Re: kerberos authentication error with Windows 2003 SP1 AD
This is a discussion on Re: kerberos authentication error with Windows 2003 SP1 AD within the Pgsql General forums, part of the PostgreSQL category; --> Hi! Wherever your pg_ctl command sets the logfiles, or syslog if you use syslog etc. (Note that you still ...
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-09-2008, 12:26 PM
| ||||
| ||||
 Re: kerberos authentication error with Windows 2003 SP1 AD Hi! Wherever your pg_ctl command sets the logfiles, or syslog if you use syslog etc. (Note that you still need to define the user in PostgreSQL as well, but that shoudl give a different error message) //Magnus > -----Original Message----- > From: koppelp@mir.wustl.edu [mailto:koppelp@mir.wustl.edu] > Sent: den 17 november 2006 23:18 > To: Magnus Hagander > Subject: RE: [GENERAL] kerberos authentication error with > Windows 2003 SP1 AD > > HI Magnus- > > Thanks for your reply. Which error log in postgres should I > look at? Do I need to configure postgres to add more detailed > logging? Thanks again for your help. > > Please include my email address in your reply. > > -- pk > > Inactive hide details for "Magnus Hagander" > <mha@sollentuna.net>"Magnus Hagander" <mha@sollentuna.net> > > > > > "Magnus Hagander" <mha@sollentuna.net> > > 11/14/2006 10:22 AM > > > > To > > <koppelp@mir.wustl.edu>, <pgsql-general@postgresql.org> > > > cc > > > > > Subject > > RE: [GENERAL] kerberos authentication error with Windows 2003 SP1 AD > > > > My operating system is Red Hat Linux AS 4, Kerberos 5, with > > postgresql-7.4.14 that I compiled. I can authenticate using > ssh, su, > > console login, and also have gotten apache mod_auth_kerb to > work with > > AD - but I am missing something with postgresql. When I try: > > > > [pkoppe01@ipswich ~]$ /usr/local/pgsql/bin/psql -d test -h ipswich > > psql: Kerberos 5 authentication failed > > > > For the configure step, I did (needed the include statement > to prevent > > an error about comm_err.h): > > > > [koppel@ipswich postgresql-7.4.14]$ ./configure --with-java > > --with-krb5 --with-includes=/usr/include/et > > > > The make proceeded normally. > > > > My pg_hba.conf looks like this (with pkoppe01 defined in Active > > Directory but not defined in postgres using "createuser") > > > > local all all trust > > host test pkoppe01 192.168.1.0 255.255.255.0 krb5 > > > > Also have "tcpip_socket = true" and the postgres keytab > referenced in > > postgresql.conf and the keytab file itself owned by postgres. > > > > When I try the psql command above (as pkoppe01) I do get > the service > > ticket for postgres: > > > > [pkoppe01@ipswich ~]$ klist > > Ticket cache: FILE:/tmp/krb5cc_501_LCzZ1P Default principal: > > pkoppe01@PRIVATE.LAN > > > > Valid starting Expires Service principal > > 11/13/06 11:17:25 11/13/06 21:17:28 > > krbtgt/PRIVATE.LAN@PRIVATE.LAN renew until 11/14/06 11:17:25 > > 11/13/06 11:19:02 11/13/06 21:17:28 > > postgres/ipswich.private.lan@PRIVATE.LAN > > renew until 11/14/06 11:17:25 > > > > Any ideas would be greatly appreciated. Thanks in advance. > > Please feel free to email me directly as I just joined the list and > > don't know my way around yet. > > The server log from postgresql should give some more information. > > //Magnus > > > ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster      |
|
04-09-2008, 12:29 PM
| ||||
| ||||
| Re: kerberos authentication error with Windows 2003 SP1 AD I am able to use kerberos authentication with Windows 20003 SP1 Active Directory. I couldn't get Postgres 7.414 to work, but as soon as I upgraded to 8.15, added my username to postgres (also set in Active Directory), used POSTGRES as the service principal, I could login using psql successfully. Thanks for all who helped. Paul Koppel "Magnus Hagander" <mha@sollentuna.n et> To <koppelp@mir.wustl.edu> 11/20/2006 04:16 cc AM <pgsql-general@postgresql.org> Subject RE: [GENERAL] kerberos authentication error with Windows 2003 SP1 AD Hi! Wherever your pg_ctl command sets the logfiles, or syslog if you use syslog etc. (Note that you still need to define the user in PostgreSQL as well, but that shoudl give a different error message) //Magnus > -----Original Message----- > From: koppelp@mir.wustl.edu [mailto:koppelp@mir.wustl.edu] > Sent: den 17 november 2006 23:18 > To: Magnus Hagander > Subject: RE: [GENERAL] kerberos authentication error with > Windows 2003 SP1 AD > > HI Magnus- > > Thanks for your reply. Which error log in postgres should I > look at? Do I need to configure postgres to add more detailed > logging? Thanks again for your help. > > Please include my email address in your reply. > > -- pk > > Inactive hide details for "Magnus Hagander" > <mha@sollentuna.net>"Magnus Hagander" <mha@sollentuna.net> > > > > > "Magnus Hagander" <mha@sollentuna.net> > > 11/14/2006 10:22 AM > > > > To > > <koppelp@mir.wustl.edu>, <pgsql-general@postgresql.org> > > > cc > > > > > Subject > > RE: [GENERAL] kerberos authentication error with Windows 2003 SP1 AD > > > > My operating system is Red Hat Linux AS 4, Kerberos 5, with > > postgresql-7.4.14 that I compiled. I can authenticate using > ssh, su, > > console login, and also have gotten apache mod_auth_kerb to > work with > > AD - but I am missing something with postgresql. When I try: > > > > [pkoppe01@ipswich ~]$ /usr/local/pgsql/bin/psql -d test -h ipswich > > psql: Kerberos 5 authentication failed > > > > For the configure step, I did (needed the include statement > to prevent > > an error about comm_err.h): > > > > [koppel@ipswich postgresql-7.4.14]$ ./configure --with-java > > --with-krb5 --with-includes=/usr/include/et > > > > The make proceeded normally. > > > > My pg_hba.conf looks like this (with pkoppe01 defined in Active > > Directory but not defined in postgres using "createuser") > > > > local all all trust > > host test pkoppe01 192.168.1.0 255.255.255.0 krb5 > > > > Also have "tcpip_socket = true" and the postgres keytab > referenced in > > postgresql.conf and the keytab file itself owned by postgres. > > > > When I try the psql command above (as pkoppe01) I do get > the service > > ticket for postgres: > > > > [pkoppe01@ipswich ~]$ klist > > Ticket cache: FILE:/tmp/krb5cc_501_LCzZ1P Default principal: > > pkoppe01@PRIVATE.LAN > > > > Valid starting Expires Service principal > > 11/13/06 11:17:25 11/13/06 21:17:28 > > krbtgt/PRIVATE.LAN@PRIVATE.LAN renew until 11/14/06 11:17:25 > > 11/13/06 11:19:02 11/13/06 21:17:28 > > postgres/ipswich.private.lan@PRIVATE.LAN > > renew until 11/14/06 11:17:25 > > > > Any ideas would be greatly appreciated. Thanks in advance. > > Please feel free to email me directly as I just joined the list and > > don't know my way around yet. > > The server log from postgresql should give some more information. > > //Magnus > > > |
Linear Mode
