Michael, can you share, please, which operating system and builds (upstream packages or those from the distribution) do you use?
Thanks, Honza On Mon, Aug 2, 2021 at 5:35 PM Michael Barkdoll <mabarkd...@gmail.com> wrote: > Hi, I'm having issues getting the pam plugin to work with Rocky Linux 8 > (RHEL 8) with AppStream MariaDB 10.5. I've installed mariadb appstream for > 10.5 and mariadb-pam packages. > > Added the following to /etc/my.cnf.d: > [mariadb] > plugin_load_add = auth_pam > > My sssd is joined to Active Directory. I've created /etc/pam.d/mariadb > trying both local pam_unix and pam_sss configurations: > # /etc/pam.d/mariadb for local accounts > auth required pam_unix.so audit > account required pam_unix.so audit > > # /etc/pam.d/mariadb for sssd active directory accounts > auth required pam_sss.so > account required pam_sss.so > > Tried creating local accounts with: > #CREATE USER 'user'@'%' IDENTIFIED VIA pam USING 'mariadb'; > #GRANT SELECT ON db.* TO 'user'@'%' IDENTIFIED VIA pam; > #CREATE USER 'user2'@'%' IDENTIFIED VIA pam; > #GRANT SELECT ON db.* TO 'user2'@'%' IDENTIFIED VIA pam; > > I've also tried creating AD accounts: > #CREATE USER 'aduser'@'%' IDENTIFIED VIA pam USING 'mariadb'; > #GRANT SELECT ON db.* TO 'aduser'@'%' IDENTIFIED VIA pam; > #CREATE USER 'adu...@college.edu'@'%' IDENTIFIED VIA pam USING 'mariadb'; > #GRANT SELECT ON db.* TO 'adu...@college.edu'@'%' IDENTIFIED VIA pam; > > I see Redhat has issues with MariaDB 10.3 working with pam plugin but it > sounded like 10.5 should work? > https://bugzilla.redhat.com/show_bug.cgi?id=1942330 > > I feel like I'm missing something in my /etc/sssd/sssd.conf file or some > pam configuration steps. > > I'm using authselect with sssd: > authselect select custom/user-profile with-mkhomedir with-sudo > with-pamaccess > > All attempts to `mysql -u user -p` fail. > > MariaDB [(none)]> show plugins; > | pam | ACTIVE | AUTHENTICATION | > auth_pam.so | GPL | > > I tried adding a [pam] section to sssd. > > [pam] > pam_public_domains = all > pam_verbosity = 3 > > Didn't seem to help. I used realmd to join AD. Any help is much > appreciated. > > mysql -u user -p > Enter password: > ERROR 1045 (28000): Access denied for user 'user'@'localhost' (using > password: NO) > > _______________________________________________ > Mailing list: https://launchpad.net/~maria-discuss > Post to : maria-discuss@lists.launchpad.net > Unsubscribe : https://launchpad.net/~maria-discuss > More help : https://help.launchpad.net/ListHelp >
_______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
