- [Show page]
- [Old revisions]
- [[unknown link type]]
- []
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:ldap:ubuntu [2017/10/28 16:23] admin |
linux:ldap:ubuntu [2017/10/28 20:38] (current) admin |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ======Why LDAP auth doesnt work correctly on Ubuntu 16 and 17====== | + | ======Why LDAP auth doesnt work correctly on Ubuntu 16.04.3 LTS (Xenial Xerus) and 17.04 ====== |
| - | The goal is to have users in ldap and $HOME on NFS. | + | **The goal is to have users in ldap and $HOME on NFS.** |
| - | Simple answer: because systemd and incorrect dependencies. | + | //Simple answer:// because systemd and incorrect dependencies.\\ |
| - | Simple solution: disable libnss-ldap, nscd and write your own startscript | + | //Simple solution:// disable libnss-ldap, nscd and write your own startscript |
| This article is a thorough analysis of ubuntu ldap auth problem. | This article is a thorough analysis of ubuntu ldap auth problem. | ||
| - | The whole bad day started with broken boot from ubuntu usb flash. We tried booting ubuntu live usb stick and installed it on another usb flash drive 8GB. Booting and detection of WiFi, NIC and other hw was excelent. We can compare to Debian 9.0, which doesn't have necessary non-free firmwares which is an //abnormal pain in the lower side// followed by lspci gymnastics and searching binary firmwares. | + | The whole bad day started with broken boot from ubuntu usb flash. We tried booting ubuntu live usb stick and installed it on another usb flash drive 8GB. The goal was not to touch MS Windows inside. Booting and detection of WiFi, NIC and other hw was excelent. We can compare to Debian 9.0, which doesn't have necessary non-free firmwares which is an //abnormal pain in the lower side// followed by lspci gymnastics and searching binary firmwares. |
| First instalation fail was the swap. There is no need to install Ubuntu on PC with 16GB RAM with using a swap file or partition, especialy on a slow usb flash drive. | First instalation fail was the swap. There is no need to install Ubuntu on PC with 16GB RAM with using a swap file or partition, especialy on a slow usb flash drive. | ||
| - | Second fail - finaly the instalation asked for more space then 5GB so we had to repartition the flash drive. 6GB were ok, but instalation failed after one hour. Creating 7GB partition and do everything again worked like a charm. We had a very good reasons why not to use whole flash drive. | + | Second fail - finaly the instalation asked for more space then 5GB so we had to repartition the flash drive. 6GB were ok, but instalation failed after one hour with "not enough space". Creating 7GB partition and do everything again worked like a charm. We had a very good reasons why not to use whole flash drive. |
| - | Third fail - grub install failed. Instalation incomplete. I gave up - had a lot of programming - so I asked my colleague if he could try the installation himself. Different Ubuntu image failed exactly the same way. So we had to create a new 256MB EFI partition, mount it under /boot/efi and then grub-install worked. When we chose 8GB install partition, we had to do all the install again, because we couldn't create the 256MB efi partition. | + | Third fail - grub install failed. Instalation incomplete. I gave up - had a lot of programming - so I asked my colleague if he could try the installation himself. Different Ubuntu image failed exactly the same way. So we had to create a new 256MB EFI partition, mount it under /boot/efi and then grub-install worked. When we chose 8GB install partition, we had to do all the installation again, because we couldn't create the 256MB efi partition. |
| Now the ubuntu is booting and running correctly. It detects wifi nic and gets ip. This step is very important, because it was the last working state for another day. | Now the ubuntu is booting and running correctly. It detects wifi nic and gets ip. This step is very important, because it was the last working state for another day. | ||
| Line 46: | Line 46: | ||
| Logs were not useful for identifying any error. Lets skip a few hours, we didn't know it was caused by ldap. | Logs were not useful for identifying any error. Lets skip a few hours, we didn't know it was caused by ldap. | ||
| - | System is waiting for ldap, but it does not work without network. This workstation was Lenovo Ideacenter with wifi. We use wpa_supplicant with preconfigured wpa2-psk passphrase. Network works without those mentioned packages (libnss-ldap, nscd,...) so network is not a problem. When using wired ethernet, it works with ldap configure. So the solution is to mask/disable problematic services | + | System is waiting for ldap, but it does not work without network. This workstation was Lenovo Ideacenter with wifi. We use wpa_supplicant with preconfigured wpa2-psk passphrase. Network works without those mentioned packages (libnss-ldap, nscd,...) so network is not a problem. When using wired ethernet, it works with ldap configuration. So the solution is to mask/disable problematic services |
| systemctl mask nscd | systemctl mask nscd | ||
| systemctl mask libnss-ldap | systemctl mask libnss-ldap | ||
| - | And create our own "Starlab_ldap_fix" system service. It simply | + | And create our own "Starlab.ldap.fix" system service. It simply |
| - waits for network | - waits for network | ||
| - starts ldap | - starts ldap | ||
| Line 62: | Line 62: | ||
| # This is the first shot :). It is missing the right case start, stop, esac. | # This is the first shot :). It is missing the right case start, stop, esac. | ||
| - | while ! ping 212.20.99.101 -c1 >/dev/null; do | + | while ! ping 212.21.51.111 -c1 >/dev/null; do |
| sleep 5; | sleep 5; | ||
| echo "Network or STARLAB server unreachable." | echo "Network or STARLAB server unreachable." | ||
| Line 68: | Line 68: | ||
| if [ -f /home/nfs/empty ]; then | if [ -f /home/nfs/empty ]; then | ||
| - | mount -t nfs -o nfsvers=3,rw,nosuid,nodev 212.20.99.101:/home /home/nfs | + | mount -t nfs -o nfsvers=3,rw,nosuid,nodev,noatime,nodiratime 212.21.51.111:/home /home/nfs |
| fi | fi | ||
| Line 97: | Line 97: | ||
| - | Dont forget to enable the service at boot | + | Dont forget to enable the service for auto-start at boot time |
| <code bash> | <code bash> | ||
| systemctl enable starlab | systemctl enable starlab | ||
| </code> | </code> | ||
| + | ====== Baby's bottom ====== | ||
| + | Feel free to contact me at dalibor.straka@starlab.cz with any questions or suggestions | ||
linux/ldap/ubuntu.1509200618.txt.gz · Last modified: 2017/10/28 16:23 by admin