Hi, I installed mariadb using the stock debian packages, configured pam authentication, and configured a mysql pam module like this:
/etc/pam.d/mysql auth required pam_winbind.so account required pam_winbind.so
As I also added the server to my AD domain, this basically gives my samba winbind users access to mysql using their windows credentials:
root@mysqlserver:~# mysql -udomain_username -p Enter password: <windows_domain_password> Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 6 Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
So I was happy. Initially. :-) Until I found out this works only from the localhost mariadb is running on. Trying this from a remote mysql client gives:
user@e7470 ~ $ mysql -udomain_user -p -h mysqlserver.full.address Enter password: ERROR 2059 (HY000): Authentication plugin 'dialog' cannot be loaded: /usr/lib/mysql/plugin/dialog.so: cannot open shared object file: No such file or directory
and searching on that remote server for /usr/lib/mysql/plugin/dialog.so gives no results:
user@e7470 ~ $ dpkg --search /usr/lib/mysql/plugin/dialog.so dpkg-query: no path found matching pattern /usr/lib/mysql/plugin/dialog.so
Anyone here with a good suggestion how to make this work from a 'regular' remote mysql client? But more fundamentally: is it possible to have mariadb ldap auth on a server, *without* requiring anything special on the client side? MJ