0

If I run lastlog with the option -l and a range, I get

# lastlog -u 1000-
Username         Port     From             Latest
nfsnobody                                  **Never logged in**

However, I specify a uid within the range, I get

# lastlog -u loris
Username         Port     From             Latest
loris            pts/34   160.45.11.110    Tue Jul 26 15:32:45 +0200 2022

The user is also not shown if I just run lastlog without any options - only a bunch of system users are shown.

Specifying a range used to work correctly. Does anyone have any idea what might be going on? The problem occurs on CentOS 7.9.2009.

loris
  • 195
  • 1
  • 11
  • Are your users in `/etc/passwd` or though some other authentication scheme? It appears that `lastlog` uses the password file, not `getent`. – doneal24 Jul 26 '22 at 16:02
  • More correctly, `/etc/passwd` is used when a uid range is specified. `getent` is used when a username is specified. – doneal24 Jul 26 '22 at 16:26
  • The users I am interested in come from LDAP and are not in ```/etc/passwd```, but using a range to obtain them worked up until recently (a CentOS update may however have changed things). Do you have a source for the information about ```/etc/passwd``` being used with a uid range? – loris Jul 27 '22 at 06:35
  • I ran `strace lastlog -u 1000-` to look at system calls. I might have misread the trace. I use `sssd` to authenticate against AD and I do see the sss socket being opened. I have enumerate turned off so a uid search would not turn up anything. Have you changed your `ldap` configuration recently? – doneal24 Jul 27 '22 at 12:36
  • As far as I know the LDAP config hasn't changed recently. I now realize that specifying a range means that the actual existing UID have to be looked up somewhere before the ```lastlog``` database can be queried. Weirdly everything is working correctly on a second similarly configured server (see also https://unix.stackexchange.com/questions/712138/getent-passwd-not-showing-ldap-users-athough-users-can-log-in). – loris Aug 02 '22 at 13:20

0 Answers0