- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear all,
I have a node with two Xeon Phi (mic0 and mic1). I have configured the LDAP support by the Intel manual: https://software.intel.com/en-us/articles/setting-up-ldap-support-for-intel-xeon-phi-coprocessors
The configuration was successfully and I can login with my LDAP account in the mic0, but I the LDAP configuration don't work in mic1.
The LDAP and PAM are the same in both Xeon Phi:
/var/mpss/mic0/etc/ldap.conf
/var/mpss/mic0/etc/ssh/sshd_config
/var/mpss/mic0/etc/pam.d/common-auth
/var/mpss/mic0/etc/nsswitch.confetc/mpss/mic0.conf
If I run "id apardo" inside Xeon Phi Mic0 I get:
id apardo
uid=1002(apardo) gid=530(use)
But if I run the same command inside Xeon Phi Mic1 I get:
id apardo
id: unknown user apardo
This is my micctrl --config
mic0:
=============================================================
Config Version: 1.1
Linux Kernel: /usr/share/mpss/boot/bzImage-knightscorner
BootOnStart: Enabled
Shutdowntimeout: 300 seconds
ExtraCommandLine: highres=off
PowerManagment: cpufreq_on;corec6_off;pc3_on;pc6_off
Root Device: Dynamic Ram Filesystem /var/mpss/mic0.image.gz from:
Base: CPIO /usr/share/mpss/boot/initramfs-knightscorner.cpio.gz
Overlay RPM /root/phi/mpss-3.2.3/k1om/nss-ldap-265-r0.k1om.rpm on
Overlay RPM /root/phi/mpss-3.2.3/k1om/pam-ldap-186-r0.k1om.rpm on
Overlay Simple /root/phi/mpss-3.2.3/k1om /mnt/tmp on
Overlay Filelist /opt/lustre/2.5.59 /opt/lustre/2.5.59/lustre-client-mic-modules.filelist on
Overlay Filelist /opt/lustre/2.5.59 /opt/lustre/2.5.59/lustre-client-mic.filelist on
CommonDir: Directory /var/mpss/common
Micdir: Directory /var/mpss/mic0
Network: Static bridge br0
MIC IP: 192.168.6.27
Host IP: 192.168.6.23
Net Bits: 24
NetMask: 255.255.255.0
MtuSize: 1500
Hostname: be01-mic0
MIC MAC: 4c:79:ba:30:04:54
Host MAC: 4c:79:ba:30:04:55
Cgroup:
Memory: Disabled
Console: hvc0
VerboseLogging: Disabled
CrashDump: /var/crash/mic 16GB
mic1:
=============================================================
Config Version: 1.1
Linux Kernel: /usr/share/mpss/boot/bzImage-knightscorner
BootOnStart: Enabled
Shutdowntimeout: 300 seconds
ExtraCommandLine: highres=off
PowerManagment: cpufreq_on;corec6_off;pc3_on;pc6_off
Root Device: Dynamic Ram Filesystem /var/mpss/mic1.image.gz from:
Base: CPIO /usr/share/mpss/boot/initramfs-knightscorner.cpio.gz
Overlay RPM /root/phi/mpss-3.2.3/k1om/nss-ldap-265-r0.k1om.rpm on
Overlay RPM /root/phi/mpss-3.2.3/k1om/pam-ldap-186-r0.k1om.rpm on
Overlay Simple /root/phi/mpss-3.2.3/k1om /mnt/tmp on
Overlay Filelist /opt/lustre/2.5.59 /opt/lustre/2.5.59/lustre-client-mic-modules.filelist on
Overlay Filelist /opt/lustre/2.5.59 /opt/lustre/2.5.59/lustre-client-mic.filelist on
CommonDir: Directory /var/mpss/common
Micdir: Directory /var/mpss/mic1
Network: Static bridge br0
MIC IP: 192.168.6.28
Host IP: 192.168.6.23
Net Bits: 24
NetMask: 255.255.255.0
MtuSize: 1500
Hostname: be01-mic1
MIC MAC: 4c:79:ba:30:05:b8
Host MAC: 4c:79:ba:30:05:b9
Cgroup:
Memory: Disabled
Console: hvc0
VerboseLogging: Disabled
CrashDump: /var/crash/mic 16GB
Any suggestion?
Thanks in advance
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reply from: Alexander Gutkin (Intel)
Hello, Alfonso
Configuring 2 MIC cards for LDAP should be no different than 1.
Let's take some debug steps first to make sure your bridge is configured properly.
Log on to the mic1 and from the mic1's terminal window ping the LDAP server. Continuing with the example from the article the command would look like
mic1 # ping 10.110.0.103
If that worked, next step would be to verify that PAM is properly configured on mic1. To do so, from the card issue command
mic1 # tail -f /var/log/messages
At the same time. ssh from the host to the card with the LDAP user name:
$ssh apardo@mic1
When the system will prompt you for the password, enter incorrect one to trigger logging to /var/log/messages. You will see output in mic1 terminal window similar to this:
Jul 9 10:20:27 mic1 auth.err sshd[4920]: pam_ldap: error trying to bind as user "uid=apardo,ou=people,dc=micdomain,dc=com" (Invalid credentials)
Jul 9 10:20:28 mic1 authpriv.notice sshd[4920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host user=sush
Jul 9 10:20:30 mic1 auth.err sshd[4918]: error: PAM: Authentication failure for sush from host
Jul 9 10:20:30 mic1 auth.info sshd[4918]: Postponed keyboard-interactive for apardo from 192.168.0.110 port 54720 ssh2 [preauth]
If that worked, one final step would be to verify that you have the following files present on /var/mpss/mic1/etc and identical to those on /var/mpss/mic0/etc:
ldap.conf
nsswitch.conf
pam.d/common-auth
ssh/sshd_config
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Team,
[root@phi1 ~]# micctrl --config
mic0:
=============================================================
Config Version: 1.1
Linux Kernel: /usr/share/mpss/boot/bzImage-knightscorner
Map File: /usr/share/mpss/boot/System.map-knightscorner
BootOnStart: Enabled
Shutdowntimeout: 300 seconds
ExtraCommandLine: Not configured
PowerManagment: cpufreq_on;corec6_off;pc3_on;pc6_off
Root Device: Dynamic Ram Filesystem /var/mpss/mic0.image.gz from:
Base: CPIO /usr/share/mpss/boot/initramfs-knightscorner.cpio.gz
Overlay: RPM /root/mpss-3.3/k1om/pam-plugin-mkhomedir-1* on
Overlay: RPM /root/mpss-3.3/k1om/libldap-2.4-2-2.4.23-r1.k1om.rpm on
Overlay: RPM /root/mpss-3.3/k1om/nss-ldap-265-r0.k1om.rpm on
Overlay: RPM /root/mpss-3.3/k1om/pam-ldap-186-r0.k1om.rpm on
Overlay: Filelist /opt/lustre/2.5.2 /opt/lustre/2.5.2/lustre-client-mic-modules.filelist on
Overlay: Filelist /opt/lustre/2.5.2 /opt/lustre/2.5.2/lustre-client-mic.filelist on
CommonDir: Directory /var/mpss/common
Micdir: Directory /var/mpss/mic0
Network: Static bridge br0
MIC IP: 192.168.1.82
Host IP: 192.168.1.81
Net Bits: 24
NetMask: 255.255.255.0
MtuSize: 1500
Hostname: phi1-mic0.imsc.res.in
MIC MAC: 4c:79:ba:54:00:66
Host MAC: 4c:79:ba:54:00:67
LDAP: Enabled
NIS: Disabled
Cgroup:
Memory: Disabled
Console: hvc0
VerboseLogging: Disabled
CrashDump: /var/crash/mic 16GB
mic1:
=============================================================
Config Version: 1.1
Linux Kernel: /usr/share/mpss/boot/bzImage-knightscorner
Map File: /usr/share/mpss/boot/System.map-knightscorner
BootOnStart: Enabled
Shutdowntimeout: 300 seconds
ExtraCommandLine: Not configured
PowerManagment: cpufreq_on;corec6_off;pc3_on;pc6_off
Root Device: Dynamic Ram Filesystem /var/mpss/mic1.image.gz from:
Base: CPIO /usr/share/mpss/boot/initramfs-knightscorner.cpio.gz
Overlay: RPM /root/mpss-3.3/k1om/pam-plugin-mkhomedir-1* on
Overlay: RPM /root/mpss-3.3/k1om/nss-ldap-2* on
Overlay: RPM /root/mpss-3.3/k1om/pam-ldap-1* on
Overlay: Filelist /opt/lustre/2.5.2 /opt/lustre/2.5.2/lustre-client-mic-modules.filelist on
Overlay: Filelist /opt/lustre/2.5.2 /opt/lustre/2.5.2/lustre-client-mic.filelist on
CommonDir: Directory /var/mpss/common
Micdir: Directory /var/mpss/mic1
Network: Static bridge br0
MIC IP: 192.168.1.83
Host IP: 192.168.1.81
Net Bits: 24
NetMask: 255.255.255.0
MtuSize: 1500
Hostname: phi1-mic1.imsc.res.in
MIC MAC: 4c:79:ba:54:00:70
Host MAC: 4c:79:ba:54:00:71
LDAP: Enabled
NIS: Disabled
Cgroup:
Memory: Disabled
Console: hvc0
VerboseLogging: Disabled
CrashDump: /var/crash/mic 16GB
[root@phi1 ~]#
MIC1 is working fine with ldap setting, but MIC0 is not authenticating .
Please guide us to resolve the problem.
Thank You
Atul Yadav
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Atul,
Micctrl --config looks correct. A good start for debugging would be to make sure the bridge is set up properly to both the cards.
Couple of things you can check:
1. Ping the LDAP server from the cards to check the connectivity with the LDAP server. ( Ex: from each cards terminal " ping 192.168.0.120")
2. Use "tcpdump -i bridgename(br0)" to monitor the traffic between the card and LDAP server. Run "id username" from the both the cards. Check if the IP packets are being sent to the server, and if you are receiving replies from server to the card( not just to the bridge, check if it gets forwarded to the card mac address).
Feel free to share the capture with us, if you like, for further debugging.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page