Using Windows Group Authentication

  • Hello All.

    In preparation for a growing user base, I am presently trying to standardize / simplify my SQL permissions scheme using Windows Groups. I have not done this before and, naturally, am running into some issues.

    I am using Windows Server 2003 + SQL Server 2008 R2 and performed the following actions:

    - Created new Windows Groups (SQL_DBA, SQL_PowerUser, etc);

    - Associated the user domain accounts accordingly ("Johnny" is part of SQL_DBA); and

    - Added the Windows Groups to SQL Server Security (SQL_DBA with role as sysadmin).

    I expected each member of the group to automatically be able to log in and have the appropriate permissions. However, when "Johnny" tries to log in, he get the generic "Login Failed" message which indicates that he does not have access. If I add "Johnny" directly to SQL Server, he will have access but does not inherit his group's permissions.

    Am I missing a step somewhere?

    I would greatly appreciate any assistance you could provide!!!

    Thanks,

    -Michael

  • What's the login error message from the SQL Server Log?

  • Here is the error:

    Error: 18456, Severity 14, State 11

    Login failed for user ... Reason: Token-based server access validation failed with an Infrastructure error.

  • There were posts about this error on this website:

    http://www.sqlservercentral.com/Forums/Topic644009-6-2.aspx

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply