sewhoami does not produce an output

book

Article ID: 40608

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

 

Issue:
The user logs in with the id and sewhoami returns nothing. sewhoami -a returns "_undefined"
sebuildla -a (building a lookaside table) also does not help the user identification issue.
sesu will also result in "sesu: Cannot determine current user name."

[[email protected]]$ ./sewhoami

[[email protected]]$

[[email protected]]$ ./sesu root

[[email protected]]$ sesu: Cannot determine current user name.

 

 

Environment: 

 

RHEL 6.6

 

PIM 12.9

 

 

 

Cause:

 

The issue can be a derivative of LDAP not having account enumeration set in the environment so PIM is unable to keep tabs on the user so you will lose the ability to sesu and sewhoami will yield no response. Another issue that may arise is a 64-bit SSSD library installed and without a 32-bit library present, no 32-bit application will be able to utilize it i.e. PIM 32-bit version.
 

 

Resolution

 

The ways to correct this are:

 

-ensure auth_login = PAM in the seos.ini is set along with the setting loginappl to use PAM

er LOGINAPPL SSH loginflags(PAMLOGIN)

-user data enumeration not being enabled in the SSSD backend

-They need to install the 32-bit libnss_sss library to allow 32-bit processes to retrieve user and group information, library sssd-client.i686 

Environment

Release:
Component: SEOSU