How to get ldap/nss/pam to accept usernames beginning with a number: pam_systemd(gdm-password:session): Failed to get user record: Invalid argument

Question

How to get my ldap/pam/nss stack to accept usernames beginning with a number?

I am installing LDAP/NSS/PAM with the instructions provided by debian. I have tried both libnss-ldap, and libnss-ldapd

They both work...as long as a user's username does not start with a number (or in libnss-ldap case, usernames also can't have a period in them). Unfortunately, all of the usernames in my organization are seven digit numbers!

Here is the error when trying to log in with username 9999999:

...gdm-password][5010]: pam_unix(gdm-password:session): session opened for user 9999999 by (uid=0)
...gdm-password][5010]: pam_systemd(gdm-password:session): Failed to get user record: Invalid argument

Where as here are the same logs when trying to log in with the username test

...gdm-password][5242]: pam_unix(gdm-password:session): session opened for user test by (uid=0)

I am using the version of the libnss-ldap package that is installed with Ubuntu 20.04, which is version 0.9.11-1

Thank you! After hours of investigating this issue on my site, your question pointed me in the right direction. Apparently some tools, when presented a digit-only username, mistake it for a UID. In fact, digit-only usernames are frowned upon in Linux. Anecdotal evidence suggests one can get away with them if the username matches the UID, but I could not try that. At least the coreutils do parse the username to int. — Hermann, Mar 09 '23 at 17:06

How to get ldap/nss/pam to accept usernames beginning with a number: pam_systemd(gdm-password:session): Failed to get user record: Invalid argument

0 Answers0