SQL RS Windows NT Integrated Security

  • (This posting is similar to my other posting in this forum)

    Has anyone succesfully deployed reports, that use data sources using Windows Authentication? I found some troubling information, in the SQL RS BOL (see below), concerning this. It seems you must be using Keberos , OR your datasource must be on the same server as your RS db, or one machine removed.

    Greg

    SQL RS BOL - Data Sources Properties Page ---------------------------------

    Windows NT Integrated Security

    Use the Windows credentials of the current user to access the data source. Choose this option when the credentials that are used to access a data source are the same as those used to logon to the network domain.

    This option works best when Kerberos is enabled for your domain, or when the data source is on the same computer as the report server. If Kerberos is not enabled, Windows credentials can be passed to one other computer. If additional computer connections are required, you will get an error instead of the data you expect.

    Do not use this option to run unattended reports or reports that are available for subscription. The report server initiates the running of unattended reports. The credentials of the report server that are used to access the report server database cannot be used to access external data sources.

  • U could have an NT user with the right permissions on your SQL Sever/Database. Then configure the DSN on the report server.

    Select "Credentials stored securely in the report server" and enter the Username (Domain\Username) and password and then check mark on "Use as Windows credentials when connecting to the data source". This should do it.

     

    Cheers,

    Anupam Mondal

    DBA

    Auckland District Health Board

     

  • Anupam,

    Thanks for the reply - I'll try out that solution. Although, would that not hard-code the db authentication credentials, thus only that user could use the windows 'pass thru' authentication?

    In addition, while testing these authentication methods, I have found that 'jumping' from one machine to another , across domains has caused me some grief.  In the documentation, it does state that you must have Kerberos enabled on your domain (or possibly) domains when using windows authentication. (I have some network guys looking into this - The actual verbage from SQL RS BOL is below in red, for reference).

    But, furthermore, when I keep I log into a PC within the domain that contains the Reports/ReportsServer web apps, everything works fine. Its just when accessing the web app from another domain, do I run into problems (this may also be a domain trust problem)

    greg

    This option works best when Kerberos is enabled for your domain, or when the data source is on the same computer as the report server. If Kerberos is not enabled, Windows credentials can be passed to one other computer. If additional computer connections are required, you will get an error instead of the data you expect.

  • Yes you are right. But the hard coded value is stored on the report server. Users do not see that bit. Also in this case ( I could be wrong) U might need to turn on Impersonation. Let me know if U get it working.

    cheers

    anupam

     

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply