PostgreSQL with Kerberos and Active Directory
Hi everyone,
I'm trying to configure PostgreSQL version 8.2.4 with Kerberos and Active
Directory.
The AD is run on a windows 2003 server, and the postgre on gentoo.
The gentoo computer name is postgre and it's added to the windows 2003
server AD domain.
I did the following:
- I compiled postgre with kerberos support and installed it on the gentoo
machine.
- I created a keytab for the user postgres/postgre on the windows 2003
server machine and copied it to the gentoo machine.
- I configured the postgresql.conf to point to the keytab.
- I configured pg_hba.conf to authenticate remote users by kerberos.
- I followed additional configurations from the howto in the mailing list
archives.
Now, when trying to log in with an AD user to postgre I get:
psq: krb5_sendauth: Bad application version was sent (via sendauth)
Any help will be appreciated.
Thanks,
Idan.
On Thu, Aug 30, 2007 at 02:07:13PM +0300, Idan Miller wrote:
Hi everyone,
I'm trying to configure PostgreSQL version 8.2.4 with Kerberos and Active
Directory.
The AD is run on a windows 2003 server, and the postgre on gentoo.
The gentoo computer name is postgre and it's added to the windows 2003
server AD domain.I did the following:
- I compiled postgre with kerberos support and installed it on the gentoo
machine.
- I created a keytab for the user postgres/postgre on the windows 2003
server machine and copied it to the gentoo machine.
- I configured the postgresql.conf to point to the keytab.
- I configured pg_hba.conf to authenticate remote users by kerberos.
- I followed additional configurations from the howto in the mailing list
archives.Now, when trying to log in with an AD user to postgre I get:
psq: krb5_sendauth: Bad application version was sent (via sendauth)Any help will be appreciated.
Are you sure you have postgresql 8.2 on both ends of the connection? Are
yuor clients on windos or unix?
//Magnus
We tried to connect from a different gentoo machine.
both client and server are running version 8.2.4 of postgresql.
right now, we are trying to connect from gentoo, but we want to connect from
windows as well
Idan
Show quoted text
On 8/30/07, Magnus Hagander <magnus@hagander.net> wrote:
On Thu, Aug 30, 2007 at 02:07:13PM +0300, Idan Miller wrote:
Hi everyone,
I'm trying to configure PostgreSQL version 8.2.4 with Kerberos and
Active
Directory.
The AD is run on a windows 2003 server, and the postgre on gentoo.
The gentoo computer name is postgre and it's added to the windows 2003
server AD domain.I did the following:
- I compiled postgre with kerberos support and installed it on thegentoo
machine.
- I created a keytab for the user postgres/postgre on the windows 2003
server machine and copied it to the gentoo machine.
- I configured the postgresql.conf to point to the keytab.
- I configured pg_hba.conf to authenticate remote users by kerberos.
- I followed additional configurations from the howto in the mailinglist
archives.
Now, when trying to log in with an AD user to postgre I get:
psq: krb5_sendauth: Bad application version was sent (via sendauth)Any help will be appreciated.
Are you sure you have postgresql 8.2 on both ends of the connection? Are
yuor clients on windos or unix?//Magnus
Ok. I'd try locally from the machine first, so you know the krb
configurations are absolutely identical all the way. Just change your
pg_hba so it uses krb5 (and don't forget to use -h - krb5 only works over
TCP/IP sockets)
THat said, I think your problem is in that you use "postgres" as your SPN.
It has to be uppercase POSTGRES to work with Active Directory.
//Magnus
Show quoted text
On Thu, Aug 30, 2007 at 03:34:18PM +0300, Idan Miller wrote:
We tried to connect from a different gentoo machine.
both client and server are running version 8.2.4 of postgresql.
right now, we are trying to connect from gentoo, but we want to connect from
windows as wellIdan
On 8/30/07, Magnus Hagander <magnus@hagander.net> wrote:
On Thu, Aug 30, 2007 at 02:07:13PM +0300, Idan Miller wrote:
Hi everyone,
I'm trying to configure PostgreSQL version 8.2.4 with Kerberos and
Active
Directory.
The AD is run on a windows 2003 server, and the postgre on gentoo.
The gentoo computer name is postgre and it's added to the windows 2003
server AD domain.I did the following:
- I compiled postgre with kerberos support and installed it on thegentoo
machine.
- I created a keytab for the user postgres/postgre on the windows 2003
server machine and copied it to the gentoo machine.
- I configured the postgresql.conf to point to the keytab.
- I configured pg_hba.conf to authenticate remote users by kerberos.
- I followed additional configurations from the howto in the mailinglist
archives.
Now, when trying to log in with an AD user to postgre I get:
psq: krb5_sendauth: Bad application version was sent (via sendauth)Any help will be appreciated.
Are you sure you have postgresql 8.2 on both ends of the connection? Are
yuor clients on windos or unix?//Magnus
Hi Magnus,
I tried changing the SPN to uppercase POSTGRES, but still the same error
occurs.
Any other ideas? (this didn't work both locally and remotely).
Idan.
Show quoted text
On 8/31/07, Magnus Hagander <magnus@hagander.net> wrote:
Ok. I'd try locally from the machine first, so you know the krb
configurations are absolutely identical all the way. Just change your
pg_hba so it uses krb5 (and don't forget to use -h - krb5 only works over
TCP/IP sockets)THat said, I think your problem is in that you use "postgres" as your SPN.
It has to be uppercase POSTGRES to work with Active Directory.//Magnus
On Thu, Aug 30, 2007 at 03:34:18PM +0300, Idan Miller wrote:
We tried to connect from a different gentoo machine.
both client and server are running version 8.2.4 of postgresql.
right now, we are trying to connect from gentoo, but we want to connectfrom
windows as well
Idan
On 8/30/07, Magnus Hagander <magnus@hagander.net> wrote:
On Thu, Aug 30, 2007 at 02:07:13PM +0300, Idan Miller wrote:
Hi everyone,
I'm trying to configure PostgreSQL version 8.2.4 with Kerberos and
Active
Directory.
The AD is run on a windows 2003 server, and the postgre on gentoo.
The gentoo computer name is postgre and it's added to the windows2003
server AD domain.
I did the following:
- I compiled postgre with kerberos support and installed it on thegentoo
machine.
- I created a keytab for the user postgres/postgre on the windows2003
server machine and copied it to the gentoo machine.
- I configured the postgresql.conf to point to the keytab.
- I configured pg_hba.conf to authenticate remote users by kerberos.
- I followed additional configurations from the howto in the mailinglist
archives.
Now, when trying to log in with an AD user to postgre I get:
psq: krb5_sendauth: Bad application version was sent (via sendauth)Any help will be appreciated.
Are you sure you have postgresql 8.2 on both ends of the connection?
Are
yuor clients on windos or unix?
//Magnus
Not really - it's always worked that way for me :-(
Have you managed to make any other kerberised applications work on this
machine? There are sample programs in the kerberos package - try those to
see if the problem is in postgresql or int he kerberos libs/setup.
//Magnus
Show quoted text
On Sun, Sep 02, 2007 at 12:05:54PM +0300, Idan Miller wrote:
Hi Magnus,
I tried changing the SPN to uppercase POSTGRES, but still the same error
occurs.
Any other ideas? (this didn't work both locally and remotely).Idan.
On 8/31/07, Magnus Hagander <magnus@hagander.net> wrote:
Ok. I'd try locally from the machine first, so you know the krb
configurations are absolutely identical all the way. Just change your
pg_hba so it uses krb5 (and don't forget to use -h - krb5 only works over
TCP/IP sockets)THat said, I think your problem is in that you use "postgres" as your SPN.
It has to be uppercase POSTGRES to work with Active Directory.//Magnus
On Thu, Aug 30, 2007 at 03:34:18PM +0300, Idan Miller wrote:
We tried to connect from a different gentoo machine.
both client and server are running version 8.2.4 of postgresql.
right now, we are trying to connect from gentoo, but we want to connectfrom
windows as well
Idan
On 8/30/07, Magnus Hagander <magnus@hagander.net> wrote:
On Thu, Aug 30, 2007 at 02:07:13PM +0300, Idan Miller wrote:
Hi everyone,
I'm trying to configure PostgreSQL version 8.2.4 with Kerberos and
Active
Directory.
The AD is run on a windows 2003 server, and the postgre on gentoo.
The gentoo computer name is postgre and it's added to the windows2003
server AD domain.
I did the following:
- I compiled postgre with kerberos support and installed it on thegentoo
machine.
- I created a keytab for the user postgres/postgre on the windows2003
server machine and copied it to the gentoo machine.
- I configured the postgresql.conf to point to the keytab.
- I configured pg_hba.conf to authenticate remote users by kerberos.
- I followed additional configurations from the howto in the mailinglist
archives.
Now, when trying to log in with an AD user to postgre I get:
psq: krb5_sendauth: Bad application version was sent (via sendauth)Any help will be appreciated.
Are you sure you have postgresql 8.2 on both ends of the connection?
Are
yuor clients on windos or unix?
//Magnus