Home / server / Questions / 529998
Accepted
Don Branson
Asked: 2013-08-10 16:35:05 +0800 CST

What would cause a user to change userid on login?

  • 772

I'm trying to diagnose a problem on a CentOS machine in a corporate environment. It's a box someone else configured before leaving the company. The issue is that when we su to the user gitlab, we're actually the user gitauth. There's nothing in /etc or its subdirs that contains the string gitauth. What would cause this? Perhaps an external profile for the user in ActiveDirectory or LDAP? My core question is - what should I look for to point to where the gitauth user is coming from?

[me@blah ~]$ sudo su - gitlab
[gitauth@blah ~]$ id
uid=398473190(gitauth) gid=398473190(gitauth) ...

Output from authconfig, with org named changed:

caching is disabled
nss_files is always enabled
nss_compat is disabled
nss_db is disabled
nss_hesiod is disabled
 hesiod LHS = ""
 hesiod RHS = ""
nss_ldap is disabled
 LDAP+TLS is disabled
 LDAP server = ""
 LDAP base DN = ""
nss_nis is disabled
 NIS server = ""
 NIS domain = ""
nss_nisplus is disabled
nss_winbind is disabled
 SMB workgroup = ""
 SMB servers = ""
 SMB security = "user"
 SMB realm = ""
 Winbind template shell = "/bin/false"
 SMB idmap uid = "16777216-33554431"
 SMB idmap gid = "16777216-33554431"
nss_sss is disabled by default
nss_wins is disabled
nss_mdns4_minimal is disabled
DNS preference over NSS or WINS is disabled
pam_unix is always enabled
 shadow passwords are enabled
 password hashing algorithm is sha512
pam_krb5 is disabled
 krb5 realm = "MGMT.OURDEPT"
 krb5 realm via dns is enabled
 krb5 kdc = "dc2mgmtdirqa01.mgmt.ourdept:88,dc2mgmtdirqa02.mgmt.ourdept:88"
 krb5 kdc via dns is enabled
 krb5 admin server = ""
pam_ldap is disabled
 LDAP+TLS is disabled
 LDAP server = ""
 LDAP base DN = ""
 LDAP schema = "rfc2307"
pam_pkcs11 is disabled
 use only smartcard for login is disabled
 smartcard module = ""
 smartcard removal action = ""
pam_fprintd is disabled
pam_winbind is disabled
 SMB workgroup = ""
 SMB servers = ""
 SMB security = "user"
 SMB realm = ""
pam_sss is disabled by default
 credential caching in SSSD is enabled
 SSSD use instead of legacy services if possible is enabled
IPAv2 is disabled
IPAv2 domain was not joined
 IPAv2 server = ""
 IPAv2 realm = ""
 IPAv2 domain = ""
pam_cracklib is enabled (try_first_pass retry=3 type=)
pam_passwdqc is disabled ()
pam_access is disabled ()
pam_mkhomedir or pam_oddjob_mkhomedir is disabled ()
Always authorize local users is enabled ()
Authenticate system accounts against network services is disabled
linux

1 Answers

  1. Best Answer

    To find out where a system is getting directory information -- which is distinct from authentication information -- look in /etc/nsswitch.conf. Look for a line that starts with passwd:; this will be followed by a list of services being queried for user information. It might look something like this:

    passwd: files

    Or:

    passwd: files ldap

    Or maybe:

    passwd: files sss

    Or even:

    passwd: files winbind

    Or some combination of the above and possibly even other options.

    If it contains ldap, look for /etc/nslcd.conf (or /etc/ldap.conf for older versions of CentOS). If it contains sss, look in /etc/sssd/sssd.conf. If it contains winbind, look at your Samba configuration in /etc/samba/smb.conf. If contains something else, let us know!

    • 4