Hi,
I've recently updated from PostgreSQL 9.6 to 14 and also ubuntu 16.04 to 22.04.
I've made all the installation required for postgresql to connect in GSSAPI authentication to a Windows domain.
Something is going wrong and I don't know why.
When I change the mapped user password from "postgres" to anything else, the connection stop to work
Log of postgres:
Unspecified GSS failure. Minor code may provide more information: Request ticket server postgres/ubuntu.ad.corp.com@AD.CORP.COM not found in keytab (ticket kvno 3)
Here is the ktpass command (Windows AD):
working:
ktpass -out postgres.keytab -princ postgres/UBUNTU.ad.corp.com@AD.CORP.COM -mapUser AD\pgsql_ubuntu -pass postgres -mapOp add -crypto AES256-SHA1 -ptype KRB5_NT_PRINCIPAL
not working:
ktpass -out postgres.keytab -princ postgres/UBUNTU.ad.corp.com@AD.CORP.COM -mapUser AD\pgsql_ubuntu -pass other_password -mapOp add -crypto AES256-SHA1 -ptype KRB5_NT_PRINCIPAL
I put the keytab on the postgres server, the keytab file is referenced in the postgresql.conf file.
Here is the full procedure:
- Create user in AD for postgresql mapping (pgsql_ubuntu), always valid, support AES256
- Create another user for connection testing
- run ktpass command
- put the keytab file on the pg server in /etc/postgresql, chown to postgres and chmod 600
- postgresql.conf krb_server_keyfile = '/etc/postgresql/postgres.keytab'
- pg_hba is configured to connect over gss
- ubuntu server (postgres) is added to domain with this command:
sudo realm join server.ad.corp.com -U Administrateur
I don't know why it works when the password is "postgres" and why I can't change it.
With best regards,
