pam ldap postgres troubles cannot get postgres to auth via ldap

Поиск
Список
Период
Сортировка
От Derrick Stensrud
Тема pam ldap postgres troubles cannot get postgres to auth via ldap
Дата
Msg-id 4586B702.7080600@worleyco.com
обсуждение исходный текст
Список pgsql-general
Дерево обсуждения
I've been beating my head it trying to understand what is going on here.  I'm trying to setup postgresql to authenticate using pam_ldap against a windows 2003 Active Directory server.  I have setup accounts on the Active directory and tested the authentication against it using services like local machine login and ssh logins and it authenticates properly.  I can do a ldapsearch without any problem.  I edited the pg_hba.conf and added an entry for one of the users, like this:

local   all             derrick3                        pam postgres

I have a file in /etc/pam.d/ called postgres and it looks like this:

auth    required        /lib/security/pam_ldap.so
account required        /lib/security/pam_ldap.so

and here is my /etc/ldap.conf
##############
host windowsad.windowco.local

base cn=Users,dc=windowco,dc=local

uri ldap://192.168.4.70/
rootbinddn cn=scout,cn=Users,dc=windowco,dc=local

scope sub

pam_login_attribute     sAMAccountName
pam_filter              objectclass=User
pam_password            ad
nss_base_passwd         cn=Users,dc=windowco,dc=local
nss_base_shadow         cn=Users,dc=windowco,dc=local
nss_base_group          cn=Users,dc=windowco,dc=local
nss_map_objectclass     posixAccount    User
nss_map_objectclass     shadowAccount   User
nss_map_attribute       uid             sAMAccountName
nss_map_attribute       uidNumber       msSFU30UidNumber
nss_map_attribute       gidNumber       msSFU30GidNumber
nss_map_attribute       cn              sAMAccountName
nss_map_attribute       uniqueMember    member
nss_map_attribute       userPassword    msSFU30Password
nss_map_attribute       homeDirectory   msSFU30HomeDirectory
nss_map_attribute       loginShell      msSFU30LoginShell
nss_map_attribute       gecos           name
nss_map_objectclass     posixGroup      Group
nss_base_passwd         cn=Users,dc=windowco,dc=local
nss_base_shadow         cn=Users,dc=windowco,dc=local
nss_base_group          cn=Users,dc=windowco,dc=local
##############


I have logged into the template1 database and added the user derrick3.  I then tried to run this:

psql -U derrick3 -d template1

it prompts for a password and gives this error after I use the password I setup in Active Directory:

psql: FATAL:  PAM authentication failed for user "derrick3"

if I look in postgresql.log I find this:

LOG:  pam_authenticate failed: Conversation error
FATAL:  PAM authentication failed for user "derrick3"
LOG:  could not send data to client: Broken pipe
LOG:  pam_authenticate failed: User not known to the underlying authentication module
FATAL:  PAM authentication failed for user "derrick3"

I run Gentoo.
Can anyone help put me on the right track?  Thanks.

В списке pgsql-general по дате отправления:

Предыдущее
От: "Marco Bizzarri"
Дата:
Сообщение: Re: permission in the db or in the application?
Следующее
От: Tom Lane
Дата:
Сообщение: Re: How non-superuser can restore database containing procedures