I don't want to bore anybody, this might be interesting. My parts are almost all in. This is a really great topic. https://arthurdejong.org/nss-pam-ldapd/setup And with several informative web page a.
On Jan 17, 2018 3:13 PM, "Jörg Saßmannshausen" < sassy-w...@sassy.formativ.net> wrote: > Dear all, > > thanks for all your useful comments. > In the end, and after some debugging, I found the culprit. For one reason > or > another I installed libpam-ldap instead of libpam-ldapd. I guess that was a > typo as libpam-ldapd will be pulled automatically when you are installing > nslcd. > Once I corrected that, both su -l USER and ssh USER@localhost (or from a > remote host to the Ubuntu VDI) are working fast again. > Don't ask me what is the difference between the two, I don't know is the > short > answer here. > > One question: when I was doing some research on the internet, I came across > nslcd and sssd. Which one is 'better'? I know that is a bit of an ambiguous > question to ask but I have not found a page telling me the difference > between > the two. > > Regarding Ubuntu vs. other distros: that is not my choice. Personally I am > in > favour of Debian but that is my personal choice. At the workplace I have to > work with what is their policy. I am not a great fan of having different > distributions floating around at one place as it make the administration a > nightmare (you will be never good at all of them) but we are where we are > here. > > Regarding sudo: that is still a problem on one of the servers: it simply > does > not accept the password. Once I know more here I can report back to you > John. > > Sorry for my slow response here. I am not looking at the email list when I > am > at work and thus it takes me a day or two to reply. > > All the best from a cold London (storm about to come tonight) > > Jörg > > > Am Mittwoch, 17. Januar 2018, 12:08:37 GMT schrieben Sie: > > I would switch to sssd. I had many problems with nslcd (connection, > > cache...). > > > > Best regards > > > > On 16/01/2018 00:35, Jörg Saßmannshausen wrote: > > > Dear all, > > > > > > reading the Cluster Authentication (LDAP,AD) thread which was posted at > > > the > > > end of last year reminds me of a problem we are having. > > > > > > For our Ubuntu 14 virtual machines we are authenticating against AD > and I > > > am using the nslcd daemon to do that. > > > This is working very well in a shell, i.e. when I am doing this in a > > > shell: > > > > > > $ su -l USER > > > > > > It is fast, it is creating the home directory if I need it (or not if I > > > want to mount the file space elsewhere and use a local home) and the > > > standard lookup tools like > > > > > > $ getent password USER > > > > > > are fast as well. > > > > > > However, and here is where I am stuck: when I want to log in to the > > > machine > > > using the GUI, this takes forever. We measures it and it takes up to 90 > > > sec. until it finally works. I also noticed that it is not reading the > > > /etc/nslcd.conf file but either /etc/ldap.conf or /etc/ldap/ldap.conf. > The > > > content of the ldap.conf file is identical with the nslcd.conf file. I > am > > > using TLS and not SSL for the secure connection . > > > Furthermore, and here I am not sure whether it is the same problem or a > > > different one, if I want to ssh into the Ubuntu VM, this also take a > very > > > long time (90 sec) until I can do that. > > > Strangely enough, our HPC cluster is using nslcd as well (I used that > > > nslcd.conf file as a template for the Ubuntu setup), authenticating > > > against the same AD and that works instantaneous. > > > > > > Does anybody has some ideas of where to look at? It somehow puzzles me. > > > I am a bit inclined to say the problem is within Ubuntu 14 as the > cluster > > > is running CentOS and my Debian chroot environment ist Stretch. > > > > > > All the best from London > > > > > > Jörg > > > > > > _______________________________________________ > > > Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin > Computing > > > To change your subscription (digest mode or unsubscribe) visit > > > http://www.beowulf.org/mailman/listinfo/beowulf > > _______________________________________________ > Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing > To change your subscription (digest mode or unsubscribe) visit > http://www.beowulf.org/mailman/listinfo/beowulf >
_______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
