pam ldap postgres troubles cannot get postgres to auth via ldap
| От | Derrick Stensrud |
|---|---|
| Тема | pam ldap postgres troubles cannot get postgres to auth via ldap |
| Дата | |
| Msg-id | 4586B702.7080600@worleyco.com обсуждение исходный текст |
| Список | pgsql-general |
I've been beating my head it trying to understand what is going on here. I'm trying to setup postgresql to authenticate using pam_ldap against a windows 2003 Active Directory server. I have setup accounts on the Active directory and tested the authentication against it using services like local machine login and ssh logins and it authenticates properly. I can do a ldapsearch without any problem. I edited the pg_hba.conf and added an entry for one of the users, like this:
local all derrick3 pam postgres
I have a file in /etc/pam.d/ called postgres and it looks like this:
auth required /lib/security/pam_ldap.so
account required /lib/security/pam_ldap.so
and here is my /etc/ldap.conf
##############
host windowsad.windowco.local
base cn=Users,dc=windowco,dc=local
uri ldap://192.168.4.70/
rootbinddn cn=scout,cn=Users,dc=windowco,dc=local
scope sub
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad
nss_base_passwd cn=Users,dc=windowco,dc=local
nss_base_shadow cn=Users,dc=windowco,dc=local
nss_base_group cn=Users,dc=windowco,dc=local
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute cn sAMAccountName
nss_map_attribute uniqueMember member
nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory msSFU30HomeDirectory
nss_map_attribute loginShell msSFU30LoginShell
nss_map_attribute gecos name
nss_map_objectclass posixGroup Group
nss_base_passwd cn=Users,dc=windowco,dc=local
nss_base_shadow cn=Users,dc=windowco,dc=local
nss_base_group cn=Users,dc=windowco,dc=local
##############
I have logged into the template1 database and added the user derrick3. I then tried to run this:
psql -U derrick3 -d template1
it prompts for a password and gives this error after I use the password I setup in Active Directory:
psql: FATAL: PAM authentication failed for user "derrick3"
if I look in postgresql.log I find this:
LOG: pam_authenticate failed: Conversation error
FATAL: PAM authentication failed for user "derrick3"
LOG: could not send data to client: Broken pipe
LOG: pam_authenticate failed: User not known to the underlying authentication module
FATAL: PAM authentication failed for user "derrick3"
I run Gentoo.
Can anyone help put me on the right track? Thanks.
local all derrick3 pam postgres
I have a file in /etc/pam.d/ called postgres and it looks like this:
auth required /lib/security/pam_ldap.so
account required /lib/security/pam_ldap.so
and here is my /etc/ldap.conf
##############
host windowsad.windowco.local
base cn=Users,dc=windowco,dc=local
uri ldap://192.168.4.70/
rootbinddn cn=scout,cn=Users,dc=windowco,dc=local
scope sub
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad
nss_base_passwd cn=Users,dc=windowco,dc=local
nss_base_shadow cn=Users,dc=windowco,dc=local
nss_base_group cn=Users,dc=windowco,dc=local
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute cn sAMAccountName
nss_map_attribute uniqueMember member
nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory msSFU30HomeDirectory
nss_map_attribute loginShell msSFU30LoginShell
nss_map_attribute gecos name
nss_map_objectclass posixGroup Group
nss_base_passwd cn=Users,dc=windowco,dc=local
nss_base_shadow cn=Users,dc=windowco,dc=local
nss_base_group cn=Users,dc=windowco,dc=local
##############
I have logged into the template1 database and added the user derrick3. I then tried to run this:
psql -U derrick3 -d template1
it prompts for a password and gives this error after I use the password I setup in Active Directory:
psql: FATAL: PAM authentication failed for user "derrick3"
if I look in postgresql.log I find this:
LOG: pam_authenticate failed: Conversation error
FATAL: PAM authentication failed for user "derrick3"
LOG: could not send data to client: Broken pipe
LOG: pam_authenticate failed: User not known to the underlying authentication module
FATAL: PAM authentication failed for user "derrick3"
I run Gentoo.
Can anyone help put me on the right track? Thanks.
В списке pgsql-general по дате отправления: