Search Postgresql Archives

pam ldap postgres troubles cannot get postgres to auth via ldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I've been beating my head it trying to understand what is going on here.  I'm trying to setup postgresql to authenticate using pam_ldap against a windows 2003 Active Directory server.  I have setup accounts on the Active directory and tested the authentication against it using services like local machine login and ssh logins and it authenticates properly.  I can do a ldapsearch without any problem.  I edited the pg_hba.conf and added an entry for one of the users, like this:

local   all             derrick3                        pam postgres

I have a file in /etc/pam.d/ called postgres and it looks like this:

auth    required        /lib/security/pam_ldap.so
account required        /lib/security/pam_ldap.so

and here is my /etc/ldap.conf
##############
host windowsad.windowco.local

base cn=Users,dc=windowco,dc=local

uri ldap://192.168.4.70/
rootbinddn cn=scout,cn=Users,dc=windowco,dc=local

scope sub

pam_login_attribute     sAMAccountName
pam_filter              objectclass=User
pam_password            ad
nss_base_passwd         cn=Users,dc=windowco,dc=local
nss_base_shadow         cn=Users,dc=windowco,dc=local
nss_base_group          cn=Users,dc=windowco,dc=local
nss_map_objectclass     posixAccount    User
nss_map_objectclass     shadowAccount   User
nss_map_attribute       uid             sAMAccountName
nss_map_attribute       uidNumber       msSFU30UidNumber
nss_map_attribute       gidNumber       msSFU30GidNumber
nss_map_attribute       cn              sAMAccountName
nss_map_attribute       uniqueMember    member
nss_map_attribute       userPassword    msSFU30Password
nss_map_attribute       homeDirectory   msSFU30HomeDirectory
nss_map_attribute       loginShell      msSFU30LoginShell
nss_map_attribute       gecos           name
nss_map_objectclass     posixGroup      Group
nss_base_passwd         cn=Users,dc=windowco,dc=local
nss_base_shadow         cn=Users,dc=windowco,dc=local
nss_base_group          cn=Users,dc=windowco,dc=local
##############


I have logged into the template1 database and added the user derrick3.  I then tried to run this:

psql -U derrick3 -d template1

it prompts for a password and gives this error after I use the password I setup in Active Directory:

psql: FATAL:  PAM authentication failed for user "derrick3"

if I look in postgresql.log I find this:

LOG:  pam_authenticate failed: Conversation error
FATAL:  PAM authentication failed for user "derrick3"
LOG:  could not send data to client: Broken pipe
LOG:  pam_authenticate failed: User not known to the underlying authentication module
FATAL:  PAM authentication failed for user "derrick3"

I run Gentoo.
Can anyone help put me on the right track?  Thanks.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux