[Beowulf] cluster authentication part II

Prentice Bisbal pbisbal at pppl.gov
Tue Jan 23 14:37:26 PST 2018 

I second this. sssd is much better than nscd or nslcd.

Prentice

On 01/17/2018 06:08 AM, Rémy Dernat wrote:
> I would switch to sssd. I had many problems with nslcd (connection, 
> cache...).
>
> Best regards
>
>
> On 16/01/2018 00:35, Jörg Saßmannshausen wrote:
>> Dear all,
>>
>> reading the Cluster Authentication (LDAP,AD) thread which was posted 
>> at the
>> end of last year reminds me of a problem we are having.
>>
>> For our Ubuntu 14 virtual machines we are authenticating against AD 
>> and I am
>> using the nslcd daemon to do that.
>> This is working very well in a shell, i.e. when I am doing this in a 
>> shell:
>>
>> $ su -l USER
>>
>> It is fast, it is creating the home directory if I need it (or not if 
>> I want
>> to mount the file space elsewhere and use a local home) and the 
>> standard lookup
>> tools like
>>
>> $ getent password USER
>>
>> are fast as well.
>>
>> However, and here is where I am stuck: when I want to log in to the 
>> machine
>> using the GUI, this takes forever. We measures it and it takes up to 
>> 90 sec.
>> until it finally works. I also noticed that it is not reading the
>> /etc/nslcd.conf file but either /etc/ldap.conf or 
>> /etc/ldap/ldap.conf. The
>> content of the ldap.conf file is identical with the nslcd.conf file. 
>> I am using
>> TLS and not SSL for the secure connection .
>> Furthermore, and here I am not sure whether it is the same problem or a
>> different one, if I want to ssh into the Ubuntu VM, this also take a 
>> very long
>> time (90 sec) until I can do that.
>> Strangely enough, our HPC cluster is using nslcd as well (I used that
>> nslcd.conf file as a template for the Ubuntu setup), authenticating 
>> against the
>> same AD and that works instantaneous.
>>
>> Does anybody has some ideas of where to look at? It somehow puzzles me.
>> I am a bit inclined to say the problem is within Ubuntu 14 as the 
>> cluster is
>> running CentOS and my Debian chroot environment ist Stretch.
>>
>> All the best from London
>>
>> Jörg
>>
>> _______________________________________________
>> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
>> To change your subscription (digest mode or unsubscribe) visit 
>> http://www.beowulf.org/mailman/listinfo/beowulf
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit 
> http://www.beowulf.org/mailman/listinfo/beowulf

More information about the Beowulf mailing list