John,
* John Slattery (johntslattery@gmail.com) wrote:
> At your suggestion, I opened the ODBC data source administrator in
> Windows XP and attempted to create a user DSN using all of the default
> values and providing 'Database', 'Server', and 'User Name'. In this
> case 'User Name' was the Active Directory user name. When I pressed
> the 'Test' button, I received the same exception I noted in my initial
> post. I repeated the test with logging turned on. Nothing seems to
> have been recorded about the failed test. The log file is attached.
No, you should be using the PG username of the user in PG that you want
to connect as in the ODBC driver, not the AD username.
Specifics would help here, I think. For example-
If the AD user is "joe@REALM.COM", one PG user is "joe", and the user
that you want to actually log into the database as is "smith", then you
need this:
pg_ident mapping joe@REALM.COM (or just "joe" if you're having PG strip
the realm) to "smith".
Log into Windows as "joe@REALM.COM".
Use "smith" in the "User Name" field in the ODBC manager
> Could it be that when the only means of authentication enabled in
> pg_hba.conf is gss that having anything in 'User Name' is a problem?
No.
If you can provide actual specifics regarding the above, and excerpts
from your pg_ident.conf, PostgreSQL logs, pg_hba.conf, and the
client-side logs, I think that would go a long way to figuring this out.
Thanks,
Stephen
