Hi Jonathan, it is. I tried both, wheel and in the sudoers file. It is asking for the password which I supply (it is my account), it is asking for the password again. The password is correct as I am using it. The interesting thing is: I only got this problem on the headnode but not on the compute nodes. Here it is working as expected. I *should* be the same setup regarding LDAP but obviously it is not. One of my problems is I did not install the cluster and I have already found a number of bugs on it. As it is a live system I cannot run nslcd in the debug mode. Having said that, I am currently installing a sandbox which is a copy of the headnode and I will try to reproduce it there and here I can run nslcd in the debug mode. Hopefully that gives me some ideas of what is going on there.
Thanks for your suggestions. Jörg Am Donnerstag, 18. Januar 2018, 07:47:31 GMT schrieben Sie: > Hi Jorg, > > Is the user added either to the Wheel group or as a user in the sudoers > file? > > Regards > Jonathan > > On 2018-01-17 23:12, Jörg Saßmannshausen wrote: > > Dear all, > > > > thanks for all your useful comments. > > In the end, and after some debugging, I found the culprit. For one > > reason or > > another I installed libpam-ldap instead of libpam-ldapd. I guess that > > was a > > typo as libpam-ldapd will be pulled automatically when you are > > installing > > nslcd. > > Once I corrected that, both su -l USER and ssh USER@localhost (or from > > a > > remote host to the Ubuntu VDI) are working fast again. > > Don't ask me what is the difference between the two, I don't know is > > the short > > answer here. > > > > One question: when I was doing some research on the internet, I came > > across > > nslcd and sssd. Which one is 'better'? I know that is a bit of an > > ambiguous > > question to ask but I have not found a page telling me the difference > > between > > the two. > > > > Regarding Ubuntu vs. other distros: that is not my choice. Personally I > > am in > > favour of Debian but that is my personal choice. At the workplace I > > have to > > work with what is their policy. I am not a great fan of having > > different > > distributions floating around at one place as it make the > > administration a > > nightmare (you will be never good at all of them) but we are where we > > are > > here. > > > > Regarding sudo: that is still a problem on one of the servers: it > > simply does > > not accept the password. Once I know more here I can report back to you > > John. > > > > Sorry for my slow response here. I am not looking at the email list > > when I am > > at work and thus it takes me a day or two to reply. > > > > All the best from a cold London (storm about to come tonight) > > > > Jörg > > > > Am Mittwoch, 17. Januar 2018, 12:08:37 GMT schrieben Sie: > >> I would switch to sssd. I had many problems with nslcd (connection, > >> cache...). > >> > >> Best regards > >> > >> On 16/01/2018 00:35, Jörg Saßmannshausen wrote: > >> > Dear all, > >> > > >> > reading the Cluster Authentication (LDAP,AD) thread which was posted at > >> > the > >> > end of last year reminds me of a problem we are having. > >> > > >> > For our Ubuntu 14 virtual machines we are authenticating against AD and > >> > I > >> > am using the nslcd daemon to do that. > >> > This is working very well in a shell, i.e. when I am doing this in a > >> > shell: > >> > > >> > $ su -l USER > >> > > >> > It is fast, it is creating the home directory if I need it (or not if I > >> > want to mount the file space elsewhere and use a local home) and the > >> > standard lookup tools like > >> > > >> > $ getent password USER > >> > > >> > are fast as well. > >> > > >> > However, and here is where I am stuck: when I want to log in to the > >> > machine > >> > using the GUI, this takes forever. We measures it and it takes up to 90 > >> > sec. until it finally works. I also noticed that it is not reading the > >> > /etc/nslcd.conf file but either /etc/ldap.conf or /etc/ldap/ldap.conf. > >> > The > >> > content of the ldap.conf file is identical with the nslcd.conf file. I > >> > am > >> > using TLS and not SSL for the secure connection . > >> > Furthermore, and here I am not sure whether it is the same problem or a > >> > different one, if I want to ssh into the Ubuntu VM, this also take a > >> > very > >> > long time (90 sec) until I can do that. > >> > Strangely enough, our HPC cluster is using nslcd as well (I used that > >> > nslcd.conf file as a template for the Ubuntu setup), authenticating > >> > against the same AD and that works instantaneous. > >> > > >> > Does anybody has some ideas of where to look at? It somehow puzzles me. > >> > I am a bit inclined to say the problem is within Ubuntu 14 as the > >> > cluster > >> > is running CentOS and my Debian chroot environment ist Stretch. > >> > > >> > All the best from London > >> > > >> > Jörg > >> > > >> > _______________________________________________ > >> > Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin > >> > Computing > >> > To change your subscription (digest mode or unsubscribe) visit > >> > http://www.beowulf.org/mailman/listinfo/beowulf > > > > _______________________________________________ > > Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin > > Computing > > To change your subscription (digest mode or unsubscribe) visit > > http://www.beowulf.org/mailman/listinfo/beowulf _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
