Results 1 to 6 of 6
  1. #1
    Join Date
    Jan 2003
    Posts
    95

    Unanswered: Windows Authentication Problem

    We have a customer who is trying to access our database server. The database server accounts require Windows authentication. The problem is the customer's domain is not and cannot be trusted with our domain. The customer wants to communicate to our network using a VPN. Windows authentication passes his network credentials to SQL Server and SQL Server says access denied and provides a NULL connection error message.

    Is it possible to create a network account for the customer in our domain and have their VPN connection force a domain login into our network? The hope being that their domain credentials are replaced with our domain credentials.

    I'm trying to avoid using SQL Server security, but I don't believe that is possible.

    Thanks, Dave

  2. #2
    Join Date
    Jul 2003
    Location
    San Antonio, TX
    Posts
    3,662
    Have you tried your customer to use Run As?

  3. #3
    Join Date
    Jan 2003
    Posts
    95
    We had them map to the IPC$ share forcing a username and password, but they still can't get in.

  4. #4
    Join Date
    Jan 2003
    Location
    Massachusetts
    Posts
    5,800
    Provided Answers: 11
    We had exactly the same thing here. Here is how you get it to work:

    1) on their laptop set up a shortcut to isqlw or enterprise manager

    2) right click->properties of that shortcut.

    3) add to the beginning of the target runas /netonly /username:domain\username
    Domain\username should be the username you want them to run as.

    And that is it. It's a nice little item that was introduced in win2K, but I have not been able to try it on winXP. Anyone out there try that, yet?

  5. #5
    Join Date
    Jul 2003
    Location
    San Antonio, TX
    Posts
    3,662
    It works on XP the same way, and yes, if you want to make it as a permanent shortcut, then use MCrowley's suggestion.

  6. #6
    Join Date
    Jan 2003
    Posts
    95
    Makes sense. In our case they are trying to run an application and not query analyzer or EM, but it sounds like the same process would be followed.

    One problem though may be related to an ODBC connection that is being used with this application. When we setup an ODBC connection a choice must be made between using SQL Server authentication or Windows authentication. If you choose Windows authentication SQL Server will use their domain information and not the credentials we want them to use. Any way around this?

    Thanks, Dave

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •