Hi Jorg,
Is the user added either to the Wheel group or as a user in the sudoers
file?
Regards
Jonathan
On 2018-01-17 23:12, Jörg Saßmannshausen wrote:
Dear all,
thanks for all your useful comments.
In the end, and after some debugging, I found the culprit. For one
reason or
another I installed libpam-ldap instead of libpam-ldapd. I guess that
was a
typo as libpam-ldapd will be pulled automatically when you are
installing
nslcd.
Once I corrected that, both su -l USER and ssh USER@localhost (or from
a
remote host to the Ubuntu VDI) are working fast again.
Don't ask me what is the difference between the two, I don't know is
the short
answer here.
One question: when I was doing some research on the internet, I came
across
nslcd and sssd. Which one is 'better'? I know that is a bit of an
ambiguous
question to ask but I have not found a page telling me the difference
between
the two.
Regarding Ubuntu vs. other distros: that is not my choice. Personally I
am in
favour of Debian but that is my personal choice. At the workplace I
have to
work with what is their policy. I am not a great fan of having
different
distributions floating around at one place as it make the
administration a
nightmare (you will be never good at all of them) but we are where we
are
here.
Regarding sudo: that is still a problem on one of the servers: it
simply does
not accept the password. Once I know more here I can report back to you
John.
Sorry for my slow response here. I am not looking at the email list
when I am
at work and thus it takes me a day or two to reply.
All the best from a cold London (storm about to come tonight)
Jörg
Am Mittwoch, 17. Januar 2018, 12:08:37 GMT schrieben Sie:
I would switch to sssd. I had many problems with nslcd (connection,
cache...).
Best regards
On 16/01/2018 00:35, Jörg Saßmannshausen wrote:
> Dear all,
>
> reading the Cluster Authentication (LDAP,AD) thread which was posted at
> the
> end of last year reminds me of a problem we are having.
>
> For our Ubuntu 14 virtual machines we are authenticating against AD and I
> am using the nslcd daemon to do that.
> This is working very well in a shell, i.e. when I am doing this in a
> shell:
>
> $ su -l USER
>
> It is fast, it is creating the home directory if I need it (or not if I
> want to mount the file space elsewhere and use a local home) and the
> standard lookup tools like
>
> $ getent password USER
>
> are fast as well.
>
> However, and here is where I am stuck: when I want to log in to the
> machine
> using the GUI, this takes forever. We measures it and it takes up to 90
> sec. until it finally works. I also noticed that it is not reading the
> /etc/nslcd.conf file but either /etc/ldap.conf or /etc/ldap/ldap.conf. The
> content of the ldap.conf file is identical with the nslcd.conf file. I am
> using TLS and not SSL for the secure connection .
> Furthermore, and here I am not sure whether it is the same problem or a
> different one, if I want to ssh into the Ubuntu VM, this also take a very
> long time (90 sec) until I can do that.
> Strangely enough, our HPC cluster is using nslcd as well (I used that
> nslcd.conf file as a template for the Ubuntu setup), authenticating
> against the same AD and that works instantaneous.
>
> Does anybody has some ideas of where to look at? It somehow puzzles me.
> I am a bit inclined to say the problem is within Ubuntu 14 as the cluster
> is running CentOS and my Debian chroot environment ist Stretch.
>
> All the best from London
>
> Jörg
>
> _______________________________________________
> Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin
Computing
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
