[Beowulf] cluster authentication part II

John Hearns hearnsj at googlemail.com
Mon Jan 15 22:02:25 PST 2018 

Jorg, I do not have the answer for you.  One comment I have is that the GUI
login will use different PAM modules from the command line ssh login.
If you are looking for differences between your CentOS machine and Ubuntu I
would also start by listing the PAM modules.

I speak as someone who has a nagging problem with nslcd - I have two
servers which should be identical, and on one I cannot 'sudo' with my
account.

It is possible to stop the nslcd.service and run nslcd -d in a terminal  -
this did not help me, it might help you.

On 16 January 2018 at 00:35, Jörg Saßmannshausen <
sassy-work at sassy.formativ.net> wrote:

> Dear all,
>
> reading the Cluster Authentication (LDAP,AD) thread which was posted at the
> end of last year reminds me of a problem we are having.
>
> For our Ubuntu 14 virtual machines we are authenticating against AD and I
> am
> using the nslcd daemon to do that.
> This is working very well in a shell, i.e. when I am doing this in a shell:
>
> $ su -l USER
>
> It is fast, it is creating the home directory if I need it (or not if I
> want
> to mount the file space elsewhere and use a local home) and the standard
> lookup
> tools like
>
> $ getent password USER
>
> are fast as well.
>
> However, and here is where I am stuck: when I want to log in to the machine
> using the GUI, this takes forever. We measures it and it takes up to 90
> sec.
> until it finally works. I also noticed that it is not reading the
> /etc/nslcd.conf file but either /etc/ldap.conf or /etc/ldap/ldap.conf. The
> content of the ldap.conf file is identical with the nslcd.conf file. I am
> using
> TLS and not SSL for the secure connection .
> Furthermore, and here I am not sure whether it is the same problem or a
> different one, if I want to ssh into the Ubuntu VM, this also take a very
> long
> time (90 sec) until I can do that.
> Strangely enough, our HPC cluster is using nslcd as well (I used that
> nslcd.conf file as a template for the Ubuntu setup), authenticating
> against the
> same AD and that works instantaneous.
>
> Does anybody has some ideas of where to look at? It somehow puzzles me.
> I am a bit inclined to say the problem is within Ubuntu 14 as the cluster
> is
> running CentOS and my Debian chroot environment ist Stretch.
>
> All the best from London
>
> Jörg
>
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20180116/ce563c84/attachment.html>

More information about the Beowulf mailing list