Software Archive
Read-only legacy content
17061 Discussions

LDAP configuration problems

Alfonso_P_
Beginner
‎07-03-2014 04:40 AM
463 Views

Dear all,

I have a node with two Xeon Phi (mic0 and mic1). I have configured the LDAP support by the Intel manual: https://software.intel.com/en-us/articles/setting-up-ldap-support-for-intel-xeon-phi-coprocessors

The configuration was successfully and I can login with my LDAP account in the mic0, but I the LDAP configuration don't work in mic1.

The LDAP and PAM are the same in both Xeon Phi:

/var/mpss/mic0/etc/ldap.conf
/var/mpss/mic0/etc/ssh/sshd_config
/var/mpss/mic0/etc/pam.d/common-auth
/var/mpss/mic0/etc/nsswitch.confetc/mpss/mic0.conf

If I run "id apardo" inside Xeon Phi Mic0 I get:
id apardo
uid=1002(apardo) gid=530(use)

But if I run the same command inside Xeon Phi Mic1 I get:
id apardo
id: unknown user apardo


This is my micctrl --config

mic0:
=============================================================
    Config Version: 1.1

    Linux Kernel:   /usr/share/mpss/boot/bzImage-knightscorner
    BootOnStart:    Enabled
    Shutdowntimeout: 300 seconds

    ExtraCommandLine: highres=off
    PowerManagment: cpufreq_on;corec6_off;pc3_on;pc6_off

    Root Device:   Dynamic Ram Filesystem /var/mpss/mic0.image.gz from:
    Base:      CPIO /usr/share/mpss/boot/initramfs-knightscorner.cpio.gz
    Overlay    RPM /root/phi/mpss-3.2.3/k1om/nss-ldap-265-r0.k1om.rpm on
    Overlay    RPM /root/phi/mpss-3.2.3/k1om/pam-ldap-186-r0.k1om.rpm on
    Overlay    Simple /root/phi/mpss-3.2.3/k1om /mnt/tmp on
    Overlay    Filelist /opt/lustre/2.5.59 /opt/lustre/2.5.59/lustre-client-mic-modules.filelist on
    Overlay    Filelist /opt/lustre/2.5.59 /opt/lustre/2.5.59/lustre-client-mic.filelist on
    CommonDir: Directory /var/mpss/common
    Micdir:    Directory /var/mpss/mic0

    Network:       Static bridge br0
        MIC IP:    192.168.6.27
        Host IP:   192.168.6.23
        Net Bits:  24
        NetMask:   255.255.255.0
        MtuSize:   1500
        Hostname:  be01-mic0
        MIC MAC:   4c:79:ba:30:04:54
        Host MAC:  4c:79:ba:30:04:55

    Cgroup:
        Memory:    Disabled

    Console:        hvc0
    VerboseLogging: Disabled
    CrashDump:      /var/crash/mic 16GB

mic1:
=============================================================
    Config Version: 1.1

    Linux Kernel:   /usr/share/mpss/boot/bzImage-knightscorner
    BootOnStart:    Enabled
    Shutdowntimeout: 300 seconds

    ExtraCommandLine: highres=off
    PowerManagment: cpufreq_on;corec6_off;pc3_on;pc6_off

    Root Device:   Dynamic Ram Filesystem /var/mpss/mic1.image.gz from:
    Base:      CPIO /usr/share/mpss/boot/initramfs-knightscorner.cpio.gz
    Overlay    RPM /root/phi/mpss-3.2.3/k1om/nss-ldap-265-r0.k1om.rpm on
    Overlay    RPM /root/phi/mpss-3.2.3/k1om/pam-ldap-186-r0.k1om.rpm on
    Overlay    Simple /root/phi/mpss-3.2.3/k1om /mnt/tmp on
    Overlay    Filelist /opt/lustre/2.5.59 /opt/lustre/2.5.59/lustre-client-mic-modules.filelist on
    Overlay    Filelist /opt/lustre/2.5.59 /opt/lustre/2.5.59/lustre-client-mic.filelist on
    CommonDir: Directory /var/mpss/common
    Micdir:    Directory /var/mpss/mic1

    Network:       Static bridge br0
        MIC IP:    192.168.6.28
        Host IP:   192.168.6.23
        Net Bits:  24
        NetMask:   255.255.255.0
        MtuSize:   1500
        Hostname:  be01-mic1
        MIC MAC:   4c:79:ba:30:05:b8
        Host MAC:  4c:79:ba:30:05:b9

    Cgroup:
        Memory:    Disabled

    Console:        hvc0
    VerboseLogging: Disabled
    CrashDump:      /var/crash/mic 16GB

 


Any suggestion?


Thanks in advance

0 Kudos

Link Copied

3 Replies
Alexander_G_Intel
Employee
‎07-09-2014 06:05 PM
463 Views

Reply from: Alexander Gutkin (Intel)

Hello, Alfonso

Configuring 2 MIC cards for LDAP should be no different than 1.

Let's take some debug steps first to make sure your bridge is configured properly.

Log on to the mic1 and from the mic1's terminal window ping the LDAP server. Continuing with the example from the article the command would look like

mic1 # ping 10.110.0.103

If that worked, next step would be to verify that PAM is properly configured on mic1. To do so, from the card issue command

mic1 # tail -f /var/log/messages

At the same time.  ssh from the host to the card with the LDAP user name:

$ssh apardo@mic1

When the system will prompt you for the password, enter incorrect one to trigger logging to /var/log/messages. You will see output in mic1 terminal window similar to this:

Jul  9 10:20:27 mic1 auth.err sshd[4920]: pam_ldap: error trying to bind as user "uid=apardo,ou=people,dc=micdomain,dc=com" (Invalid credentials)
Jul  9 10:20:28 mic1 authpriv.notice sshd[4920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host  user=sush
Jul  9 10:20:30 mic1 auth.err sshd[4918]: error: PAM: Authentication failure for sush from host
Jul  9 10:20:30 mic1 auth.info sshd[4918]: Postponed keyboard-interactive for apardo from 192.168.0.110 port 54720 ssh2 [preauth]

If that worked, one final step would be to verify that you have the following files present on /var/mpss/mic1/etc and identical to those on /var/mpss/mic0/etc:

ldap.conf

nsswitch.conf

pam.d/common-auth

ssh/sshd_config

 

 

 

0 Kudos
Copy link
Atul_Y_
Beginner
‎10-05-2014 06:59 AM
463 Views

Dear Team,

[root@phi1 ~]# micctrl --config

mic0:
=============================================================
    Config Version: 1.1

    Linux Kernel:   /usr/share/mpss/boot/bzImage-knightscorner
    Map File:       /usr/share/mpss/boot/System.map-knightscorner
    BootOnStart:    Enabled
    Shutdowntimeout: 300 seconds

    ExtraCommandLine: Not configured
    PowerManagment: cpufreq_on;corec6_off;pc3_on;pc6_off

    Root Device:   Dynamic Ram Filesystem /var/mpss/mic0.image.gz from:
        Base:      CPIO /usr/share/mpss/boot/initramfs-knightscorner.cpio.gz
        Overlay:   RPM /root/mpss-3.3/k1om/pam-plugin-mkhomedir-1* on
        Overlay:   RPM /root/mpss-3.3/k1om/libldap-2.4-2-2.4.23-r1.k1om.rpm on
        Overlay:   RPM /root/mpss-3.3/k1om/nss-ldap-265-r0.k1om.rpm on
        Overlay:   RPM /root/mpss-3.3/k1om/pam-ldap-186-r0.k1om.rpm on
        Overlay:   Filelist /opt/lustre/2.5.2 /opt/lustre/2.5.2/lustre-client-mic-modules.filelist on
        Overlay:   Filelist /opt/lustre/2.5.2 /opt/lustre/2.5.2/lustre-client-mic.filelist on
        CommonDir: Directory /var/mpss/common
        Micdir:    Directory /var/mpss/mic0

    Network:       Static bridge br0
        MIC IP:    192.168.1.82
        Host IP:   192.168.1.81
        Net Bits:  24
        NetMask:   255.255.255.0
        MtuSize:   1500
        Hostname:  phi1-mic0.imsc.res.in
        MIC MAC:   4c:79:ba:54:00:66
        Host MAC:  4c:79:ba:54:00:67

    LDAP:          Enabled
     NIS:          Disabled

    Cgroup:
        Memory:    Disabled

    Console:        hvc0
    VerboseLogging: Disabled
    CrashDump:      /var/crash/mic 16GB

mic1:
=============================================================
    Config Version: 1.1

    Linux Kernel:   /usr/share/mpss/boot/bzImage-knightscorner
    Map File:       /usr/share/mpss/boot/System.map-knightscorner
    BootOnStart:    Enabled
    Shutdowntimeout: 300 seconds

    ExtraCommandLine: Not configured
    PowerManagment: cpufreq_on;corec6_off;pc3_on;pc6_off

    Root Device:   Dynamic Ram Filesystem /var/mpss/mic1.image.gz from:
        Base:      CPIO /usr/share/mpss/boot/initramfs-knightscorner.cpio.gz
        Overlay:   RPM /root/mpss-3.3/k1om/pam-plugin-mkhomedir-1* on
        Overlay:   RPM /root/mpss-3.3/k1om/nss-ldap-2* on
        Overlay:   RPM /root/mpss-3.3/k1om/pam-ldap-1* on
        Overlay:   Filelist /opt/lustre/2.5.2 /opt/lustre/2.5.2/lustre-client-mic-modules.filelist on
        Overlay:   Filelist /opt/lustre/2.5.2 /opt/lustre/2.5.2/lustre-client-mic.filelist on
        CommonDir: Directory /var/mpss/common
        Micdir:    Directory /var/mpss/mic1

    Network:       Static bridge br0
        MIC IP:    192.168.1.83
        Host IP:   192.168.1.81
        Net Bits:  24
        NetMask:   255.255.255.0
        MtuSize:   1500
        Hostname:  phi1-mic1.imsc.res.in
        MIC MAC:   4c:79:ba:54:00:70
        Host MAC:  4c:79:ba:54:00:71

    LDAP:          Enabled
     NIS:          Disabled

    Cgroup:
        Memory:    Disabled

    Console:        hvc0
    VerboseLogging: Disabled
    CrashDump:      /var/crash/mic 16GB

[root@phi1 ~]#

MIC1 is working fine with ldap setting, but MIC0 is not authenticating .

 

Please guide us to resolve the problem.

Thank You

Atul Yadav

 

 

0 Kudos
Copy link
SUSHMITH_H_Intel
Employee
‎10-07-2014 06:43 PM
463 Views

Hi Atul,

Micctrl --config looks correct. A good start for debugging would be to make sure the bridge is set up properly to both the cards.

Couple of things you can check:

1. Ping the LDAP server from the cards to check the connectivity with the LDAP server. ( Ex: from each cards terminal " ping 192.168.0.120")

2. Use "tcpdump -i bridgename(br0)" to monitor the traffic between the card and LDAP server. Run "id username" from the both the cards. Check if the IP packets are being sent to the server, and if you are receiving replies from server to the card( not just to the bridge, check if it gets forwarded to the card mac address).

Feel free to share the capture with us, if you like, for further debugging.

 

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.