SOLVED: Strange PAM-Authentication error on apt-get / univention-pkgdb-scan

Hi there, I’m getting a strange Error on every apt-get command on one of our member servers named ead-db1.

pg.InternalError: FATAL: kein pg_hba.conf-Eintrag für Host »«, Benutzer »ead-db1$«, Datenbank »pkgdb«, SSL an

I found an old forum post suggesting to fix this by running univention-pkgdb-scan --db-server '' --add 'ead-db1$' on the master node. This indeed helped a bit, but now I’m getting a different error on all apt-get commands:

pg.InternalError: FATAL: PAM-Authentifizierung für Benutzer »ead-db1$« fehlgeschlagen

I get the same error running /usr/sbin/univention-pkgdb-scan --scan. Looking at the postgresql log file /var/log/postgresql/postgresql-11-main.log i can see the following error logs:

2023-07-30 00:30:10.087 CEST [31995-1] ead-db1$@pkgdb LOG:  pam_authenticate fehlgeschlagen: Benutzer bei zu Grunde liegendem Authentifizierungsmodul nicht bekannt
2023-07-30 00:30:10.087 CEST [31995-2] ead-db1$@pkgdb FATAL:  PAM-Authentifizierung für Benutzer »ead-db1$« fehlgeschlagen
2023-07-30 00:30:10.087 CEST [31995-3] ead-db1$@pkgdb DETAIL:  Verbindung stimmte mit pg_hba.conf-Zeile 104 überein: »hostssl pkgdb +pkgdbg pam«

It seems the pam module doesn’t know the ead-db1$ machine account … I don’t know how this got messed up, but does anyone know how to fix this?

EDIT-1: The mashine account seems to be present …

getent passwd |grep 'ead-db2'

EDIT-2: OK, I found the problem :slight_smile: … I somehow made a typo setting the hostname. The system was joined as ead-db2 but the hostname was set to ead-db1 :crazy_face:. Fix was simple:

ucr set hostname=ead-db2

Cheers, Markus