October 6, 2009 at 5:05 am
Hiya,
I'm having trouble getting a windows user group working correctly. I have an AD user (domain\User1) and an AD group (domain\Group1). domain\User1 is in the group domain\Group1. Checked and double checked. If I add a login in SQL for domain\Group1, and add a user in database1 for the group like this...
create login [domain\Group1] for windows
go
use database1
go
create user [domain\Group1]
the user cannot access the server (login failed for user 'domain\User1')
However, if I do this...
create login [domain\User1] for windows
go
use database1
go
create user [domain\User1]
the user can login no problem. Why does the user get access only when they are outside of the group?
Can anyone help me please?
Thanks,
Martin
October 6, 2009 at 8:27 am
Interesting. The user should be able to connect via the group. I am using that on my SQL Server without issue. Do you have multiple domain controllers? Are you sure that the addition of the user to the group has replicated to all domain controllers?
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
October 6, 2009 at 8:33 am
That is strange. I would lean towards some kerberos issue. Maybe the user's DC is off for some reason? Is the user remote?
October 6, 2009 at 10:10 am
Thanks for your replies Jack & Steve.
We only have one DC and I have now tried the same setup on a different DB server and it works fine; the user can connect to the DB just by being in the group. Also, other users who are in the same AD group behave correctly when the group is added to the server logins. So, the problem seems to be isolated to this particular user, on this single database server.
Also, the user is not remote - we are all physically in the same place on the same LAN.
As you guys say in the States "go figure!"
October 6, 2009 at 10:30 am
In desperation, I rebooted the DB server and now it works fine. Still no idea what the problem is but after spending a day looking, I don't care much.
Thanks again for your help.
October 6, 2009 at 12:01 pm
You should check your Windows Event Log and SQL Server Error Log because it sounds like it was having some issues communicating with AD.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply