SQL vs Windows Authentication
-
We have an external vendor trying to install their product that accesses our SQL Server 2000 databases. The product runs on a app server under tomcat not that that should make a difference. We have kerberos setup and have a policy to only use windows authentication accounts rather then sql authentication.
The vendor's install guy can't seem to get his product to use window authentication even though he can connect to the database from the app server using the active directory account. The product will work with a SQL Authenticated account but I don't like this solution.
I'm getting pressure to allow this SQL account because the vendor can't get his product to work.
I have created both types of accounts with identical database permissions but is there anything Im missing? Something on the app server?
Paul
-
A common issue that happens when 3 machines are involved (client PC, app server, database server) is because the impersonation and delegation properties for the various user and service accounts is not set properly. This is commonly referred to as the "Double Hop" issue. What is probably happening is the application is trying to pass on the users credentials but AD is not permitting that to occur. This does not happen when the user is logged on the to app server.
Have a look at http://msdn2.microsoft.com/en-us/library/ms688509.aspx.
You will need to get your Windows Sys Admins to make changes in AD to the users/account involved.
-
Not sure it this will help but I had a similar problem with an external 3 tier app, the app was connecting to a service and the service was trying to authenticate to SQL using windows credentials which were passed to it from the application.
The way I got it working was to ensure that the service was running under the domain account I setup for the app and which also had access to SQL.
After I changed this it worked perfectly.
Think the reason it was failing was also something to do with the "double hop" authentication issue?
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply