May 21, 2003 at 9:11 am
This is probably more of a Server 2000 question but here goes:
We are using SQL 2000, sp2 and it's on ServerA on Domain A. We have a user who logs on to his pc on Domain B. He has a login on ServerA and is a valid user in Active Directory on DomainA. However, I can't seem to get him access to the SQL ServerA from his PC.
Thanks
Darren
Darren
May 21, 2003 at 9:38 am
Realized I should be as a proviso that I'm really simplifying things here...
As long as domain B trusts domain A, user can use domain A's user login on domain B. This is the NT 4 single master (or multiple master) model for domains. All user accounts are in a master domain. All resources (such as workstations and servers) are in the resource domain. The resource domain trusts the master domain. This allows the user account to be used on the workstation and the server.
Within Active Directory, if both domains are in the same forest, then both domains trust each other. This would be the equivalent of the "full trust" model from the NT 4 days (almost, it gets a bit more detailed in AD, but unless you have to worry about it, I won't go into any more detail). So the user should be able to login with the account from domain A on his workstation.
If the domains don't trust each other, then you'll have to create a Windows account local to the SQL Server that matches the username and password the user is using.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
Edited by - bkelley on 05/21/2003 09:39:49 AM
K. Brian Kelley
@kbriankelley
May 21, 2003 at 9:53 am
I think this makes sense. I don't think there is a trust between the domains. So I have a SQL Mixed Mode login created on ServerA, so you're saying that login has to match his login to the other domain? Or do I have to create a Windows login separate from my SQL Login?
Thanks
Darren
Darren
May 21, 2003 at 10:03 am
You're still using Windows authentication, so it's not a Mixed Mode vs. Windows only issue. It's about how the operating system goes about validating the Windows credentials. Basically, if the domains aren't trusted, you'll need a local server account. Here's a KB article that details doing this for IIS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;176380
You're looking at doing something similar. Basically if he's logging on as DomainB\Bob, you'll go into Computer Management for the SQL Server (compmgmt.msc), and create a user Bob there. The passwords have to match. Then, grant a login to <Computer>\Bob within SQL Server, where <Computer> is the name of the server SQL Server is running on.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply