- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey all, I've been trying to configure LDAP on my Xeon Phi and I'm about ready to pull my hair out trying to get it to work. All of the guides that I've read make it sound pretty straightforward, but I can't seem to get it to work or narrow down why it's not working. I'll try to include as much relevant information as possible, but please ask if there's something else you'd like me to include.
# micctrl --config
mic0:
=============================================================
Config Version: 1.1
Linux Kernel: /usr/share/mpss/boot/bzImage-knightscorner
Map File: /usr/share/mpss/boot/System.map-knightscorner
Family: x100
MPSSVersion: 3.x
BootOnStart: Enabled
Shutdowntimeout: 300 seconds
ExtraCommandLine: highres=off noautogroup
PowerManagment: cpufreq_on;corec6_on;pc3_on;pc6_on
Root Device: Dynamic Ram Filesystem /var/mpss/mic0.image.gz from:
Base: CPIO /usr/share/mpss/boot/initramfs-knightscorner.cpio.gz
Overlay: RPM /opt/mpss/3.7.1/k1om//pam-ldap-1* on
Overlay: RPM /opt/mpss/3.7.1/k1om//pam-plugin-mkhomedir-1* on
Overlay: RPM /opt/mpss/3.7.1/k1om//nss-ldap-2* on
CommonDir: Directory /var/mpss/common
Micdir: Directory /var/mpss/mic0
Network: Static bridge br0
MIC IP: 144.92.98.48
Host IP: 144.92.98.47
Net Bits: 24
NetMask: 255.255.255.0
MtuSize: 9000
Hostname: scarcity-10-mic0.glbrc.org
MIC MAC: 4c:79:ba:82:01:52
Host MAC: 4c:79:ba:82:01:53
LDAP: Enabled
NIS: Disabled
Cgroup:
Memory: Disabled
Console: hvc0
VerboseLogging: Disabled
CrashDump: /var/crash/mic 16GB
# cat /var/mpss/mic0/etc/ldap.conf
URI ldap://144.92.98.248
BASE dc=glbrc,dc=org
bind_policy soft
# cat /var/mpss/mic0/etc/nsswitch.conf
passwd: files ldap nis
group: files ldap nis
shadow: files ldap nis
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
# cat /var/mpss/mic0/etc/pam.d/common-auth
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
auth required pam_permit.so
auth sufficient pam_ldap.so
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
# cat /var/mpss/mic0/etc/ssh/sshd_config
Protocol 2
UsePAM yes
UsePrivilegeSeparation yes
Compression no
ClientAliveInterval 15
ClientAliveCountMax 4
Subsystem sftp /usr/libexec/sftp-server
When I try to run `id <username>` I get the unknown user message and the following line in /var/log/message:
Sep 13 14:28:49 scarcity-10-mic0 user.err id: nss_ldap: could not search LDAP server - Server is unavailable
This led me to think there might be a networking issue, but using tcpdump on the host machine I could see that there was a back and forth between the domain controller and the MIC. I decided to try and play around with the ldap.conf settings and after adding a binduser and associated password, I still got the unknown user message, but nothing in /var/log/messages. I'm at a bit of a loss what to think of that, but even so none of the Intel guides I read mentioned using a binduser, so I didn't spend too much time dwelling.
We are currently using winbind for authentication on the host machine. I don't think that should matter but figured it was worth mentioning. The host machine is running CentOS 6.6 and we are running MPSS 3.7
For reference, this was the guide that I used for the process, along with the MPSS User Guide.
Link Copied
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page