You can configure PAM authentication with one or more Active Directory/LDAP servers
using System Security Services Daemon (SSSD). SSSD is a system service that allows the Cloudera
Manager Server host to access a remote LDAP directory or Active Directory domain.
For more information on SSSD, see Red Hat documentation.
-
Configure SSSD on the Cloudera Manager server host. Run the following command to check
if the remote user has been synchronized to the server host:
id
<remote_username>
- In Cloudera Manager, click
.
- Verify that the Authentication Backend Order property is
not set to "Database Only."
- Verify that the Authorization Backend Order property is
not set to "Database Only." If set to Database Only, the external group mapping
will not work.
- Select PAM as the external authentication type.
- If you have a specific PAM configuration you wish to use for Cloudera Manager,
modify the PAM Service Name property with that configuration's name
(it should correspond to a file residing in /etc/pam.d/). Otherwise, use the default
value, login.
- Save the changes.
- Add your group mapping roles. Click
, then
Add LDAP/PAM Group Mapping.
- When finished, restart the Cloudera Manager Server:
sudo
systemctl restart cloudera-scm-server