I have run into a issue with my system being able to correctly identify a user and their group. I am running CentOS 5.3 and centos-ds 8.1 I have created a user using the managment console. I set up the first name, last name, common name, user id, and password. Under Posix User I set up UID Number: 10009, GID Number: 10009, Home Directory: /home/user, and Shell: /bin/bash. I set up authentication using System > Administration > Authentication. I enabled LDAP support and configured it. Under the options tab I checke "Create home directories on first login." My user can log into the box and can ssh into the box. When I do log in I receive the following error. id: cannot find name for group ID 10009 When I ls -la the users home directory it displays. drwxr-xr-x 15 user 100009 4096 Jun 13 08:26 user I tried creating a "user" group but their is no way to attach a GID to that group so there is no way for LDAP or PAM to associate the two. I googled around but none of the solutions worked for me or seemed to apply to this situation. Thanks for any help! Doug
you need to create a posixgroup object with cn=user and gidnumber=10009 On Sat, Jun 13, 2009 at 9:11 AM, Doug Coats<dcoatshca@gmail.com> wrote:> I have run into a issue with my system being able to correctly identify a > user and their group. > > I am running CentOS 5.3 and centos-ds 8.1 > > I have created a user using the managment console. > > I set up the first name, last name, common name, user id, and password. > Under Posix User I set up UID Number: 10009, GID Number: 10009, Home > Directory: /home/user, and Shell: /bin/bash. > > I set up authentication using System > Administration > Authentication. I > enabled LDAP support and configured it. Under the options tab I checke > "Create home directories on first login." > > My user can log into the box and can ssh into the box. > > When I do log in I receive the following error. > > id: cannot find name for group ID 10009 > > When I ls -la the users home directory it displays. > > drwxr-xr-x 15 user 100009 4096 Jun 13 08:26 user > > I tried creating a "user" group but their is no way to attach a GID to that > group so there is no way for LDAP or PAM to associate the two. > > I googled around but none of the solutions worked for me or seemed to apply > to this situation. > > Thanks for any help! > > Doug > > -- > 389 users mailing list > 389-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > >-- Jazcek Braden
On Sat, 2009-06-13 at 09:11 -0500, Doug Coats wrote:> I have run into a issue with my system being able to correctly > identify a user and their group. > > I am running CentOS 5.3 and centos-ds 8.1 > > I have created a user using the managment console. > > I set up the first name, last name, common name, user id, and > password. Under Posix User I set up UID Number: 10009, GID Number: > 10009, Home Directory: /home/user, and Shell: /bin/bash. > > I set up authentication using System > Administration > > Authentication. I enabled LDAP support and configured it. Under the > options tab I checke "Create home directories on first login." > > My user can log into the box and can ssh into the box. > > When I do log in I receive the following error. > > id: cannot find name for group ID 10009 > > When I ls -la the users home directory it displays. > > drwxr-xr-x 15 user 100009 4096 Jun 13 08:26 user > > I tried creating a "user" group but their is no way to attach a GID to > that group so there is no way for LDAP or PAM to associate the two. > > I googled around but none of the solutions worked for me or seemed to > apply to this situation. > > Thanks for any help! > > Doug<snip>>Since you were able to set the GID, I assume you added the posixGroup object class. You would need to do the same to a group in order to add a GID, I believe. As you probably already know, one would do this by adding a value to objectClass in the advanced properties. I wonder if it is just a matter of time, in other words, perhaps there was a group query before the GID was set and nscd cached it. The default group cache is 3600 seconds which is why we change it to 600 in nscd.conf. I think the command to flush the group cache is nscd -i group or groups. Other than that, I''m not sure. You could enable Access Logging and see what queries are being made. I''ve not found the log screens in centos_idm-console very helpful and typically just look at the access file in /var/log/dirsrv/slapd-xxx/. I do notice there is a substantial delay between when events occur and when they are written to the log. Hope this helps - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society
Thanks for you help John and Braden. I tried using the the Directory Server area of the Console to add the object class "posixgroup" to the Groups, People, user dcoats, and group dcoats. So I make myself clear I did this by double clicking on Directory Server in the Management Console. I then clicked on the Directory tab. I selected my Directory Server Identifier and right clicked on each of the items mentioned above. I selected Advanced Properties, clicked on Object Class from the list, and then clicked on Add Value. I selected posixgroup from the list and I got the following error after I click on OK. Object class violation; missing attribute "gidNumber" required by object class "posixGroup" Any insight would be greatly appreciated. Thanks!>
the object class posixgroup has a required attribute of gidnumber. In the interface that you mentioned it should automatically create this field that is empty on the attribute list of the object. You need to fill a number in there before you try to save the entry. -- Jazcek On Mon, Jun 15, 2009 at 3:45 PM, Doug Coats<dcoatshca@gmail.com> wrote:> Thanks for you help John and Braden. > > I tried using the the Directory Server area of the Console to add the object > class "posixgroup" to the Groups, People, user dcoats, and group dcoats. > > So I make myself clear I did this by double clicking on Directory Server in > the Management Console. I then clicked on the Directory tab. I selected my > Directory Server Identifier and right clicked on each of the items mentioned > above. I selected Advanced Properties, clicked on Object Class from the > list, and then clicked on Add Value. I selected posixgroup from the list > and I got the following error after I click on OK. > > Object class violation; missing attribute "gidNumber" required by object > class "posixGroup" > > Any insight would be greatly appreciated. > > Thanks! > > > > > -- > 389 users mailing list > 389-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > >-- Jazcek Braden
On Mon, 2009-06-15 at 15:45 -0500, Doug Coats wrote:> Thanks for you help John and Braden. > > I tried using the the Directory Server area of the Console to add the > object class "posixgroup" to the Groups, People, user dcoats, and > group dcoats. > > So I make myself clear I did this by double clicking on Directory > Server in the Management Console. I then clicked on the Directory > tab. I selected my Directory Server Identifier and right clicked on > each of the items mentioned above. I selected Advanced Properties, > clicked on Object Class from the list, and then clicked on Add Value. > I selected posixgroup from the list and I got the following > error after I click on OK. > > Object class violation; missing attribute "gidNumber" required by > object class "posixGroup" > > Any insight would be greatly appreciated. > > Thanks! > <snip> >Sounds like you''re getting close. Once you add the objectClass posixgroup, you need to enter a value for the gidNumber attribute which should now magically appear in the advanced properties list. Hope this helps - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society
That did it. Thanks for pointing out the obvious. For those coming after me. Create a group with the same name as the user. Add the posixgroup to that groups Objectclass. Fill in the gidnumber with the same gid number you used when you created the user. Now it shows up as expected when I list the directory and I get no error on changing to that user. One last question on this topic. Is there a way to get that show up in the form that you create the group from? It would be nice not to have to do that for each user group that you create. That being said I will probably just create a large ldif file will all my user and group information. Is this the place just to import it set up correctly so that I don''t waste my time trying to tweak the form? Thanks again!
On Mon, 2009-06-15 at 17:03 -0500, Doug Coats wrote:> That did it. Thanks for pointing out the obvious. > > For those coming after me. Create a group with the same name as the > user. Add the posixgroup to that groups Objectclass. Fill in the > gidnumber with the same gid number you used when you created the user. > > Now it shows up as expected when I list the directory and I get no > error on changing to that user. > > One last question on this topic. Is there a way to get that show up > in the form that you create the group from? It would be nice not to > have to do that for each user group that you create. > > That being said I will probably just create a large ldif file will all > my user and group information. Is this the place just to import it > set up correctly so that I don''t waste my time trying to tweak the > form? > > Thanks again!<snip> I suppose anyone comfortable enough with Java could add a page for groups similar the to page for users which offers to create a Posix user and then submit it to the development team for consideration. In my case, I bent the rules a little bit and added the posixgroup objectclass to my users to account for the user group. That may come back to bite me. I might also add there is a small problem in the KDE environment where Konqueror does not query LDAP for groups. One of the developers was kind enough to write a patch for me so KDE 3.5 behaved properly and the patch is being included in the next update for KDE 4.x I believe. Take care - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society