[Show page]
[Old revisions]
[[unknown link type]]
[
]

Differences

This shows you the differences between two versions of the page.

--- linux:ldap:ubuntu [2017/10/28 15:06]
admin created
+++ linux:ldap:ubuntu [2017/10/28 20:38] (current)
admin
@@ Line 1: / Line 1: @@
-======Why LDAP auth doesnt work correctly on Ubuntu 16 and 17======
+======Why LDAP auth doesnt work correctly on Ubuntu 16.04.3 LTS (Xenial Xerus) and 17.04 ======
-Simple answer: because systemd and incorrect dependencies.
-Simple solution: disable libnss-ldap, nscd and write your own startscript
+**The goal is to have users in ldap and $HOME on NFS.**
+//Simple answer:// because systemd and incorrect dependencies.\\
+//Simple solution:// disable libnss-ldap, nscd and write your own startscript
 This article is a thorough analysis of ubuntu ldap auth problem.
-The whole bad day started with broken boot from ubuntu usb flash. We tried booting ubuntu live usb stick and installed it on another usb flash drive 8GB. Booting and detection of WiFi, NIC and other hw was excelent. We can compare to Debian 9.0, which doesn't have necessary non-free firmwares which is an //abnormal pain in the lower side// followed by lspci gymnastics and searching binary firmwares.
+The whole bad day started with broken boot from ubuntu usb flash. We tried booting ubuntu live usb stick and installed it on another usb flash drive 8GB. The goal was not to touch MS Windows inside. Booting and detection of WiFi, NIC and other hw was excelent. We can compare to Debian 9.0, which doesn't have necessary non-free firmwares which is an //abnormal pain in the lower side// followed by lspci gymnastics and searching binary firmwares.
 First instalation fail was the swap. There is no need to install Ubuntu on PC with 16GB RAM with using a swap file or partition, especialy on a slow usb flash drive.
-Second fail - finaly the instalation asked for more space then 5GB so we had to repartition the flash drive. 6GB were ok, but instalation failed after one hour. Creating 7GB partition and do everything again worked like a charm. We had a very good reasons why not to use whole flash drive.
+Second fail - finaly the instalation asked for more space then 5GB so we had to repartition the flash drive. 6GB were ok, but instalation failed after one hour with "not enough space". Creating 7GB partition and do everything again worked like a charm. We had a very good reasons why not to use whole flash drive.
-Third fail - grub install failed. Instalation incomplete. I gave up - had a lot of programming - so I asked my colleague if he could try the installation himself. Different Ubuntu image failed exactly the same way. So we had to create a new 256MB EFI partition, mount it under /boot/efi and then grub-install worked. When we chose 8GB install partition, we had to do all the install again, because we couldn't create the 256MB efi partition.
+Third fail - grub install failed. Instalation incomplete. I gave up - had a lot of programming - so I asked my colleague if he could try the installation himself. Different Ubuntu image failed exactly the same way. So we had to create a new 256MB EFI partition, mount it under /boot/efi and then grub-install worked. When we chose 8GB install partition, we had to do all the installation again, because we couldn't create the 256MB efi partition.
 Now the ubuntu is booting and running correctly. It detects wifi nic and gets ip. This step is very important, because it was the last working state for another day.
+After installing libnss-ldap, libpam-ldap, nscd and nfs-common and proper configuration everything worked.  But didn't boot again.
+Quickly the working config was:
+<file bash /etc/nsswitch.conf>
+   passwd      ldap file
+   group      ldap file
+</file>
+<file bash /etc/ldap.conf>
+    base dc=prague
+    uri ldap://212.21.51.111/
+    ldap_version 3
+</file>
+and finaly fstab
+<file fstab /etc/fstab>
+   # Yes, it is really disabled
+   # 212.21.51.111:/home    /home/nfs nfs   rw,noatime,nodiratime,nfsvers=3,_netdev 0       0
+</file>
+Three system services were failing:
+  * Network Manager
+  * Login
+  * Gnome Display Manager
+Logs were not useful for identifying any error. Lets skip a few hours, we didn't know it was caused by ldap.
+System is waiting for ldap, but it does not work without network. This workstation was Lenovo Ideacenter with wifi. We use wpa_supplicant with preconfigured wpa2-psk passphrase. Network works without those mentioned packages (libnss-ldap, nscd,...) so network is not a problem. When using wired ethernet, it works with ldap configuration. So the solution is to mask/disable problematic services
+systemctl mask nscd
+systemctl mask libnss-ldap
+And create our own "Starlab.ldap.fix" system service. It simply
+  - waits for network
+  - starts ldap
+  - starts nscd
+  - mounts nfs
+<file bash starlab.ldap.fix>
+#!/bin/bash
+# This is the first shot :). It is missing the right case start, stop, esac.
+while ! ping 212.21.51.111 -c1 >/dev/null; do
+        sleep 5;
+        echo "Network or STARLAB server unreachable."
+done
+if [ -f /home/nfs/empty ]; then
+        mount -t nfs -o nfsvers=3,rw,nosuid,nodev,noatime,nodiratime 212.21.51.111:/home /home/nfs
+fi
+/etc/init.d/libnss-ldap restart
+/etc/init.d/nscd restart
+# ensure we were always successful
+exit 0
+</file>
+<file bash /etc/systemd/system/starlab.service>
+[Unit]
+Description=Starlab ldap fix
+After=network.target auditd.service
+ConditionPathExists=/etc/starlab.ldap.fix
+[Service]
+Type=forking
+ExecStart=/etc/starlab.ldap.fix start
+TimeoutSec=0
+StandardOutput=tty
+RemainAfterExit=yes
+;SysVStartPriority=99
+[Install]
+WantedBy=multi-user.target
+</file>
+Dont forget to enable the service for auto-start at boot time
+<code bash>
+    systemctl enable starlab
+</code>
+====== Baby's bottom ======
+Feel free to contact me at dalibor.straka@starlab.cz with any questions or suggestions

linux/ldap/ubuntu.1509195971.txt.gz · Last modified: 2017/10/28 15:06 by admin