I think you should tackle these three things separately: > root SSH to nodes from external machines isn’t working. Typing the correct password lead to an authentication failure.
You don't say if you have stateful, statelite or stateless nodes, and if the nodes have been installed using xCAT, or separately. I'm also assuming that you are using RedHat Linux or something reasonably similar. So there is a huge number of variables right there. Since your nodes apparently are directly accessible from outside your cluster, you may have set up the nodes separately? First, check with your IT security team on policies. Most organizations do not allow root SSH access, so this might simply be intentional. Within an xCAT cluster, the situation is somewhat different because usually, the management node acts as a NAT firewall, and because you usually use key-based authentication. Both of those reduce the security impact of allowing root access to nodes. That said, to actually track down why this happens, look at the sshd_config file on the nodes (usually in /etc/ssh but that might depend on your distribution). Check if it allows root access, and also check if it permits password-based access; it's possible that SSH is restricted to only use keys. > The “su root” command while connected as a regular user isn’t working on nodes. Message is “authentication failure” too. Does that happen before or after it prompts you for a password? > The “su user” command while connected as root lead to the following error : (process:4785): dconf-CRITICAL **: unable to create directory '/run/user/0/dconf': Permission denied. dconf will not work properly. Check your nsswitch.conf file, and your pam, sssd and LDAP configurations (if applicable) and make sure that all your authentication mechanisms are set up correctly. This does not look like anything xCAT-related. _______________________________________________________________________ Kevin Keane | Systems Architect | University of San Diego ITS | kke...@sandiego.edu Maher Hall, 192 |5998 Alcalá Park | San Diego, CA 92110-2492 | 619.260.6859 *REMEMBER! **No one from IT at USD will ever ask to confirm or supply your password*. These messages are an attempt to steal your username and password. Please do not reply to, click the links within, or open the attachments of these messages. Delete them! On Thu, Dec 6, 2018 at 2:05 AM Huette, Antoine <antoine.hue...@bechtle.com> wrote: > Hello, > > > > I’m having serious trouble setting up authentication properly on an xCAT > cluster. > > The problems appearing are : > > - root SSH to nodes from external machines isn’t working. Typing the > correct password lead to an authentication failure. > - The “su root” command while connected as a regular user isn’t > working on nodes. Message is “authentication failure” too. > - The “su user” command while connected as root lead to the following > error : (process:4785): dconf-CRITICAL **: unable to create directory > '/run/user/0/dconf': Permission denied. dconf will not work properly. > > > > Passwordless SSH from the master to the nodes and between nodes works > properly though. > > Is there something related to xCAT that I can do to fix these issues ? > > > > > > Thank you and best regards, > > > > Antoine Huette > *HPC Engineer* > > antoine.hue...@bechtle.com | 03.67.07.97.37/07.72.31.82.12 | bechtle.fr > <http://www.bechtle.fr/> | > > > > [image: Bechtle][image: > http://www.bechtle-contenu.fr/signature/facebook.png] > <https://www.facebook.com/Bechtle-France-428229243877854/> [image: > http://www.bechtle-contenu.fr/signature/twitter.png] > <https://twitter.com/BechtleFrance> [image: > http://www.bechtle-contenu.fr/signature/linkedin.png] > <https://www.linkedin.com/company/bechtle-france> [image: > http://www.bechtle-contenu.fr/signature/youtube.png] > <https://www.youtube.com/user/BechtleAG> [image: Résultat de recherche > d'images pour "instagram logo"] > <https://www.instagram.com/bechtlefrance/?hl=fr> > > > _______________________________________________ > xCAT-user mailing list > xCAT-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/xcat-user >
_______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
