[Beowulf] cluster authentication part II

jaquilina jaquilina at eagleeyet.net
Wed Jan 17 23:47:31 PST 2018


Hi Jorg,

Is the user added either to the Wheel group or as a user in the sudoers 
file?

Regards
Jonathan

On 2018-01-17 23:12, Jörg Saßmannshausen wrote:
> Dear all,
> 
> thanks for all your useful comments.
> In the end, and after some debugging, I found the culprit. For one 
> reason or
> another I installed libpam-ldap instead of libpam-ldapd. I guess that 
> was a
> typo as libpam-ldapd will be pulled automatically when you are 
> installing
> nslcd.
> Once I corrected that, both su -l USER and ssh USER at localhost (or from 
> a
> remote host to the Ubuntu VDI) are working fast again.
> Don't ask me what is the difference between the two, I don't know is 
> the short
> answer here.
> 
> One question: when I was doing some research on the internet, I came 
> across
> nslcd and sssd. Which one is 'better'? I know that is a bit of an 
> ambiguous
> question to ask but I have not found a page telling me the difference 
> between
> the two.
> 
> Regarding Ubuntu vs. other distros: that is not my choice. Personally I 
> am in
> favour of Debian but that is my personal choice. At the workplace I 
> have to
> work with what is their policy. I am not a great fan of having 
> different
> distributions floating around at one place as it make the 
> administration a
> nightmare (you will be never good at all of them) but we are where we 
> are
> here.
> 
> Regarding sudo: that is still a problem on one of the servers: it 
> simply does
> not accept the password. Once I know more here I can report back to you 
> John.
> 
> Sorry for my slow response here. I am not looking at the email list 
> when I am
> at work and thus it takes me a day or two to reply.
> 
> All the best from a cold London (storm about to come tonight)
> 
> Jörg
> 
> 
> Am Mittwoch, 17. Januar 2018, 12:08:37 GMT schrieben Sie:
>> I would switch to sssd. I had many problems with nslcd (connection,
>> cache...).
>> 
>> Best regards
>> 
>> On 16/01/2018 00:35, Jörg Saßmannshausen wrote:
>> > Dear all,
>> >
>> > reading the Cluster Authentication (LDAP,AD) thread which was posted at
>> > the
>> > end of last year reminds me of a problem we are having.
>> >
>> > For our Ubuntu 14 virtual machines we are authenticating against AD and I
>> > am using the nslcd daemon to do that.
>> > This is working very well in a shell, i.e. when I am doing this in a
>> > shell:
>> >
>> > $ su -l USER
>> >
>> > It is fast, it is creating the home directory if I need it (or not if I
>> > want to mount the file space elsewhere and use a local home) and the
>> > standard lookup tools like
>> >
>> > $ getent password USER
>> >
>> > are fast as well.
>> >
>> > However, and here is where I am stuck: when I want to log in to the
>> > machine
>> > using the GUI, this takes forever. We measures it and it takes up to 90
>> > sec. until it finally works. I also noticed that it is not reading the
>> > /etc/nslcd.conf file but either /etc/ldap.conf or /etc/ldap/ldap.conf. The
>> > content of the ldap.conf file is identical with the nslcd.conf file. I am
>> > using TLS and not SSL for the secure connection .
>> > Furthermore, and here I am not sure whether it is the same problem or a
>> > different one, if I want to ssh into the Ubuntu VM, this also take a very
>> > long time (90 sec) until I can do that.
>> > Strangely enough, our HPC cluster is using nslcd as well (I used that
>> > nslcd.conf file as a template for the Ubuntu setup), authenticating
>> > against the same AD and that works instantaneous.
>> >
>> > Does anybody has some ideas of where to look at? It somehow puzzles me.
>> > I am a bit inclined to say the problem is within Ubuntu 14 as the cluster
>> > is running CentOS and my Debian chroot environment ist Stretch.
>> >
>> > All the best from London
>> >
>> > Jörg
>> >
>> > _______________________________________________
>> > Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
>> > To change your subscription (digest mode or unsubscribe) visit
>> > http://www.beowulf.org/mailman/listinfo/beowulf
> 
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin 
> Computing
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf


More information about the Beowulf mailing list