服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 什么会导致用户在login时更改userid?
Intereting Posts
如何修复Apache(httpd)中的“logjam”漏洞 找不到nginx重写位置 我如何删除/卸载孤立的服务? 需要关于硬盘克隆的build议 如何看Windows XP的开启和closures 为什么我的AWS实例无法访问? Windows 7search不显示映射的Server 2008 R2共享的结果 检查mySql是否安装在服务器上 使用Vagrant进入Windows VirtualBox 如何在多个交换服务器之间共享数据存储? Apache转发到不同的私有端口 如果日志文件中出现错误消息,请重新启动Windows服务 RHEL 5中有一个命令行MIME提取器吗? 在IIS 7中,如何redirect和捕获原始URL? ssh所有机器在路由器后面

什么会导致用户在login时更改userid?

我试图在企业环境中的CentOS机器上诊断问题。 这是离开公司之前configuration的一个盒子。 问题是,当我们向用户gitlab求助时,我们实际上是用户gitauth。 在/ etc或其子目录中没有包含stringgitauth的东西。 这会导致什么? 也许在ActiveDirectory或LDAP中的用户的外部configuration文件? 我的核心问题是 – 我应该寻找什么来指出gitauth用户来自哪里? 

[me@blah ~]$ sudo su - gitlab [gitauth@blah ~]$ id uid=398473190(gitauth) gid=398473190(gitauth) ...

来自authconfig的输出,其中org命名已更改: 

 caching is disabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is disabled LDAP+TLS is disabled LDAP server = "" LDAP base DN = "" nss_nis is disabled NIS server = "" NIS domain = "" nss_nisplus is disabled nss_winbind is disabled SMB workgroup = "" SMB servers = "" SMB security = "user" SMB realm = "" Winbind template shell = "/bin/false" SMB idmap uid = "16777216-33554431" SMB idmap gid = "16777216-33554431" nss_sss is disabled by default nss_wins is disabled nss_mdns4_minimal is disabled DNS preference over NSS or WINS is disabled pam_unix is always enabled shadow passwords are enabled password hashing algorithm is sha512 pam_krb5 is disabled krb5 realm = "MGMT.OURDEPT" krb5 realm via dns is enabled krb5 kdc = "dc2mgmtdirqa01.mgmt.ourdept:88,dc2mgmtdirqa02.mgmt.ourdept:88" krb5 kdc via dns is enabled krb5 admin server = "" pam_ldap is disabled LDAP+TLS is disabled LDAP server = "" LDAP base DN = "" LDAP schema = "rfc2307" pam_pkcs11 is disabled use only smartcard for login is disabled smartcard module = "" smartcard removal action = "" pam_fprintd is disabled pam_winbind is disabled SMB workgroup = "" SMB servers = "" SMB security = "user" SMB realm = "" pam_sss is disabled by default credential caching in SSSD is enabled SSSD use instead of legacy services if possible is enabled IPAv2 is disabled IPAv2 domain was not joined IPAv2 server = "" IPAv2 realm = "" IPAv2 domain = "" pam_cracklib is enabled (try_first_pass retry=3 type=) pam_passwdqc is disabled () pam_access is disabled () pam_mkhomedir or pam_oddjob_mkhomedir is disabled () Always authorize local users is enabled () Authenticate system accounts against network services is disabled

要找出系统获取目录信息的位置(与authentication信息不同) ,请查看/etc/nsswitch.conf 。 找一个以passwd:开头的行passwd: 接下来是正在查询的用户信息的服务列表。 它可能看起来像这样: 

 passwd: files

要么: 

 passwd: files ldap

或者可能: 

 passwd: files sss

甚至: 

 passwd: files winbind

或者上面甚至其他选项的一些组合。

如果它包含ldap ,请查找/etc/nslcd.conf (或者针对旧版CentOS的/etc/ldap.conf )。 如果它包含sss ,请查看/etc/sssd/sssd.conf 。 如果它包含winbind ,请查看/etc/samba/smb.conf中的Sambaconfiguration。 如果包含其他内容,请告诉我们!