick <greg.hetrick(a)gmail.com> wrote:
> I am having a problem with sudo when I am running in a TSL/SSL
connection, I
> am able to ssh into the client and verified that the connection is
secure,
> but once logged in to the client machine I am unable to use sudo.
>
> I am seeing multiple re-tries in the access logs that appear to close,:
>
> When I do the same thing without a TLS/SSL connection sudo works fine.
>
> and eventually, I get
>
> sudo: uid 1000 does not exist in the passwd file!
Based on the symptoms and logs, this sounds more like a client problem
than a problem with FDS. What OS / distro are you running? What does
your /etc/ldap.conf look like? Recent versions of Fedora, for
example, are fairly strict in how /etc/ldap.conf is configured. The
following configuration works for me, although it could probably be
improved:
uri ldaps://ldap1.example.com/ ldaps://ldap2.example.com/
ssl on
tls_cacertfile /etc/pki/tls/certs/ca-localauthority.crt
host ldap1.example.com ldap2.example.com
Josh Kelley
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
6106
days inactive
6107
days old
389-users@lists.fedoraproject.org
2 comments
2 participants
participants (2)
-
Greg Hetrick -
Josh Kelley