Lyn reported that he couldn’t login to the cs117 account and it seems that the password database entries are missing:
Something is wrong with account cs117. I tried from root to su to cs117, and was told it doesn't exist. And the owner and group for /home/cs117 aren't recognized as known users/groups: [root@puma cs117] su - cs117 su: user cs117 does not exist [root@puma cs117] ls -l /home/cs117 total 8 drwxr-x--- 2 5121 5125 4096 Aug 25 2011 private drwxrwxr-x 2 5121 5125 4096 Sep 12 2011 public_html
Grepping through /etc/passwd on Tempest shows that indeed, that entry is missing. Darn. I looked through the backups of /etc/passwd in /root/snapshots/system/ but even the oldest is only a few months old, and it doesn’t have the missing entries.
So, I added the missing entries just by editing /etc/passwd and /etc/group with Emacs.
[root@tempest ~]# grep cs117 /etc/passwd cs117:x:5121:5125:Inventing Mobile Apps:/home/cs117:/bin/bash [root@tempest ~]# grep cs117 /etc/group cs117:x:5125:
I set the password to a random password:
[root@tempest ~]# /usr/bin/passwd cs117 Changing password for user cs117. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@tempest ~]#
Not being able to restore the correct password is embarrassing, but Lyn will easily be able to change it to one he likes.
Now, we need to propagate these changes to LDAP and to /etc/passwd files on Puma:
[root@tempest ~]# get-ldap-entry cs117 [root@tempest ~]# ldapadduser cs117 adding new entry "uid=cs117,ou=People,dc=cs,dc=wellesley,dc=edu" adding new entry "cn=cs117,ou=Group,dc=cs,dc=wellesley,dc=edu" [root@tempest ~]# get-ldap-entry cs117 dn: uid=cs117,ou=People,dc=cs,dc=wellesley,dc=edu uid: cs117 cn: Inventing Mobile Apps objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: e2NyeXB0fSQ2JHh1OU03QXM0JDdZY3lOOVZqWlVKdlJzV3FBVlRGbFNIQzFDSGU wQ2VZSC5mSGJpZkNxcmxYblB2TUpKdTJZSTdFQmY0UjVON2I5c3l4dXlIVE1XZzlSdXVIWDhUcm9x shadowLastChange: 15573 loginShell: /bin/bash uidNumber: 5121 gidNumber: 5125 homeDirectory: /home/cs117 gecos: Inventing Mobile Apps
Now it’s in LDAP, so we should be able to su to that account on any of the client machines.
[root@tempest ~]# ssh anderson@sampras anderson@sampras's password: Last login: Thu Aug 9 11:13:51 2012 from 149.130.167.203 [anderson@sampras ~] getent passwd cs117 cs117:*:5121:5125:Inventing Mobile Apps:/home/cs117:/bin/bash [anderson@sampras ~] su - cs117 Password: [cs117@sampras ~] id uid=5121(cs117) gid=5125(cs117) groups=5125(cs117) [cs117@sampras ~] ls -l total 8 drwxr-x--- 2 cs117 cs117 4096 Aug 25 2011 private drwxrwxr-x 2 cs117 cs117 4096 Sep 12 2011 public_html [cs117@sampras ~] logout
Good. Last step, we need to copy these entries to Puma’s flat files, since we still don’t have it working as an LDAP client (and may never).
[root@tempest ~]# ssh puma grep cs117 /etc/passwd [root@tempest ~]# acct-copy-to-puma Usage: /root/ldapscripts/acct-copy-to-puma account Copies account data from Tempest to flat files on Puma Run this script on Tempest Warning: this does not check that the account hasn't already been copied [root@tempest ~]# acct-copy-to-puma cs117 cs117.passwd 100% 62 0.1KB/s 00:00 cs117.shadow 100% 117 0.1KB/s 00:00 cs117.group 100% 14 0.0KB/s 00:00 [root@tempest ~]# ssh puma grep cs117 /etc/passwd cs117:x:5121:5125:Inventing Mobile Apps:/home/cs117:/bin/bash [root@tempest ~]#
Okay, we should be all set now. We need to make sure no other accounts are missing like this.