Sorry, I wasn't replying to the listserv initially. Complete list of packages available here: https://pastebin.com/raw/Ux8sac73
Operating System is Rocky linux 8.4 should be 100% binary compatible with Redhat 8.4. I used mariadb AppStream 10.5 for the install with maria-pam 10.5.9 as well. I will confirm the same on Redhat 8.4. Update: I was able to get local users working by renaming the /etc/pam.d/mariadb to /etc/pam/d/mysql contents: auth required pam_unix.so audit account required pam_unix.so audit However, I still can't get AD user accounts to work even with the pam_sss.so -- I was able to confirm pam is working changing /etc/pam.d/mysql to: auth required pam_permit.so audit account required pam_permit.so audit But, then no authentication is taking place. I think the issue must be with sssd's pam_sss.so. I tried increasing the verbosity of the sssd logs. https://pastebin.com/raw/FsJv4DYR https://pastebin.com/raw/2TKhYygT Not sure if there is anything useful in there. On Mon, Aug 2, 2021 at 12:31 PM Honza Horak <[email protected]> wrote: > Michael, can you share, please, which operating system and builds > (upstream packages or those from the distribution) do you use? > > Thanks, > Honza > > On Mon, Aug 2, 2021 at 5:35 PM Michael Barkdoll <[email protected]> > wrote: > >> Hi, I'm having issues getting the pam plugin to work with Rocky Linux 8 >> (RHEL 8) with AppStream MariaDB 10.5. I've installed mariadb appstream for >> 10.5 and mariadb-pam packages. >> >> Added the following to /etc/my.cnf.d: >> [mariadb] >> plugin_load_add = auth_pam >> >> My sssd is joined to Active Directory. I've created /etc/pam.d/mariadb >> trying both local pam_unix and pam_sss configurations: >> # /etc/pam.d/mariadb for local accounts >> auth required pam_unix.so audit >> account required pam_unix.so audit >> >> # /etc/pam.d/mariadb for sssd active directory accounts >> auth required pam_sss.so >> account required pam_sss.so >> >> Tried creating local accounts with: >> #CREATE USER 'user'@'%' IDENTIFIED VIA pam USING 'mariadb'; >> #GRANT SELECT ON db.* TO 'user'@'%' IDENTIFIED VIA pam; >> #CREATE USER 'user2'@'%' IDENTIFIED VIA pam; >> #GRANT SELECT ON db.* TO 'user2'@'%' IDENTIFIED VIA pam; >> >> I've also tried creating AD accounts: >> #CREATE USER 'aduser'@'%' IDENTIFIED VIA pam USING 'mariadb'; >> #GRANT SELECT ON db.* TO 'aduser'@'%' IDENTIFIED VIA pam; >> #CREATE USER '[email protected]'@'%' IDENTIFIED VIA pam USING 'mariadb'; >> #GRANT SELECT ON db.* TO '[email protected]'@'%' IDENTIFIED VIA pam; >> >> I see Redhat has issues with MariaDB 10.3 working with pam plugin but it >> sounded like 10.5 should work? >> https://bugzilla.redhat.com/show_bug.cgi?id=1942330 >> >> I feel like I'm missing something in my /etc/sssd/sssd.conf file or some >> pam configuration steps. >> >> I'm using authselect with sssd: >> authselect select custom/user-profile with-mkhomedir with-sudo >> with-pamaccess >> >> All attempts to `mysql -u user -p` fail. >> >> MariaDB [(none)]> show plugins; >> | pam | ACTIVE | AUTHENTICATION | >> auth_pam.so | GPL | >> >> I tried adding a [pam] section to sssd. >> >> [pam] >> pam_public_domains = all >> pam_verbosity = 3 >> >> Didn't seem to help. I used realmd to join AD. Any help is much >> appreciated. >> >> mysql -u user -p >> Enter password: >> ERROR 1045 (28000): Access denied for user 'user'@'localhost' (using >> password: NO) >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~maria-discuss >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~maria-discuss >> More help : https://help.launchpad.net/ListHelp >> >
_______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
