[Beowulf] cluster authentication part II

Jonathan Engwall engwalljonathanthereal at gmail.com
Wed Jan 17 16:36:57 PST 2018


I don't want to bore anybody, this might be interesting. My parts are
almost all in. This is a really great topic.
https://arthurdejong.org/nss-pam-ldapd/setup
And with several informative web page a.

On Jan 17, 2018 3:13 PM, "Jörg Saßmannshausen" <
sassy-work at sassy.formativ.net> wrote:

> Dear all,
>
> thanks for all your useful comments.
> In the end, and after some debugging, I found the culprit. For one reason
> or
> another I installed libpam-ldap instead of libpam-ldapd. I guess that was a
> typo as libpam-ldapd will be pulled automatically when you are installing
> nslcd.
> Once I corrected that, both su -l USER and ssh USER at localhost (or from a
> remote host to the Ubuntu VDI) are working fast again.
> Don't ask me what is the difference between the two, I don't know is the
> short
> answer here.
>
> One question: when I was doing some research on the internet, I came across
> nslcd and sssd. Which one is 'better'? I know that is a bit of an ambiguous
> question to ask but I have not found a page telling me the difference
> between
> the two.
>
> Regarding Ubuntu vs. other distros: that is not my choice. Personally I am
> in
> favour of Debian but that is my personal choice. At the workplace I have to
> work with what is their policy. I am not a great fan of having different
> distributions floating around at one place as it make the administration a
> nightmare (you will be never good at all of them) but we are where we are
> here.
>
> Regarding sudo: that is still a problem on one of the servers: it simply
> does
> not accept the password. Once I know more here I can report back to you
> John.
>
> Sorry for my slow response here. I am not looking at the email list when I
> am
> at work and thus it takes me a day or two to reply.
>
> All the best from a cold London (storm about to come tonight)
>
> Jörg
>
>
> Am Mittwoch, 17. Januar 2018, 12:08:37 GMT schrieben Sie:
> > I would switch to sssd. I had many problems with nslcd (connection,
> > cache...).
> >
> > Best regards
> >
> > On 16/01/2018 00:35, Jörg Saßmannshausen wrote:
> > > Dear all,
> > >
> > > reading the Cluster Authentication (LDAP,AD) thread which was posted at
> > > the
> > > end of last year reminds me of a problem we are having.
> > >
> > > For our Ubuntu 14 virtual machines we are authenticating against AD
> and I
> > > am using the nslcd daemon to do that.
> > > This is working very well in a shell, i.e. when I am doing this in a
> > > shell:
> > >
> > > $ su -l USER
> > >
> > > It is fast, it is creating the home directory if I need it (or not if I
> > > want to mount the file space elsewhere and use a local home) and the
> > > standard lookup tools like
> > >
> > > $ getent password USER
> > >
> > > are fast as well.
> > >
> > > However, and here is where I am stuck: when I want to log in to the
> > > machine
> > > using the GUI, this takes forever. We measures it and it takes up to 90
> > > sec. until it finally works. I also noticed that it is not reading the
> > > /etc/nslcd.conf file but either /etc/ldap.conf or /etc/ldap/ldap.conf.
> The
> > > content of the ldap.conf file is identical with the nslcd.conf file. I
> am
> > > using TLS and not SSL for the secure connection .
> > > Furthermore, and here I am not sure whether it is the same problem or a
> > > different one, if I want to ssh into the Ubuntu VM, this also take a
> very
> > > long time (90 sec) until I can do that.
> > > Strangely enough, our HPC cluster is using nslcd as well (I used that
> > > nslcd.conf file as a template for the Ubuntu setup), authenticating
> > > against the same AD and that works instantaneous.
> > >
> > > Does anybody has some ideas of where to look at? It somehow puzzles me.
> > > I am a bit inclined to say the problem is within Ubuntu 14 as the
> cluster
> > > is running CentOS and my Debian chroot environment ist Stretch.
> > >
> > > All the best from London
> > >
> > > Jörg
> > >
> > > _______________________________________________
> > > Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin
> Computing
> > > To change your subscription (digest mode or unsubscribe) visit
> > > http://www.beowulf.org/mailman/listinfo/beowulf
>
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20180117/fac5c973/attachment.html>


More information about the Beowulf mailing list