|
»
« Return to Thread: how to postgres active directory pam_ldap
Re: how to postgres active directory pam_ldap
by dstensrud
::
Rate this Message:
Here is what I am currently getting from postgres, I think I'm beyond the bind problem now. The only error I'm getting is from postgresql and nothing is logging into the syslog when this happens. Error:
LOG: pam_authenticate failed: Conversation error
FATAL: PAM authentication failed for user "bkelly"
LOG: could not send data to client: Broken pipe
LOG: pam_authenticate failed: User not known to the underlying authentication module
FATAL: PAM authentication failed for user "bkelly"
LOG: pam_authenticate failed: Conversation error
FATAL: PAM authentication failed for user "bkelly"
LOG: could not send data to client: Broken pipe
LOG: pam_authenticate failed: User not known to the underlying authentication module
FATAL: PAM authentication failed for user "bkelly"
dstensrud wrote:Hello, I use gentoo linux and am desperately trying to get postgres to
authenticate using pam_ldap against windows 2003 active directory. As
far as I can tell then only thing I needed to change in postgres is in
/var/lib/postgresql/data/pg_hba.conf. I added a config to say: local
all derrick3 pam postgres On the active directory end I added users
and installed microsoft unix tools. here is my /etc/ldap.conf file
which I think pam_ldap uses.
/etc/ldap.conf
#####################
host woolyad.windowco.local
base cn=Users,dc=windowco,dc=local
uri ldap://192.168.4.70/
ldap_version 3
binddn cn=soosuser,dc=windowco,dc=local
bindpw s43jkr3
scope sub
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad
nss_base_passwd cn=Users,dc=windowco,dc=local
nss_base_shadow cn=Users,dc=windowco,dc=local
nss_base_group cn=Users,dc=windowco,dc=local
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute cn sAMAccountName
nss_map_attribute uniqueMember member
nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory msSFU30HomeDirectory
nss_map_attribute loginShell msSFU30LoginShell
nss_map_attribute gecos name
nss_map_objectclass posixGroup Group
####################
here is my /etc/nsswitch.conf
#######
passwd: files ldap
group: files ldap
# consult files/dns first, we will need it to resolve the LDAP host. (If we
# can't resolve it, we're in infinite recursion, because libldap calls
# gethostbyname(). Careful!)
hosts: files wins dns ldap
# LDAP is nominally authoritative for the following maps.
services: ldap [NOTFOUND=return] files
networks: ldap [NOTFOUND=return] files
protocols: ldap [NOTFOUND=return] files
rpc: ldap [NOTFOUND=return] files
ethers: ldap [NOTFOUND=return] files
# no support for netmasks, bootparams, publickey yet.
netmasks: files
bootparams: files
publickey: files
automount: files
# I'm pretty sure nsswitch.conf is consulted directly by sendmail,
# here, so we can't do much here. Instead, use bbense's LDAP
# rules ofr sendmail.
aliases: files
sendmailvars: files
# Note: there is no support for netgroups on Solaris (yet)
netgroup: ldap [NOTFOUND=return] files
########
I can run this ldapsearch command and it returns a specified users info
correctly
#> ldapsearch -x -D "cn=soosuser,cn=Users,dc=windowco,dc=local" -W
"sAMAccountName=derrick3"
BUT, when I try to run this:
#> psql -U derrick3 -d testdb
I get a password prompt and then pam auth error:
#> psql: FATAL: PAM authentication failed for user "bkelly"
#> tail /var/log/syslog
Dec 18 22:55:33 localhost derrick3 testdb [local] authentication:
pam_ldap: error trying to bind (Invalid credentials)
Anyone have any ideas... I'm clueless and in need of help quick! Thanks
in advance.
« Return to Thread: how to postgres active directory pam_ldap
| Free embeddable forum powered by Nabble | Forum Help |
