Thread: pam ldap postgres troubles cannot get postgres to auth via ldap
I've been beating my head it trying to understand what is going on here. I'm trying to setup postgresql to authenticate using pam_ldap against a windows 2003 Active Directory server. I have setup accounts on the Active directory and tested the authentication against it using services like local machine login and ssh logins and it authenticates properly. I can do a ldapsearch without any problem. I edited the pg_hba.conf and added an entry for one of the users, like this:
local all derrick3 pam postgres
I have a file in /etc/pam.d/ called postgres and it looks like this:
auth required /lib/security/pam_ldap.so
account required /lib/security/pam_ldap.so
and here is my /etc/ldap.conf
##############
host windowsad.windowco.local
base cn=Users,dc=windowco,dc=local
uri ldap://192.168.4.70/
rootbinddn cn=scout,cn=Users,dc=windowco,dc=local
scope sub
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad
nss_base_passwd cn=Users,dc=windowco,dc=local
nss_base_shadow cn=Users,dc=windowco,dc=local
nss_base_group cn=Users,dc=windowco,dc=local
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute cn sAMAccountName
nss_map_attribute uniqueMember member
nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory msSFU30HomeDirectory
nss_map_attribute loginShell msSFU30LoginShell
nss_map_attribute gecos name
nss_map_objectclass posixGroup Group
nss_base_passwd cn=Users,dc=windowco,dc=local
nss_base_shadow cn=Users,dc=windowco,dc=local
nss_base_group cn=Users,dc=windowco,dc=local
##############
I have logged into the template1 database and added the user derrick3. I then tried to run this:
psql -U derrick3 -d template1
it prompts for a password and gives this error after I use the password I setup in Active Directory:
psql: FATAL: PAM authentication failed for user "derrick3"
if I look in postgresql.log I find this:
LOG: pam_authenticate failed: Conversation error
FATAL: PAM authentication failed for user "derrick3"
LOG: could not send data to client: Broken pipe
LOG: pam_authenticate failed: User not known to the underlying authentication module
FATAL: PAM authentication failed for user "derrick3"
I run Gentoo.
Can anyone help put me on the right track? Thanks.
local all derrick3 pam postgres
I have a file in /etc/pam.d/ called postgres and it looks like this:
auth required /lib/security/pam_ldap.so
account required /lib/security/pam_ldap.so
and here is my /etc/ldap.conf
##############
host windowsad.windowco.local
base cn=Users,dc=windowco,dc=local
uri ldap://192.168.4.70/
rootbinddn cn=scout,cn=Users,dc=windowco,dc=local
scope sub
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad
nss_base_passwd cn=Users,dc=windowco,dc=local
nss_base_shadow cn=Users,dc=windowco,dc=local
nss_base_group cn=Users,dc=windowco,dc=local
nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute cn sAMAccountName
nss_map_attribute uniqueMember member
nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory msSFU30HomeDirectory
nss_map_attribute loginShell msSFU30LoginShell
nss_map_attribute gecos name
nss_map_objectclass posixGroup Group
nss_base_passwd cn=Users,dc=windowco,dc=local
nss_base_shadow cn=Users,dc=windowco,dc=local
nss_base_group cn=Users,dc=windowco,dc=local
##############
I have logged into the template1 database and added the user derrick3. I then tried to run this:
psql -U derrick3 -d template1
it prompts for a password and gives this error after I use the password I setup in Active Directory:
psql: FATAL: PAM authentication failed for user "derrick3"
if I look in postgresql.log I find this:
LOG: pam_authenticate failed: Conversation error
FATAL: PAM authentication failed for user "derrick3"
LOG: could not send data to client: Broken pipe
LOG: pam_authenticate failed: User not known to the underlying authentication module
FATAL: PAM authentication failed for user "derrick3"
I run Gentoo.
Can anyone help put me on the right track? Thanks.