[Beowulf] cluster authentication part II

Jörg Saßmannshausen sassy-work at sassy.formativ.net
Thu Jan 18 03:02:06 PST 2018


Hi Jonathan,

it is. I tried both, wheel and in the sudoers file. It is asking for the 
password which I supply (it is my account), it is asking for the password 
again. The password is correct as I am using it. 
The interesting thing is: I only got this problem on the headnode but not on 
the compute nodes. Here it is working as expected. I *should* be the same 
setup regarding LDAP but obviously it is not. One of my problems is I did not 
install the cluster and I have already found a number of bugs on it. As it is 
a live system I cannot run nslcd in the debug mode. Having said that, I am 
currently installing a sandbox which is a copy of the headnode and I will try 
to reproduce it there and here I can run nslcd in the debug mode. Hopefully 
that gives me some ideas of what is going on there. 

Thanks for your suggestions.

Jörg

Am Donnerstag, 18. Januar 2018, 07:47:31 GMT schrieben Sie:
> Hi Jorg,
> 
> Is the user added either to the Wheel group or as a user in the sudoers
> file?
> 
> Regards
> Jonathan
> 
> On 2018-01-17 23:12, Jörg Saßmannshausen wrote:
> > Dear all,
> > 
> > thanks for all your useful comments.
> > In the end, and after some debugging, I found the culprit. For one
> > reason or
> > another I installed libpam-ldap instead of libpam-ldapd. I guess that
> > was a
> > typo as libpam-ldapd will be pulled automatically when you are
> > installing
> > nslcd.
> > Once I corrected that, both su -l USER and ssh USER at localhost (or from
> > a
> > remote host to the Ubuntu VDI) are working fast again.
> > Don't ask me what is the difference between the two, I don't know is
> > the short
> > answer here.
> > 
> > One question: when I was doing some research on the internet, I came
> > across
> > nslcd and sssd. Which one is 'better'? I know that is a bit of an
> > ambiguous
> > question to ask but I have not found a page telling me the difference
> > between
> > the two.
> > 
> > Regarding Ubuntu vs. other distros: that is not my choice. Personally I
> > am in
> > favour of Debian but that is my personal choice. At the workplace I
> > have to
> > work with what is their policy. I am not a great fan of having
> > different
> > distributions floating around at one place as it make the
> > administration a
> > nightmare (you will be never good at all of them) but we are where we
> > are
> > here.
> > 
> > Regarding sudo: that is still a problem on one of the servers: it
> > simply does
> > not accept the password. Once I know more here I can report back to you
> > John.
> > 
> > Sorry for my slow response here. I am not looking at the email list
> > when I am
> > at work and thus it takes me a day or two to reply.
> > 
> > All the best from a cold London (storm about to come tonight)
> > 
> > Jörg
> > 
> > Am Mittwoch, 17. Januar 2018, 12:08:37 GMT schrieben Sie:
> >> I would switch to sssd. I had many problems with nslcd (connection,
> >> cache...).
> >> 
> >> Best regards
> >> 
> >> On 16/01/2018 00:35, Jörg Saßmannshausen wrote:
> >> > Dear all,
> >> > 
> >> > reading the Cluster Authentication (LDAP,AD) thread which was posted at
> >> > the
> >> > end of last year reminds me of a problem we are having.
> >> > 
> >> > For our Ubuntu 14 virtual machines we are authenticating against AD and
> >> > I
> >> > am using the nslcd daemon to do that.
> >> > This is working very well in a shell, i.e. when I am doing this in a
> >> > shell:
> >> > 
> >> > $ su -l USER
> >> > 
> >> > It is fast, it is creating the home directory if I need it (or not if I
> >> > want to mount the file space elsewhere and use a local home) and the
> >> > standard lookup tools like
> >> > 
> >> > $ getent password USER
> >> > 
> >> > are fast as well.
> >> > 
> >> > However, and here is where I am stuck: when I want to log in to the
> >> > machine
> >> > using the GUI, this takes forever. We measures it and it takes up to 90
> >> > sec. until it finally works. I also noticed that it is not reading the
> >> > /etc/nslcd.conf file but either /etc/ldap.conf or /etc/ldap/ldap.conf.
> >> > The
> >> > content of the ldap.conf file is identical with the nslcd.conf file. I
> >> > am
> >> > using TLS and not SSL for the secure connection .
> >> > Furthermore, and here I am not sure whether it is the same problem or a
> >> > different one, if I want to ssh into the Ubuntu VM, this also take a
> >> > very
> >> > long time (90 sec) until I can do that.
> >> > Strangely enough, our HPC cluster is using nslcd as well (I used that
> >> > nslcd.conf file as a template for the Ubuntu setup), authenticating
> >> > against the same AD and that works instantaneous.
> >> > 
> >> > Does anybody has some ideas of where to look at? It somehow puzzles me.
> >> > I am a bit inclined to say the problem is within Ubuntu 14 as the
> >> > cluster
> >> > is running CentOS and my Debian chroot environment ist Stretch.
> >> > 
> >> > All the best from London
> >> > 
> >> > Jörg
> >> > 
> >> > _______________________________________________
> >> > Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin
> >> > Computing
> >> > To change your subscription (digest mode or unsubscribe) visit
> >> > http://www.beowulf.org/mailman/listinfo/beowulf
> > 
> > _______________________________________________
> > Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin
> > Computing
> > To change your subscription (digest mode or unsubscribe) visit
> > http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list