[Beowulf] cluster authentication part II

Jörg Saßmannshausen sassy-work at sassy.formativ.net
Wed Jan 17 15:12:27 PST 2018


Dear all,

thanks for all your useful comments. 
In the end, and after some debugging, I found the culprit. For one reason or 
another I installed libpam-ldap instead of libpam-ldapd. I guess that was a 
typo as libpam-ldapd will be pulled automatically when you are installing 
nslcd.
Once I corrected that, both su -l USER and ssh USER at localhost (or from a 
remote host to the Ubuntu VDI) are working fast again. 
Don't ask me what is the difference between the two, I don't know is the short 
answer here. 

One question: when I was doing some research on the internet, I came across 
nslcd and sssd. Which one is 'better'? I know that is a bit of an ambiguous 
question to ask but I have not found a page telling me the difference between 
the two. 

Regarding Ubuntu vs. other distros: that is not my choice. Personally I am in 
favour of Debian but that is my personal choice. At the workplace I have to 
work with what is their policy. I am not a great fan of having different 
distributions floating around at one place as it make the administration a 
nightmare (you will be never good at all of them) but we are where we are 
here. 

Regarding sudo: that is still a problem on one of the servers: it simply does 
not accept the password. Once I know more here I can report back to you John.

Sorry for my slow response here. I am not looking at the email list when I am 
at work and thus it takes me a day or two to reply.

All the best from a cold London (storm about to come tonight)

Jörg


Am Mittwoch, 17. Januar 2018, 12:08:37 GMT schrieben Sie:
> I would switch to sssd. I had many problems with nslcd (connection,
> cache...).
> 
> Best regards
> 
> On 16/01/2018 00:35, Jörg Saßmannshausen wrote:
> > Dear all,
> > 
> > reading the Cluster Authentication (LDAP,AD) thread which was posted at
> > the
> > end of last year reminds me of a problem we are having.
> > 
> > For our Ubuntu 14 virtual machines we are authenticating against AD and I
> > am using the nslcd daemon to do that.
> > This is working very well in a shell, i.e. when I am doing this in a
> > shell:
> > 
> > $ su -l USER
> > 
> > It is fast, it is creating the home directory if I need it (or not if I
> > want to mount the file space elsewhere and use a local home) and the
> > standard lookup tools like
> > 
> > $ getent password USER
> > 
> > are fast as well.
> > 
> > However, and here is where I am stuck: when I want to log in to the
> > machine
> > using the GUI, this takes forever. We measures it and it takes up to 90
> > sec. until it finally works. I also noticed that it is not reading the
> > /etc/nslcd.conf file but either /etc/ldap.conf or /etc/ldap/ldap.conf. The
> > content of the ldap.conf file is identical with the nslcd.conf file. I am
> > using TLS and not SSL for the secure connection .
> > Furthermore, and here I am not sure whether it is the same problem or a
> > different one, if I want to ssh into the Ubuntu VM, this also take a very
> > long time (90 sec) until I can do that.
> > Strangely enough, our HPC cluster is using nslcd as well (I used that
> > nslcd.conf file as a template for the Ubuntu setup), authenticating
> > against the same AD and that works instantaneous.
> > 
> > Does anybody has some ideas of where to look at? It somehow puzzles me.
> > I am a bit inclined to say the problem is within Ubuntu 14 as the cluster
> > is running CentOS and my Debian chroot environment ist Stretch.
> > 
> > All the best from London
> > 
> > Jörg
> > 
> > _______________________________________________
> > Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> > To change your subscription (digest mode or unsubscribe) visit
> > http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list