A networking community dedicated to improving infrastructure, workflows, and support across the Entertainment Industry.

Follow StudioSysAdmins on:

Login | Sign Me Up

Sponsors

Sponsor Products

MoSMB Black Friday Offer   posted by Ryussi Technologies

AMPD Remote Render Solution...   posted by AMPD Technologies

Register to attend Spectra ...   posted by Spectra Logic Corporation

Qumulo Announces $125M Fina...   posted by Qumulo

WHAT TO DO IN THESE CHALLEN...   posted by Ergi

Rocky 9.2 pcoip software cl...   posted by Trevor M.

StudioSysadmins Slack #disc...   posted by SimonHe

Looking for some VFX Tutorials   posted by Dina Callahan

nslcd strangeness.
posted by Greg Whynott  on March 15, 2018, 4:45 p.m. (5 years, 8 months, 15 days ago)
0 Responses     0 Plus One's     0 Comments
Eventually I'll roll everything over to sssd but for now we are using good old nslcd. While this isn't causing any production issues I thought I'd bring it up to see if anyone happens to know why the below behavior is what it is. Everytime someone logs into a system or does something where a lookup is going to happen, we would see a lot of lines in the logs similar to: CN=Exchange All Hosted Organizations,OU=Microsoft Exchange Security Groups,DC=toonboxent,DC=com: gidNumber: missingCN=Exchange Windows Permissions,OU=Microsoft Exchange Security Groups,DC=toonboxent,DC=com: gidNumber: missingCN=Exchange Install Domain Servers,CN=Microsoft Exchange System Objects,DC=toonboxent,DC=com: gidNumber: missing While I was fixing the AD and testing my changes I noticed that if I log in, nslcd would do the look up on the current logged in user in stead. Sounds confusing, I'll try to explain. (this behavior existed pre and post my AD changes, it isn't the result of any changes I made today) on a machine with t.tiger logged in and working away, if I SSH to that machine as myself (ssh g.whynott@df001) instead of me seeing: Mar 15 16:24:35 df001 nslcd[1310]: [6f4b97] <group/member="g.whynott"> CN=Schema Admins,CN=Users,DC=toonboxent,DC=com: gidNumber: missingMar 15 16:24:35 df001 nslcd[1310]: [6f4b97] <group/member="g.whynott"> CN=Public Folder Management,OU=Microsoft Exchange Security Groups,DC=toonboxent,DC=com: gidNumber: missing what I instead see is: Mar 15 16:24:35 df001 systemd: Started Session 5819 of user g.whynott.Mar 15 16:24:35 df001 systemd-logind: New session 5819 of user g.whynott.Mar 15 16:24:35 df001 systemd: Starting Session 5819 of user g.whynott.Mar 15 16:24:35 df001 gdm: AccountsService: ActUserManager: user (null) has no username (object path: /org/freedesktop/Accounts/User717751540, uid: 0)Mar 15 16:24:35 df001 nslcd[1310]: [6f4b97] <group/member="t.tiger"> CN=Schema Admins,CN=Users,DC=toonboxent,DC=com: gidNumber: missingMar 15 16:24:35 df001 nslcd[1310]: [6f4b97] <group/member="t.tiger"> CN=Public Folder Management,OU=Microsoft Exchange Security Groups,DC=toonboxent,DC=com: gidNumber: missing No matter who is logging after the system is being used by someone, it'll do the look up on the first person logged in instead of the inbound user... nslcd is running as itself: nslcd 1138 1 0 Mar09 ? 00:00:14 /usr/sbin/nslcd Now this isn't affecting anything from what we can tell, it's been using the same configuration for about 7 years now over multiple distributions (can't say if the logging behavior is the same though). Users log in, groups are correctly displayed and used, files created with proper ownerships... Its just more of an ascetic (read ADHD) thing than anything, but I'd like to understand why its doing a lookup on someone other than the UID requesting AAA lookups. Going further, now that our AD groups all have proper gidNubers assigned to them, we won't be seeing these logs anymore, but stilll!!!!! wtf? -greg
Thread Tags:   discuss-at-studiosysadmins

No Jobs Currently Posted

AMPD Presents: A New Paradi...   posted by AMPD Technologies

Remote movie production and...   posted by CineSys Inc.

Work from Anywhere: How to ...   posted by CineSys Inc.

Extending Online Media Prod...   posted by CineSys Inc.