<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<br>
I was trying to log into sunjammer to help out samson with an email
alias and failed to log in.<br>
<br>
<tt>$ ssh sunjammer.sugarlabs.org<br>
Warning: Permanently added the RSA host key for IP address
'208.118.235.53' to the list of known hosts.<br>
Permission denied (publickey).<br>
<br>
</tt>Is this because of the LDAP database problem? I think you
mentioned I needed a real user in sunjammer.<br>
I'd like to help if you can help me access sunjammer again.<br>
<br>
Thanks in advance,<br>
Sebastian<br>
<br>
<div class="moz-cite-prefix">On 04/04/16 10:31, Samuel Cantero
wrote:<br>
</div>
<blockquote
cite="mid:CAGA8R4mVP2=L-RxPV5jnP_BQFdt88=AxHDDKaq-EdMMpkmNWtQ@mail.gmail.com"
type="cite">
<div dir="ltr">I've applied a db_recovery:
<div><br>
</div>
<div>
<div>sunjammer:~# db_recover -v -h /var/lib/ldap</div>
<div>BDB2526 Finding last valid log LSN: file: 1 offset 53062</div>
<div>BDB1518 Recovery complete at Mon Apr 4 11:29:25 2016</div>
<div>BDB1519 Maximum transaction ID 0 recovery checkpoint
[1][53006]</div>
</div>
<div><br>
</div>
<div>As you can see the recovery has completed but I can't still
remove the test user.</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Apr 4, 2016 at 11:22 AM, Samuel
Cantero <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:scanterog@gmail.com" target="_blank">scanterog@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>I can't figure it out what is going on with our LDAP
database. I can't delete the "test" user. I tried it
with:</div>
<div><br>
</div>
<div><font face="monospace, monospace">ldapdelete -x
"uid=test,ou=People,dc=sugarlabs,dc=org"</font><br>
</div>
<div><br>
</div>
<div>and also with ldapvi. None of them worked.</div>
<div><br>
</div>
<div>If I start it in debug mode I can't find anything
broken.</div>
<div><br>
</div>
<div><span style="font-family:monospace"><span
style="color:rgb(0,0,0)">/usr/sbin/slapd -u openldap
-h ldapi:/// -d 256</span><br>
</span></div>
<div><span style="font-family:monospace"><span
style="color:rgb(0,0,0)"><br>
</span></span></div>
<div><font face="arial, helvetica, sans-serif"
color="#000000">But If a try to re-index the db I've
got this:</font></div>
<div><font face="monospace, monospace"><br>
</font></div>
<div>
<div><font face="monospace, monospace">sunjammer:~#
slapindex </font></div>
<div><font face="monospace, monospace"><br>
</font></div>
<div><font face="monospace, monospace"> BDB0061 PANIC:
BDB0087 DB_RUNRECOVERY: Fatal error, run database
recovery</font></div>
<div><font face="monospace, monospace">57028248
bdb(dc=sugarlabs,dc=org): BDB0060 PANIC: fatal
region error detected; run recovery</font></div>
<div><font face="monospace, monospace">57028248
bdb_db_close: database "dc=sugarlabs,dc=org":
txn_checkpoint failed: BDB0087 DB_RUNRECOVERY: Fatal
error, run database recovery (-30973)</font></div>
</div>
<div><font face="monospace, monospace"><br>
</font></div>
<div><font face="arial, helvetica, sans-serif">I'll keep
you updated.</font></div>
</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Apr 4, 2016 at 10:26
AM, Bernie Innocenti <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:bernie@codewiz.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:bernie@codewiz.org">bernie@codewiz.org</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">On
04/04/16 09:40, Samuel Cantero wrote:<br>
> # test, People, <a moz-do-not-send="true"
href="http://sugarlabs.org" rel="noreferrer"
target="_blank">sugarlabs.org</a> <<a
moz-do-not-send="true"
href="http://sugarlabs.org" rel="noreferrer"
target="_blank"><a class="moz-txt-link-freetext" href="http://sugarlabs.org">http://sugarlabs.org</a></a>><br>
> dn: uid=test,ou=People,dc=sugarlabs,dc=org<br>
> uid: test<br>
> cn: Test<br>
> sn: Test<br>
> objectClass: person<br>
> objectClass: organizationalPerson<br>
> objectClass: inetOrgPerson<br>
> *mail: <a moz-do-not-send="true"
href="mailto:als-at@yandex.ru" target="_blank">als-at@yandex.ru</a>
<mailto:<a moz-do-not-send="true"
href="mailto:als-at@yandex.ru" target="_blank">als-at@yandex.ru</a>>*<br>
> displayName: Test<br>
<br>
No shell? Odd. And no entry in the lastlog either.<br>
<br>
From the record ID in ldap, it looks like the user
has been there fore a<br>
long time.<br>
<br>
Moreover, the wtmp and btmp files show signs of
having been tampered<br>
with (note the dates):<br>
<br>
sunjammer:/var/log# ll wtmp*<br>
-rw-rw-r-- 1 root utmp 375K Apr 4 10:19 wtmp<br>
-rw-rw-r-- 1 root root 617K Jun 1 2015
wtmp-20141201<br>
-rw-rw-r-- 1 root root 1023K Jun 1 2015
wtmp-20150601<br>
-rw-rw-r-- 1 root utmp 29K Dec 31 19:07
wtmp-20160101.xz<br>
sunjammer:/var/log# ll btmp*<br>
-rw-rw---- 1 root utmp 7.2M Apr 4 08:29 btmp<br>
-rw-rw---- 1 root utmp 32 Sep 1 2014
btmp-20141001.xz<br>
-rw-rw---- 1 root utmp 32 Oct 1 2014
btmp-20141101.xz<br>
-rw-rw---- 1 root utmp 32 Nov 1 2014
btmp-20141201.xz<br>
-rw-rw---- 1 root utmp 32 Dec 1 2014
btmp-20150101.xz<br>
-rw-rw---- 1 root utmp 32 Jan 1 2015
btmp-20150201.xz<br>
-rw-rw---- 1 root utmp 32 Feb 1 2015
btmp-20150301.xz<br>
-rw-rw---- 1 root utmp 32 Mar 1 2015
btmp-20150401.xz<br>
-rw-rw---- 1 root utmp 32 Apr 1 2015
btmp-20150501.xz<br>
-rw-rw---- 1 root utmp 32 May 1 2015
btmp-20150601.xz<br>
-rw-rw---- 1 root utmp 32 Jun 1 2015
btmp-20160101.xz<br>
<span><font color="#888888"><br>
<br>
--<br>
_ // Bernie Innocenti<br>
\X/ <a moz-do-not-send="true"
href="http://codewiz.org" rel="noreferrer"
target="_blank">http://codewiz.org</a><br>
</font></span></blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Systems mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Systems@lists.sugarlabs.org">Systems@lists.sugarlabs.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sugarlabs.org/listinfo/systems">http://lists.sugarlabs.org/listinfo/systems</a>
</pre>
</blockquote>
<br>
</body>
</html>