LDAP configuration problems

LDAP configuration problems

Dear all,

I have a node with two Xeon Phi (mic0 and mic1). I have configured the LDAP support by the Intel manual: https://software.intel.com/en-us/articles/setting-up-ldap-support-for-in...

The configuration was successfully and I can login with my LDAP account in the mic0, but I the LDAP configuration don't work in mic1.

The LDAP and PAM are the same in both Xeon Phi:

/var/mpss/mic0/etc/ldap.conf
/var/mpss/mic0/etc/ssh/sshd_config
/var/mpss/mic0/etc/pam.d/common-auth
/var/mpss/mic0/etc/nsswitch.confetc/mpss/mic0.conf

If I run "id apardo" inside Xeon Phi Mic0 I get:
id apardo
uid=1002(apardo) gid=530(use)

But if I run the same command inside Xeon Phi Mic1 I get:
id apardo
id: unknown user apardo

This is my micctrl --config

mic0:
=============================================================
    Config Version: 1.1

    Linux Kernel:   /usr/share/mpss/boot/bzImage-knightscorner
    BootOnStart:    Enabled
    Shutdowntimeout: 300 seconds

    ExtraCommandLine: highres=off
    PowerManagment: cpufreq_on;corec6_off;pc3_on;pc6_off

    Root Device:   Dynamic Ram Filesystem /var/mpss/mic0.image.gz from:
    Base:      CPIO /usr/share/mpss/boot/initramfs-knightscorner.cpio.gz
    Overlay    RPM /root/phi/mpss-3.2.3/k1om/nss-ldap-265-r0.k1om.rpm on
    Overlay    RPM /root/phi/mpss-3.2.3/k1om/pam-ldap-186-r0.k1om.rpm on
    Overlay    Simple /root/phi/mpss-3.2.3/k1om /mnt/tmp on
    Overlay    Filelist /opt/lustre/2.5.59 /opt/lustre/2.5.59/lustre-client-mic-modules.filelist on
    Overlay    Filelist /opt/lustre/2.5.59 /opt/lustre/2.5.59/lustre-client-mic.filelist on
    CommonDir: Directory /var/mpss/common
    Micdir:    Directory /var/mpss/mic0

    Network:       Static bridge br0
        MIC IP:    192.168.6.27
        Host IP:   192.168.6.23
        Net Bits:  24
        NetMask:   255.255.255.0
        MtuSize:   1500
        Hostname:  be01-mic0
        MIC MAC:   4c:79:ba:30:04:54
        Host MAC:  4c:79:ba:30:04:55

    Cgroup:
        Memory:    Disabled

    Console:        hvc0
    VerboseLogging: Disabled
    CrashDump:      /var/crash/mic 16GB

mic1:
=============================================================
    Config Version: 1.1

    Linux Kernel:   /usr/share/mpss/boot/bzImage-knightscorner
    BootOnStart:    Enabled
    Shutdowntimeout: 300 seconds

    ExtraCommandLine: highres=off
    PowerManagment: cpufreq_on;corec6_off;pc3_on;pc6_off

    Root Device:   Dynamic Ram Filesystem /var/mpss/mic1.image.gz from:
    Base:      CPIO /usr/share/mpss/boot/initramfs-knightscorner.cpio.gz
    Overlay    RPM /root/phi/mpss-3.2.3/k1om/nss-ldap-265-r0.k1om.rpm on
    Overlay    RPM /root/phi/mpss-3.2.3/k1om/pam-ldap-186-r0.k1om.rpm on
    Overlay    Simple /root/phi/mpss-3.2.3/k1om /mnt/tmp on
    Overlay    Filelist /opt/lustre/2.5.59 /opt/lustre/2.5.59/lustre-client-mic-modules.filelist on
    Overlay    Filelist /opt/lustre/2.5.59 /opt/lustre/2.5.59/lustre-client-mic.filelist on
    CommonDir: Directory /var/mpss/common
    Micdir:    Directory /var/mpss/mic1

    Network:       Static bridge br0
        MIC IP:    192.168.6.28
        Host IP:   192.168.6.23
        Net Bits:  24
        NetMask:   255.255.255.0
        MtuSize:   1500
        Hostname:  be01-mic1
        MIC MAC:   4c:79:ba:30:05:b8
        Host MAC:  4c:79:ba:30:05:b9

    Cgroup:
        Memory:    Disabled

    Console:        hvc0
    VerboseLogging: Disabled
    CrashDump:      /var/crash/mic 16GB

 

Any suggestion?

Thanks in advance

4 post / 0 nuovi
Ultimo contenuto
Per informazioni complete sulle ottimizzazioni del compilatore, consultare l'Avviso sull'ottimizzazione

Reply from: Alexander Gutkin (Intel)

Hello, Alfonso

Configuring 2 MIC cards for LDAP should be no different than 1.

Let's take some debug steps first to make sure your bridge is configured properly.

Log on to the mic1 and from the mic1's terminal window ping the LDAP server. Continuing with the example from the article the command would look like

mic1 # ping 10.110.0.103

If that worked, next step would be to verify that PAM is properly configured on mic1. To do so, from the card issue command

mic1 # tail -f /var/log/messages

At the same time.  ssh from the host to the card with the LDAP user name:

$ssh apardo@mic1

When the system will prompt you for the password, enter incorrect one to trigger logging to /var/log/messages. You will see output in mic1 terminal window similar to this:

Jul  9 10:20:27 mic1 auth.err sshd[4920]: pam_ldap: error trying to bind as user "uid=apardo,ou=people,dc=micdomain,dc=com" (Invalid credentials)
Jul  9 10:20:28 mic1 authpriv.notice sshd[4920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host  user=sush
Jul  9 10:20:30 mic1 auth.err sshd[4918]: error: PAM: Authentication failure for sush from host
Jul  9 10:20:30 mic1 auth.info sshd[4918]: Postponed keyboard-interactive for apardo from 192.168.0.110 port 54720 ssh2 [preauth]

If that worked, one final step would be to verify that you have the following files present on /var/mpss/mic1/etc and identical to those on /var/mpss/mic0/etc:

ldap.conf

nsswitch.conf

pam.d/common-auth

ssh/sshd_config

 

 

 

Dear Team,

[root@phi1 ~]# micctrl --config

mic0:
=============================================================
    Config Version: 1.1

    Linux Kernel:   /usr/share/mpss/boot/bzImage-knightscorner
    Map File:       /usr/share/mpss/boot/System.map-knightscorner
    BootOnStart:    Enabled
    Shutdowntimeout: 300 seconds

    ExtraCommandLine: Not configured
    PowerManagment: cpufreq_on;corec6_off;pc3_on;pc6_off

    Root Device:   Dynamic Ram Filesystem /var/mpss/mic0.image.gz from:
        Base:      CPIO /usr/share/mpss/boot/initramfs-knightscorner.cpio.gz
        Overlay:   RPM /root/mpss-3.3/k1om/pam-plugin-mkhomedir-1* on
        Overlay:   RPM /root/mpss-3.3/k1om/libldap-2.4-2-2.4.23-r1.k1om.rpm on
        Overlay:   RPM /root/mpss-3.3/k1om/nss-ldap-265-r0.k1om.rpm on
        Overlay:   RPM /root/mpss-3.3/k1om/pam-ldap-186-r0.k1om.rpm on
        Overlay:   Filelist /opt/lustre/2.5.2 /opt/lustre/2.5.2/lustre-client-mic-modules.filelist on
        Overlay:   Filelist /opt/lustre/2.5.2 /opt/lustre/2.5.2/lustre-client-mic.filelist on
        CommonDir: Directory /var/mpss/common
        Micdir:    Directory /var/mpss/mic0

    Network:       Static bridge br0
        MIC IP:    192.168.1.82
        Host IP:   192.168.1.81
        Net Bits:  24
        NetMask:   255.255.255.0
        MtuSize:   1500
        Hostname:  phi1-mic0.imsc.res.in
        MIC MAC:   4c:79:ba:54:00:66
        Host MAC:  4c:79:ba:54:00:67

    LDAP:          Enabled
     NIS:          Disabled

    Cgroup:
        Memory:    Disabled

    Console:        hvc0
    VerboseLogging: Disabled
    CrashDump:      /var/crash/mic 16GB

mic1:
=============================================================
    Config Version: 1.1

    Linux Kernel:   /usr/share/mpss/boot/bzImage-knightscorner
    Map File:       /usr/share/mpss/boot/System.map-knightscorner
    BootOnStart:    Enabled
    Shutdowntimeout: 300 seconds

    ExtraCommandLine: Not configured
    PowerManagment: cpufreq_on;corec6_off;pc3_on;pc6_off

    Root Device:   Dynamic Ram Filesystem /var/mpss/mic1.image.gz from:
        Base:      CPIO /usr/share/mpss/boot/initramfs-knightscorner.cpio.gz
        Overlay:   RPM /root/mpss-3.3/k1om/pam-plugin-mkhomedir-1* on
        Overlay:   RPM /root/mpss-3.3/k1om/nss-ldap-2* on
        Overlay:   RPM /root/mpss-3.3/k1om/pam-ldap-1* on
        Overlay:   Filelist /opt/lustre/2.5.2 /opt/lustre/2.5.2/lustre-client-mic-modules.filelist on
        Overlay:   Filelist /opt/lustre/2.5.2 /opt/lustre/2.5.2/lustre-client-mic.filelist on
        CommonDir: Directory /var/mpss/common
        Micdir:    Directory /var/mpss/mic1

    Network:       Static bridge br0
        MIC IP:    192.168.1.83
        Host IP:   192.168.1.81
        Net Bits:  24
        NetMask:   255.255.255.0
        MtuSize:   1500
        Hostname:  phi1-mic1.imsc.res.in
        MIC MAC:   4c:79:ba:54:00:70
        Host MAC:  4c:79:ba:54:00:71

    LDAP:          Enabled
     NIS:          Disabled

    Cgroup:
        Memory:    Disabled

    Console:        hvc0
    VerboseLogging: Disabled
    CrashDump:      /var/crash/mic 16GB

[root@phi1 ~]#

MIC1 is working fine with ldap setting, but MIC0 is not authenticating .

 

Please guide us to resolve the problem.

Thank You

Atul Yadav

 

 

Hi Atul,

Micctrl --config looks correct. A good start for debugging would be to make sure the bridge is set up properly to both the cards.

Couple of things you can check:

1. Ping the LDAP server from the cards to check the connectivity with the LDAP server. ( Ex: from each cards terminal " ping 192.168.0.120")

2. Use "tcpdump -i bridgename(br0)" to monitor the traffic between the card and LDAP server. Run "id username" from the both the cards. Check if the IP packets are being sent to the server, and if you are receiving replies from server to the card( not just to the bridge, check if it gets forwarded to the card mac address).

Feel free to share the capture with us, if you like, for further debugging.

 

Accedere per lasciare un commento.