LDAP authentication on Jetson TK1?

Hi All,

I am trying to get a Jetson TK1 configured to use LDAP for loggin on. I have read that the base distribution is Ubuntu 14.04 LTS. I have several computers running Ubuntu 14.04 LTS with LDAP working properly. I used the same configuration on a Jetson TK1 and it will not work. It seems not to try LDAP for authentication (when I try to su to an LDAP account, I get “No password entry for [username]”. Checking /var/log/auth.log shows many different pieces of information, one notable piece is an error saying pre-auth could not find the account or the account does not exist.

I can give details and/or log files if you need. But my configuration works on all my desktops, just not the Tk1, so I wonder iff there is something different about the base system install, kernel, etc? I am a bit of a new user to Linux.

Thanks!

I have not set up LDAP, but it sounds like the issue may be as simple as installing the right packages…which in turn means making sure the repositories for the particular packages are enabled. For reference, the apt packages reference repositories via “/etc/apt/sources.list”. I’d suggest the following be uncommented and then “apt search ldap” to see what is out there, and compare to your other ubuntu (desktops would have installed more by default):

deb http://ports.ubuntu.com/ubuntu-ports/ trusty main restricted
deb-src http://ports.ubuntu.com/ubuntu-ports/ trusty main restricted

deb http://ports.ubuntu.com/ubuntu-ports/ trusty-updates main restricted
deb-src http://ports.ubuntu.com/ubuntu-ports/ trusty-updates main restricted

deb http://ports.ubuntu.com/ubuntu-ports/ trusty universe
deb-src http://ports.ubuntu.com/ubuntu-ports/ trusty universe
deb http://ports.ubuntu.com/ubuntu-ports/ trusty-updates universe
deb-src http://ports.ubuntu.com/ubuntu-ports/ trusty-updates universe

deb http://ports.ubuntu.com/ubuntu-ports/ trusty-security main restricted
deb-src http://ports.ubuntu.com/ubuntu-ports/ trusty-security main restricted
apt update
apt search ldap

What I believe it comes down to is that no distribution includes every package, but typically what the distribution believes is commonly needed at install time (which differs drastically between PC and embedded). There is a possibility that a kernel module would also need to be installed for the same reason.

Thnks very much for the reply. I did un-comment the lines /etc/apt/sources.list I had installed ldap client and copied configuration files exactly the same way as on my other systems:

DEBIAN_FRONTEND=noninteractive apt-get install -y ldap-auth-client nscd ldap-utils
auth-client-config -t nss -p lac_ldap
pam-auth-update --package ldap
/etc/init.d/nscd restart

But I wonder if there is a kernel module missing. I am not sure exactly what that means or how to check that, but I saw another thread here regarding autofs and a needed kernel module to make that work, so I wonder if my situation for ldap client is the same?

Any steps on going about that?

Thanks!

Hello,
I just tried the LDAP in Jetson and it seems OK.

  1. Follow the instruction @ https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps (Here I met a problem when creating user account, and it’s solved by http://stackoverflow.com/questions/20673186/getting-error-for-setting-password-field-when-creating-generic-user-account-phpl)

  2. Test by ldapsearch -x -h host-ip -b “dc=example,dc=com” “(objectClass=*)”
    And it shows the correct result.

Please let me know if there’s anything missed.

BTW: you can check the kernel configuration by:
zcat /proc/config.gz
and find if there’s any issue with your kernel configuration.

br
Chenjian

Thanks very much. OUr ldap server is already setup and authenticates many Ubuntu 14.04 LTS client computers. I used the same procedure to install ldap-auth-client on the TK1 devices as I did on my working machines, but it doesn’t work.

Was there anything special you did to make yours work?

Hello,
I think you met problem with LDAP client, not server.

Besides correct configuration LDAP client, please also run the following command:

sudo apt-get install libnss-ldapd

If you still fail to login, please paste the auth.log in client side, and ‘slapd’ log in server side.

Let me know if there’s any problem.

br
Chenjian

Hi Chenjian,

Thanks for your help. I did your suggestions:

  1. ldapsearch: I ran a command to do ldapsearch for my username and I get results back. When I try to su to that usrname I get a message: No password entry for [username]

  2. sudo apt-get install libnss-ldapd still login failure

  3. Client auth log (i placed [username] instead of my actual username and ** for domain information, FYI.) I think the first line says it: Invalid user, but not sure why that is happening. Slapd log on server had no entries at the same time, so I am not sure it went to the server:

Nov 11 17:43:37 tegra-ubuntu sshd[15406]: Invalid user [username] from 10.x.x.x
Nov 11 17:43:37 tegra-ubuntu sshd[15406]: input_userauth_request: invalid user [username] [preauth]
Nov 11 17:43:43 tegra-ubuntu sshd[15406]: pam_unix(sshd:auth): check pass; user unknown
Nov 11 17:43:43 tegra-ubuntu sshd[15406]: pam_unix(sshd:auth): authentication fa ilure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
Nov 11 17:43:43 tegra-ubuntu sshd[15406]: pam_ldap: error trying to bind as user “uid=[username},ou=People,o=,dc=,dc=**” (Invalid credentials)
Nov 11 17:43:45 tegra-ubuntu sshd[15406]: Failed password for invalid user [username] from 10.x.x.x port 13856 ssh2
Nov 11 17:43:50 tegra-ubuntu sshd[15406]: pam_unix(sshd:auth): check pass; user unknown

Hello,
Another change in file /etc/nslcd.conf, please correct following items:
uri ldap://xxx.xxx.xxx.xxx
base dc=xxx,dc=xxx

sudo service nslcd restart

wait a few seconds. and try again. Here are my auth.log:

Nov 20 09:37:46 tegra-ubuntu sshd[3841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xx.xx.xxx.xx user=test
Nov 20 09:37:46 tegra-ubuntu sshd[3841]: Accepted password for test from xx.xx.xx.xx port 49756 ssh2
Nov 20 09:37:47 tegra-ubuntu sshd[3841]: pam_unix(sshd:session): session opened for user test by (uid=0)
Nov 20 09:37:50 tegra-ubuntu sshd[3885]: Received disconnect from xx.xx.xxx.xx: 11: disconnected by user
Nov 20 09:37:50 tegra-ubuntu sshd[3841]: pam_unix(sshd:session): session closed for user test

Hope it can help.

br
ChenJian