Hi list,
I am able to successfully authenticate a Windows server AD user with
PostgreSQL 9.2.3 version from linux clients but It doesn't work with
Windows client.
First I logon windows 7, using a Active Directory's user, then I tried
to login to postgresql 9.2.3 server with psql:
psql -h hostname -p 5444
psql: SSPI continuation error: The encryption type requested is not
supported by the KDC. (80090342)
postgresql.log :
-1 log: connection received: host = 172.XXX.XXX.XXX port = 61877
-1FATAL: GSSAPI authentication failed for 'userXX' user
userXX exists in our postgresql server and pg_hba.conf applied to
172.XXX.XXX.XXX subnet is:
host all all 172.0.0.0/8 gss
Our postgresql.conf use keytab:
krb_server_keyfile = 'postgres.keytab'
And I have generated keytab with this ktpass command:
ktpass -out postgres.keytab -princ
postgres/hostname@domain -mapUser postgres -pass
XXX -crypto DES-CBC-MD5
The postgres user, exists in the Active Directory and it has a spn
defined:
C:\Users\Administrator>setspn -S postgres/hostname
domain\postgres
Checking domain DC=domain
Registering ServicePrincipalNames for CN=postgres,CN=Users,DC=domain
postgres/hostname
Updated object
If I login from a linux client to linux server, there is no problem:
[root@hostnane datos]# su - userXX
[userXX@hostname ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_503
Default principal: userXX@domain
Valid starting Expires Service principal
12/11/13 08:42:04 12/11/13 18:42:09 krbtgt/domain@domain
renew until 12/18/13 08:42:04
12/11/13 08:42:43 12/11/13 18:42:09 postgres/hostname@domain
renew until 12/18/13 08:42:04
[userXX@u2vbddpg ~]$ psql -h 172.XX.XX.XX
psql (9.2.1.3)
Type "help" for help.
edb=>
Thanks
--
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
