maria-discuss team mailing list archive

[mourik jan c heupink <heupink@xxxxxxxxxxxxx>]

Hi,

I installed mariadb using the stock debian packages, configured pam 
authentication, and configured a mysql pam module like this:

> /etc/pam.d/mysql
> auth      required       pam_winbind.so
> account   required       pam_winbind.so

As I also added the server to my AD domain, this basically gives my 
samba winbind users access to mysql using their windows credentials:

> root@mysqlserver:~# mysql -udomain_username -p
> Enter password: <windows_domain_password>
> Welcome to the MariaDB monitor.  Commands end with ; or \g.
> Your MariaDB connection id is 6
> Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1
>
> Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
>
> Type 'help;' or '\h' for help. Type '\c' to clear the current input 
statement.
>
> MariaDB [(none)]>

So I was happy.

Initially. :-)

Until I found out this works only from the localhost mariadb is running 
on. Trying this from a remote mysql client gives:

> user@e7470 ~ $ mysql -udomain_user -p -h mysqlserver.full.address
> Enter password: ERROR 2059 (HY000): Authentication plugin 'dialog' 
cannot be loaded: /usr/lib/mysql/plugin/dialog.so: cannot open shared 
object file: No such file or directory

and searching on that remote server for /usr/lib/mysql/plugin/dialog.so 
gives no results:

> user@e7470 ~ $ dpkg --search /usr/lib/mysql/plugin/dialog.so
> dpkg-query: no path found matching pattern 
/usr/lib/mysql/plugin/dialog.so

Anyone here with a good suggestion how to make this work from a 
'regular' remote mysql client?

But more fundamentally: is it possible to have mariadb ldap auth on a 
server, *without* requiring anything special on the client side?

MJ