[Beowulf] cluster authentication part II

[Jörg Saßmannshausen]

Dear all,

reading the Cluster Authentication (LDAP,AD) thread which was posted at the 
end of last year reminds me of a problem we are having.

For our Ubuntu 14 virtual machines we are authenticating against AD and I am 
using the nslcd daemon to do that. 
This is working very well in a shell, i.e. when I am doing this in a shell:

$ su -l USER

It is fast, it is creating the home directory if I need it (or not if I want 
to mount the file space elsewhere and use a local home) and the standard lookup 
tools like 

$ getent password USER

are fast as well.

However, and here is where I am stuck: when I want to log in to the machine 
using the GUI, this takes forever. We measures it and it takes up to 90 sec. 
until it finally works. I also noticed that it is not reading the 
/etc/nslcd.conf file but either /etc/ldap.conf or /etc/ldap/ldap.conf. The 
content of the ldap.conf file is identical with the nslcd.conf file. I am using 
TLS and not SSL for the secure connection .
Furthermore, and here I am not sure whether it is the same problem or a 
different one, if I want to ssh into the Ubuntu VM, this also take a very long 
time (90 sec) until I can do that. 
Strangely enough, our HPC cluster is using nslcd as well (I used that 
nslcd.conf file as a template for the Ubuntu setup), authenticating against the 
same AD and that works instantaneous. 

Does anybody has some ideas of where to look at? It somehow puzzles me. 
I am a bit inclined to say the problem is within Ubuntu 14 as the cluster is 
running CentOS and my Debian chroot environment ist Stretch. 

All the best from London

Jörg