I have a Windows 2003 member server that has SQL on it. I have a remote XP
machine in a workgroup that does have an account in the domain but does not
login to the domain (only used for OWA). Is it possible for this machine to
pass its authentication (same username and password) to the SQL server? I
used to be able to do this when the SQL server was on a domain controller.
Is there anyway to force this authentication through SQL?
Thoughts of ways for me to accomplish this'?Hi Bad,
Thank you for using Newsgroup.
Do you use the SQL SERVER 2000 or SQL SERVER 2005?
Actually SQL SERVER 2000 has two types of authentication: Windows
authentication and mixed authentication. If you do not use the domain
account to login in the Windows, you cannot use the Windows authentication
type to pass through the SQL SERVER, however you can use the SQL SERVER
authentication to access the SQL SERVER from the Windows XP machine. To do
so, you need to do the following things:
1. Enable the SQL SERVER to use the mixed mode. (in the SQL SERVER
Enterprise Manager, right click your server->click properties->Security,
select SQL Server and Windows under the Authentication)
2. Set up a SQL SERVER login account. (extend your server in the Enterprise
Manager, Security->Logins, set up your sa account, and you can use this sa
account to access the SQL SERVER)
If anything is unclear, please feel free to let me know. Thank you!
Sincerely,
Warner Wang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
========================================
=============
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
========================================
=============
This posting is provided "AS IS" with no warranties, and confers no rights.|||I am using SQL 2000. It has worked in the past with windows authentication
when the SQL server was running on a domain controller. Is there any way to
pass the credentials through code'
"Warner wang" <v-warnw@.microsoft.com> wrote in message
news:beHHIyvKGHA.3696@.TK2MSFTNGXA02.phx.gbl...
> Hi Bad,
> Thank you for using Newsgroup.
> Do you use the SQL SERVER 2000 or SQL SERVER 2005?
> Actually SQL SERVER 2000 has two types of authentication: Windows
> authentication and mixed authentication. If you do not use the domain
> account to login in the Windows, you cannot use the Windows authentication
> type to pass through the SQL SERVER, however you can use the SQL SERVER
> authentication to access the SQL SERVER from the Windows XP machine. To do
> so, you need to do the following things:
> 1. Enable the SQL SERVER to use the mixed mode. (in the SQL SERVER
> Enterprise Manager, right click your server->click properties->Security,
> select SQL Server and Windows under the Authentication)
> 2. Set up a SQL SERVER login account. (extend your server in the
> Enterprise
> Manager, Security->Logins, set up your sa account, and you can use this sa
> account to access the SQL SERVER)
> If anything is unclear, please feel free to let me know. Thank you!
> Sincerely,
> Warner Wang
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
> ========================================
=============
> When responding to posts, please "Reply to Group" via
> your newsreader so that others may learn and benefit
> from your issue.
> ========================================
=============
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>|||Hi Bad,
Do you mean both SQL SERVER and client machine are not in the domain now?
The following describes how SQL Server processes login accounts that
Windows authenticates:
1. When a user connects to SQL Server, the client opens a trusted
connection to SQL Server, which passes the user's Windows security
credentials to SQL Server.
Because the client opened a trusted connection, SQL Server knows that
Windows has already validated the login account.
2. If SQL Server finds the user's Windows user account or group account in
the list of SQL Server login accounts in the sysxlogins system table, it
accepts the connection.
SQL Server does not need to revalidate a password because Windows has
already validated it.
If SQL SERVER is in the domain, this trusted connection credential process
is finished in the AD. If SQL SERVER is not in the domain, you need to set
up a login account in the Windows server on which SQL SERVER locates, and
add this login account in the SQL SERVER login list. You cannot use the
domain account to access the SQL SERVER even if you set up a new account
with same username and password on the SQL SERVER because they have the
different SID. In this case, you can use the following two methods to
access the SQL SERVER. You might need to use these two methods even though
you use code to access the SQL SERVER.
1. Create a new login account on the server, and use this account to login
from the client machine.
2. Use the SQL SERVER authentication mode to access the database.
If anything is unclear, please let me know. Thank you!
Sincerely,
Warner Wang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
========================================
=============
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
========================================
=============
This posting is provided "AS IS" with no warranties, and confers no rights.|||The SQL server is a member server in the domain.
"Warner wang" <v-warnw@.microsoft.com> wrote in message
news:EME5Jd5KGHA.224@.TK2MSFTNGXA02.phx.gbl...
> Hi Bad,
> Do you mean both SQL SERVER and client machine are not in the domain now?
> The following describes how SQL Server processes login accounts that
> Windows authenticates:
> 1. When a user connects to SQL Server, the client opens a trusted
> connection to SQL Server, which passes the user's Windows security
> credentials to SQL Server.
> Because the client opened a trusted connection, SQL Server knows that
> Windows has already validated the login account.
> 2. If SQL Server finds the user's Windows user account or group account in
> the list of SQL Server login accounts in the sysxlogins system table, it
> accepts the connection.
> SQL Server does not need to revalidate a password because Windows has
> already validated it.
> If SQL SERVER is in the domain, this trusted connection credential process
> is finished in the AD. If SQL SERVER is not in the domain, you need to set
> up a login account in the Windows server on which SQL SERVER locates, and
> add this login account in the SQL SERVER login list. You cannot use the
> domain account to access the SQL SERVER even if you set up a new account
> with same username and password on the SQL SERVER because they have the
> different SID. In this case, you can use the following two methods to
> access the SQL SERVER. You might need to use these two methods even though
> you use code to access the SQL SERVER.
> 1. Create a new login account on the server, and use this account to login
> from the client machine.
> 2. Use the SQL SERVER authentication mode to access the database.
> If anything is unclear, please let me know. Thank you!
> Sincerely,
> Warner Wang
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
> ========================================
=============
> When responding to posts, please "Reply to Group" via
> your newsreader so that others may learn and benefit
> from your issue.
> ========================================
=============
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>|||Hi Bad,
Thank you for response.
Based on my further research, if SQL SERVER is the member server of domain,
and client does not login in with the domain account, you cannot use the
Windows authentication to access the SQL SERVER, even though you access the
server through the code. In such situation, you can only use the SQL
authentication to access the server. I suggest you create a SQL Server
login account, and use this account to access the database.
If you have anything unclear, please feel free to let me know. Thank you!
Sincerely,
Warner Wang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
========================================
=============
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
========================================
=============
This posting is provided "AS IS" with no warranties, and confers no rights.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment