Help, please. It is required to configure authentication of the client connection to the Postgres database using the SSPI protocol within the corporate network on MS Windows.
The network has a 3-level domain structure: dep1.org.dn1
Users logging in by OS as: user1@dep1 or dep1\user1
How it is organized is not known for certain. But there are successful examples. Successful configuration:
postgresql.conf:
listen_addresses = '*'
pg_hba.conf:
host all all 11.0.0.0/8 sspi map=db1map include_realm=1
pg_ident.conf:
db1map user1@dep1
Moreover, the user can't pass with the following settings:
db1map [email protected]
db1map dep1\user1
db1map dep1\[email protected]
The problem is how to configure for a user from another domain dep2.org.dn2, which is authorized in the OS as: user2@dep2
I tried the following cases, but they didn't work:
user2@dep2
db1map [email protected]
db1map dep2\user2
db1map dep2\[email protected]
Moreover, authentication through the database of this user using MD5 is successful:
pg_hba.conf:
host all user2 11.х.х.х/32 md5