Would you like to learn how to configure the MariaDB service Kerberos authentication on Active Directory? In this tutorial, we are going to show you how to authenticate MariaDB users using the Active Directory from Microsoft Windows and the Kerberos protocol.

• Ubuntu 20
• Ubuntu 19
• Ubuntu 18
• MariaDB 10.3
• Windows 2012 R2

In our example, the domain controller IP address is 192.168.15.10.

In our example, the MariaDB server IP address is 192.168.15.11.

Tutorial Windows – Domain Account Creation

• IP – 192.168.15.10
• Operacional System – WINDOWS 2012 R2
• Hostname – TECH-DC01

We need to create at least 1 account on the Active Directory database.

The ADMIN account will be used to login on the MariaDB server.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new account inside the Users container.

Zabbix active directory account

Create a new account named: admin

Password configured to the ADMIN user: kamisama123..

This account will be used to authenticate on the MariaDB interface.

active directory admin account
zabbix active directory admin properties

Congratulations, you have created the required Active Directory account.

Tutorial MariaDB – Kerberos authentication on the Active Directory

• IP – 192.168.15.11
• Operacional System – Ubuntu 20
• Hostname – MARIADB

Set a hostname using the HOSTNAMECTL command.

Copy to Clipboard

Edit the HOSTS configuration file.

Copy to Clipboard

Add the domain controller IP address and hostname.

Copy to Clipboard

Install the required packages to enable Kerberos authentication.

Copy to Clipboard

On the Graphic installation, perform the following configuration:

• Kerberos realm – TECH.LOCAL
• Kerberos server – TECH-DC01.TECH.LOCAL
• Administrative server – TECH-DC01.TECH.LOCAL

You need to change the domain information to reflect your Network environment.

Edit the Kerberos configuration file.

Copy to Clipboard

Here is the file, before our configuration.

Copy to Clipboard

Here is the file, after our configuration.

Copy to Clipboard

You need to change the domain information to reflect your Network environment.

You have finished the required Kerberos configuration.

Tutorial MariaDB – Kerberos authentication on the Active Directory

Install the MariaDB service.

Copy to Clipboard

Create the PAM configuration file.

Copy to Clipboard

Here is the file content.

Copy to Clipboard

In our example, we are going to authenticate the MariaDB service access using the Kerberos protocol.

Access the MariaDB command-line.

Copy to Clipboard

Enable the PAM authentication plugin.

Copy to Clipboard

Create a new user account.

Copy to Clipboard

In our example, we create a MariaDB account named ADMIN.

In our example, we configured this user account to authenticate using the PAM file named MARIADB.

Restart the MariaDB service.

Copy to Clipboard

Access the MariaDB command-line using the new account.

Copy to Clipboard

Verify the user account.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Congratulations! You have finished the MariaDB service Kerberos authentication configuration.