Windows Authenticating as a different User
-
SQL Server 2000 sp3 (8.00.818)
Server set to Mixed mode authentication.
My Co-worker is authenticated with his own userid HPL\john when he logs into SQL using either EM or QA. When I log on, I become user HPL\dbadmin which is the domain userid we setup as an administrator of the Windows server (not sql server). HPL\dbadmin is not 'system admin' on sql server but we are setup as admins. My windows auth is HPL\larry On all the other machines (a total of 15) I have no problems authenticating as HPL\larry but only this one gets me in as HPL\dbadmin . This would be a good trick if I could purposely set it up this way, but I don't even know how it's happening right now and want to stop it from occuring and set it to use my win auth.
I checked all the ODBC connections for both server and my client desktop and see nothing that is forcing this userid. I also checked sql server's client & server network utility to ensure that there's nothing here that could be doing it. Does anyone know what could be causing this strange phenom???
I found this out because I use the HPL\dbadmin userid to map a drive to my explorer to access files remotely on the server side. When sec admins changed the password for this id, I couldn't win auth into SQL, and could only sql auth with another id. Then I disconnected the current mapping, and reconnected with the new pw. This corrected the problem then I realized that I was win auth with the HPL\dbadmin userid. It's a mystery. I though win authentication only can use your own domain id (HPL\larry in my case). How can this be changed like this?
I log into my client desktop as HPL\larry. The only thing I do with the HPL\dbadmin id is mapping a drive in explorer since this is the admin id for the Windows server with authority to access the server level files.
Thanks in advance for any help you may provide.
-
try to remove HPL\larry from administrators group of the troubled machine.
-
I can't replicate the issue (away from a domain) but I've seen this issue before. An old trick was to map a connection to ipc$ of the server that you wanted to connect to SQL Server using pass-through authentication, even if you were operating from an untrusted computer. Mapping a drive accomplished the same thing.
I believe if you use runas (from the command prompt: runas /user:HPL\Larry isqlw, for instance) or by holding down the shift-key, right-clicking on the icon and choosing Run As, you can get this to work. Otherwise, another solution is to grant your user account access to the share (through the use of a group) and do away with the dbadmin user connection.
K. Brian Kelley
@kbriankelley -
Thanks for these suggestions. I've tried some of them but it doesn't resolve the issue. Strange, strange, strange. I don't know where it's coming from.
I looked at the ipc$ and we are not using it that way. Like you said, mappping a drive accomplished the same thing so that's why I disconnected the drives but it still win auth as the other user.
I tried the run-as for ISQLW (QA). I right-click on QA icon > run-as > it shows me that I'm HPL\larry and that's what I'm running as. I start QA but like you know, there's another box to enter the sql server name. Choosing any other server besides the one with the issue I get in as myself. Choosing the issue server still gets me in as HPL\dbadmin even with the run-as option.
I can't delete HPL\dbadmin since it's used by the entire DBA group to get drive mappings. The other DBA's are not having the issue I am having. They win auth as themselves. I'm the only one win auth as HPL\dbadmin!!??
I'm gonna keep exploring this. It's my Moby Dick. Anybody still have any suggestions of how to catch this whale the help would be appreciated. Thanks!
-
The upgrade of Client tools did not resolve the issue. Does any one know how SQL Server is able to authenticate me as a userid other than my Winnt login id???
I checked mapped drives, odbc settings, registry keys. Nothing.
Thanks
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply