Hi all,
We have used ldap services on our CentOS spectrometer host computers for
user authentication for a number of years with our Bruker spectrometers
(as well as other instruments, such as our EPR). It's been a big help
for us in user setup, with password authentication being done by the
departmental server, and also in assisting with user account setup. For
example, the spectrometer host computers run cron scripts every 10 min
looking for new users. The script checks all ldap users (using the
command ldapsearch) for a flag set to true, e.g., chemnmr400=TRUE, and
if that user doesn't have an account directory already existing on the
computer, the script makes it up using a template. All we have to do
then to create an account is set a flag to true in ldap for the user.
But we've had troubles with ldap authentication with regard to IconNMR.
All enabled users are properly authenticated by CentOS, and so they can
all log into the computer and fire up topspin. The primary ldap service
is sssd. It enables unix commands such as ldapsearch, and also stuff
like: getent passwd | grep /username/ which returns basic user
information for /username /from the ldap server. Everything was fine
under CentOS 5. But when we got our first CentOS 7 computer, we had
trouble immediately with IconNMR. With only the sssd daemon running,
Icon would start up, but the Identify User screen would be empty. We
tried nslcd, a different ldap service, instead, but then had other
troubles. Only by using both services at the same time (not recommended)
would topspin and icon both work correctly. We were ok with this setup
then for a couple years.
But sometime over the pandemic period, the combination is now not
working right for us. 100% of users can still get into unix and use
topspin, but only 85% or so show up in the Identify User list, with an
example shown below to orient you as to the screen I'm talking about.
The user information comes back correctly when getent passwd | grep
/username/ is done, but the user simply doesn't come up in the IconNMR
Identify User list. This list below is not showing three users that
should be present.
I'm hoping some of you might have seen the same or similar problem and
offer help, or suggestions. We're at a bit of a loss as to what to do
right now.
Thanks in advance for your help,
Charlie
~~~~~~~~~~~~~~~~~~~~~~~
Charles G. Fry, Ph.D. Tel: (608)262-3182
Director, MR Facility Fax: (608)262-0381
Chem. Dept., 1101 University Ave, Univ. Wisconsin-Madison
Madison, WI 53706 USA email:fry_at_chem.wisc.edu
Received on Tue Jun 29 2021 - 09:49:51 MST