psql: error: connection to server on socket "/tmp/.s.PGSQL.5432" failed: FATAL: role "user2" does not exist
Deskripsi
Error ini terjadi saat pengguna sistem, yang mencoba terhubung, tidak memiliki
pengguna PostgreSQL yang dibuat, atau tidak memiliki peran yang dipetakan.
Perbaikan yang direkomendasikan
Buat peran di PostgreSQL dengan nama pengguna yang diperlukan, atau tambahkan entri untuk pengguna ini ke file pg_ident.conf.
psql (16.3)
Type "help" for help.
postgres=# CREATE ROLE user2 WITH LOGIN;
CREATE ROLE
Mulai ulang server gagal dengan error: "could not load /var/lib/postgresql/data/pg_hba.conf" (tidak dapat memuat /var/lib/postgresql/data/pg_hba.conf)
Deskripsi
Mulai ulang server gagal karena pg_hba.conf berisi entri yang tidak valid.
Perbaikan yang direkomendasikan
Periksa file pg_hba.conf untuk mengetahui apakah ada entri yang tidak valid.
FATAL: Sinkronisasi grup LDAP gagal
Deskripsi
Sinkronisasi LDAP gagal saat pengguna mencoba login.
Perbaikan yang direkomendasikan
Login sebagai pengguna postgres dan jalankan perintah berikut:
CREATE EXTENSION google_pg_auth;
Periksa file postgresql.log untuk mengetahui informasi tentang alasan kegagalan login LDAP.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-04 UTC."],[],[],null,["# Troubleshoot Active Directory integration in AlloyDB Omni\n\nSelect a documentation version: Current (16.8.0)keyboard_arrow_down\n\n- [Current (16.8.0)](/alloydb/omni/current/docs/troubleshoot-active-directory-integration)\n- [16.8.0](/alloydb/omni/16.8.0/docs/troubleshoot-active-directory-integration)\n- [16.3.0](/alloydb/omni/16.3.0/docs/troubleshoot-active-directory-integration)\n\n\u003cbr /\u003e\n\nThis document describes errors you might encounter when you integrate Active Directory in AlloyDB Omni. Examples of errors and recommended fixes are also provided.\n\n\u003cbr /\u003e\n\nActive Directory integration with AlloyDB Omni fails\n----------------------------------------------------\n\nWhen Active Directory isn't working, follow these steps to resolve the issue:\n\n1. Verify the keytab file.\n Make sure that you can connect to the Active Directory server using the\n keytab that you obtained:\n\n ```\n kinit -kt PATH_TO_KEYTAB_FILE postgres/DBCLUSTER_HOST@REALM\n ```\n2. Verify the host.\n\n Make sure that the host you used when you generated the keytab file is the same host\n in the psql command, as shown in the following example: \n\n ```\n KTPass /princ postgres/DBCLUSTER_HOST@REALM /Pass PASSWORD /mapuser postgres /crypto ALL /ptype KRB5_NT_Principal /out OUTPUT_PATH\n\n psql -h DBCLUSTER_HOST -d DB_NAME -U USERNAME@REALM\n ```\n\n Make sure that \u003cvar translate=\"no\"\u003eDBCLUSTER_HOST\u003c/var\u003e is the same in both commands.\n3. Verify the `krb5.conf` file.\n\n Verify the contents of the `krb5.conf` file on the client. Make sure that the\n `krb5.conf` file contents are correct for your configuration. \n\n ```\n cat /etc/krb5.conf\n ```\n\n The following is the expected output: \n\n ```\n [libdefaults]\n default_realm = REALM\n [realms]\n REALM = {\n kdc = KDC_HOST\n admin_server = ADMIN_SERVER\n }\n [domain_realm]\n HOST_DOMAIN_1 = REALM\n HOST_DOMAIN_2 = REALM\n ```\n4. Verify the HBA entries and status.\n\n 1. Run the following commands and send the logs to the [AlloyDB Omni product team](https://docs.google.com/forms/d/e/1FAIpQLSfLhBlJbtPJuvXcAS7WSF4J_CcCfO7tSWdCLqztAg1PhLX_vw/viewform).\n\n ```\n psql -h DBCLUSTER_HOST -U postgres -d postgres\n ```\n\n `psql` prompts you for the `postgres` user's password: \n\n ```\n Password for user postgres:\n ```\n\n `psql` returns the following output: \n\n ```\n psql (17.5 (Ubuntu 17.5-0ubuntu0.25.04.1), server 16.3)\n SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off, ALPN: none)\n Type \"help\" for help.\n ```\n 2. Run the following command in the `psql` prompt:\n\n ```\n postgres=# table pg_hba_file_rules ;\n ```\n\n Output similar to the following example is returned. \n\n ```\n rule_number | file_name | line_number | type | database | user_name | address | netmask | auth_method | options | error\n -------------+--------------------------------------+-------------+---------+----------+--------------------+-----------+-----------------------------------------+-------------+--------------------------+-----------------------------------------------------\n 1 | /var/lib/postgresql/data/pg_hba.conf | 1 | host | {all} | {alloydbadmin} | 127.0.0.1 | 255.255.255.255 | trust | |\n | /var/lib/postgresql/data/pg_hba.conf | 2 | hostssl | {all} | {alloydbadmin} | ::1 | ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff | trust | | hostssl record cannot match because SSL is disabled\n | /var/lib/postgresql/data/pg_hba.conf | 3 | hostssl | {all} | {alloydbpgbouncer} | 0.0.0.0 | 0.0.0.0 | cert | {clientcert=verify-full} | hostssl record cannot match because SSL is disabled\n | /var/lib/postgresql/data/pg_hba.conf | 4 | hostssl | {all} | {alloydbpgbouncer} | ::1 | ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff | cert | {clientcert=verify-full} | hostssl record cannot match because SSL is disabled\n | /var/lib/postgresql/data/pg_hba.conf | 5 | hostssl | {all} | {alloydbadmin} | all | | reject | | hostssl record cannot match because SSL is disabled\n | /var/lib/postgresql/data/pg_hba.conf | 6 | | | | | | | | invalid CIDR mask in address \"0.0.0.0/1000\"\n 2 | /var/lib/postgresql/data/pg_hba.conf | 7 | local | {all} | {all} | | | trust | |\n ```\n5. Review error messages in the `error` column, which can help you identify\n configuration issues.\n\n6. Print the debug level `krb5` logs.\n\n ```\n export KRB5_TRACE=/dev/stderr\n kinit AD_USER@REALM\n psql -h DBCLUSTER_HOST -d DB_NAME -U USERNAME@REALM\n ```\n | **Note:** For more information about this issue, open the `postgres.log` file.\n\npsql: error: connection to server on socket \"/tmp/.s.PGSQL.5432\" failed: FATAL: role \"user2\" does not exist\n-----------------------------------------------------------------------------------------------------------\n\n**Description**\n\nThis error occurs when a system user, who is trying to connect, doesn't have a\nPostgreSQL user created, or doesn't have a role mapped.\n\n**Recommended fix**\n\nCreate a role in PostgreSQL with the required username, or add an entry for this\nuser to the `pg_ident.conf` file. \n\n psql (16.3)\n Type \"help\" for help.\n\n postgres=# CREATE ROLE user2 WITH LOGIN;\n CREATE ROLE\n\nServer restart fails with error: \"could not load /var/lib/postgresql/data/pg_hba.conf\"\n--------------------------------------------------------------------------------------\n\n**Description**\n\nThe server restart failed because the `pg_hba.conf` contains invalid entries.\n\n**Recommended fix**\n\nCheck the `pg_hba.conf` file for invalid entries.\n\nFATAL: LDAP group synchronization failed\n----------------------------------------\n\n**Description**\n\nLDAP synchronization fails when the user tries to sign in.\n\n**Recommended fix**\n\n1. Sign in as the `postgres` user and run the following:\n\n ```\n CREATE EXTENSION google_pg_auth;\n ```\n2. Check the `postgresql.log` file for information about why the LDAP sign-in\n failed.\n\n ```\n cat /obs/diagnostic/postgresql.log | grep google_pg_auth\n ```\n\nWhat's next\n-----------\n\n- [Integrate Active Directory with AlloyDB Omni](/alloydb/omni/current/docs/integrate-active-directory)"]]
