Encountered a very strange problem recently. I could ssh to my FreeBSD box, but from my FreeBSD box I could not ssh anywhere else and kept receiving the following error message every time I tried to ssh to another system: “You don’t exist, go away!”
`--> ssh microsoft.com You don't exist, go away! `--> ssh google.com You don't exist, go away! `--> ssh netbsd You don't exist, go away!
What made this strange was the output from “id” command:
`--> id uid=8101 gid=5000 groups=5000,0(wheel),80,5001,44575
The output from “id” was strange because in addition to my numeric uid of 8101, and numeric gid of 5000 it should have also shown the output of the username for uid 8101 and the group name for gid 5000. However, that did not happen. Only the numeric values were shown, except for the auxiliary group 0 (wheel). This lead me to the next clue that the missing values were not being fetched from the ldap server. The clue is the wheel group is local. To test my assumption I performed “getent passwd” to see if ldap accounts would appear:
`--> getent passwd root:*:0:0:Uncle Charlie:/root:/bin/csh daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5:System &:/:/usr/sbin/nologin bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8:News Subsystem:/:/usr/sbin/nologin man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin ...edited for clarity... amanda:*:140:140:Amanda Daemon:/nonexistent:/usr/sbin/nologin puppet:*:814:814:Puppet Daemon:/nonexistent:/sbin/nologin
My assumption was correct. The ldap accounts were not being read. Well, the next logical step was to consult the /etc/nsswitch.conf file, which was valid with correct entries:
# # nsswitch.conf(5) - name service switch configuration file # $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1 2009/08/03 08:13:06 kensmith Exp $ # group: files ldap hosts: files dns networks: files passwd: files ldap ...edited...
What about the /opt/etc/nss_ldap file?
`--> cat /opt/etc/nss_ldap.conf cat: /opt/etc/nss_ldap.conf: Permission denied
Ah, ha! I think I know what the problem might be:
`--> ls -l /opt/etc/nss_ldap.conf lrwxr-xr-x 1 root wheel 18 Mar 23 2011 /opt/etc/nss_ldap.conf -> /usr/local/etc/ldap.conf `--> ls -lL /opt/etc/nss_ldap.conf -rw------- 1 root wheel 579 Sep 17 09:40 /usr/local/etc/nss_ldap.conf
Got it! Do you know what the problem was? It was not because nss_ldap was a symbolic link to ldap.conf. I’ll leave this up to the reader. But after the fix, the “id” command showed the proper output as expected:
`--> id uid=8101(swinful) gid=5000(winfulco) groups=5000(winfulco),0(wheel),80(www),5001(users),44575(Directory Administrators)
I got the same error, however I didn’t find this article till afterwords, so I just did this: `chsh -s /bin/zsh`… (as I am using zsh), however it said nothing was changed, so I had to `chsh -s /bin/bash` and then `chsh -s /bin/zsh`
Forgot to add that this was on a OSX Lion
Hi Andrew,
I know you received this error while on OSX Lion. But, do you know what was the cause? Was the cause the same as mine with bad permission on your ldap.conf file or something else?
Thanks,
-swinful
I got the same error and repairing the permissions from the Disk Utility worked
Cool, thanks for sharing!! 😉
Cheers,
-swinful
I had this same problem. Repairing permissions did not fix it. I opened user preferences, authenticated, opened my advanced options and clicked ok. Everything works fine now.
Had the same error after a disk hangup, where I had to cold stop and start Mac book Pro on power buttom.
– “id” did not show my username
– “sudo” – sudo: unknown uid: 501
After reboot the problem has gone … BUT
– Several problems show up on “Disk Utility” “Verify Permissions”
– Ran a “Disk Utility” “Repair Permissions”, and several links and permisisons were fixed.
Still no answer on what actually went wrong, but things wwork a expected now.
regards Martin
Hi Martin,
Thank you for sharing and I am glad everything worked out without too much fuss!
Cheers!
-swinful