You can configure PAM authentication with one or more Active Directory/LDAP servers
using System Security Services Daemon (SSSD). SSSD is a system service that allows the Cloudera Manager Server host to access a remote LDAP directory or Active
Directory domain.
For more information on SSSD, see Red Hat documentation.
-
Configure SSSD on the Cloudera Manager server host. Run the
following command to check if the remote user has been synchronized to the
server host:
id <remote_username>
-
In Cloudera Manager, click .
- Verify that the Authentication Backend Order property is
not set to "Database Only."
- Verify that the Authorization Backend Order property is
not set to "Database Only." If set to Database Only, the external group mapping
will not work.
- Select PAM as the external authentication type.
-
If you have a specific PAM configuration you wish to use for Cloudera Manager, modify the PAM Service
Name property with that configuration's name (it should
correspond to a file residing in /etc/pam.d/). Otherwise, use the default value,
login.
- Save the changes.
- Add your group mapping roles. Click
, then
Add LDAP/PAM Group Mapping.
-
When finished, restart the Cloudera Manager Server:
sudo systemctl restart cloudera-scm-server