[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Screen In An Active Directory Environment
|
From: |
Bob Proulx |
|
Subject: |
Re: Screen In An Active Directory Environment |
|
Date: |
Sun, 21 Jan 2018 10:39:36 -0700 |
|
User-agent: |
Mutt/1.9.2 (2017-12-15) |
Tim Daneliuk wrote:
> I am attempting to use screen in an RH7 environment wherein users
> are managed centrally from AD somehow. screen blows out with:
>
> getpwuid() can't identify your account
What does 'whoami' say in that same case? IIRC the traditional legacy
Unix version would print "Intruder alert!"
> Evidently, this is because the user does not appear in /etc/passwd.
>
> Is there a workaround?
This problem would likely be more complex than simply not appearing in
the /etc/passwd file. Because the /etc/passwd file is simply one of
the possible configured databases.
Please check the configuration of /etc/nsswitch.conf file. That is
the Name Service Switch (NSS) configuration file used by libc and the
getpwuid() libc library routine to return this information. On a
typical single user standalone system:
grep passwd /etc/nsswitch.conf
passwd: compat
Mine says "compat" which is the traditional legacy Unix format for the
files. It might also say something such as:
passwd: files ldap
Or:
passwd: files winbind
Or you get the idea. It might say other things. I am not the expert
in this area but I see it has been some days and no one else had a
response for you so decided to contribute what I know. The
nsswitch.conf file configures libc as to how to find the various
database data such as the passwd account database.
This is to say that with the /etc/nsswitch.conf configured accounts
might not be listed in /etc/passwd and that is okay. libc will find
them using the configuration provided.
The best utility to return this information is 'getent'. That is the
libc command utility that returns the same information that a C
program would return. Use it like this:
getent passwd yourloginhere
Here is an example from my standalone system for me.
getent passwd rwp
rwp:x:1000:1000:Bob Proulx:/home/bob:/bin/bash
In the above it was a local entry but in an NIS/yp environment, or
LDAP, or MySQL, or whatever then it would have returned that
information from the networked database and the account information
would not have been listed in /etc/passwd directly.
The getpwuid() libc library routine works by reading the
/etc/nsswitch.conf file to set the configuration. Then it follows
that configuration. This is almost certainly going to look in local
files first by convention. And IMNHO that is the only correct
configuration. Local files should always be checked first and allowed
to override non-local networked files. But it is also possible for it
to be *misconfigured* by /etc/nsswitch.conf and broken.
So now that we know how getpwuid() works you should verify how this is
configured on your system with the problem. It is very likely in some
state of misconfiguration that needs to be repaired. But it might
also be a bug in screen too.
What does 'getent passwd $USER' say in this case? What does 'whoami'
say in this case? If they fail then the problem is most certainly in
the system configuration. If they are providing correct looking data
then it is possible there is a problem with screen's handling of the
data. Perhaps it is too long? Perhaps it contains invalid
characters? That type of thing. I haven't looked at the screen code
(I am not one of the maintainers but simply another happy screen user)
and do not know. But I would start there.
Bob