January 21, 2014 at 8:07 pm
This issue is all over the web, however pretty much everything I read tells me that I need to install kerbros.
It is the typical scenario: from my laptop, I can't query linkedserver defined on the server.
Does anyone know of a fix that doesn't involve Kerbros? I have other servers that do not have Kerbrose and this issue is not present.
I've read a lot about this in the past week, but I can't find any articles that aren't suggesting a Kerbros issue.
I'm using Enterprise 2008 and connecting through SSMS 2008.
The instances and my laptop are all in the same windows domain.
I have tweaked everything imaginable, however nothing works.
January 22, 2014 at 7:39 am
if you use sql server auth that will work. For the Windows auth to work you'll need to setup the SPNs and enable Kerberos
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
January 22, 2014 at 9:17 am
The linked server definition has mapped Active directory logins or the option "B made using the Login's current context" is specified and you are logged in to the server with Window Auth.
in either of these cases you need kerberos to allow for the pass through of credentials.
As Perry mentioned, the only option outside of kerberos is to use SQL Auth.
1) You can set the linked server security to "Be made using this security context" and set the remote login to a user that has sufficient right to the tables you are querying. this method with cause all users connected to the server permission on the remote linked server.
EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'LSERVER',@useself=N'False',@locallogin=NULL,@rmtuser=N'username',@rmtpassword='########'
2) the other option would be to map your AD login to a remote SQL Login that has the appropriate right. this option will only allow your login (or any other you define) to use the linked server
EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname=N'LSERVER',@useself=N'False',@locallogin=N'DOMAIN\username',@rmtuser=N'username',@rmtpassword='########'
January 22, 2014 at 8:39 pm
I work for a huge company so getting this to the right team is a challenge, because the problem is experienced within SQL Server, but the problem might be the security outside of SQL Server or at the server and/or domain level.
I have a server that doesn't have kerberos setup and isn't using sql ID and it all works. Since it works, I've not checked the finer related details so I will run some checks and update this post afterwards.
BTW, not only does this work for me without kerberos and sql ID, I know it works for another team as well, but I need to check with them about using the sql ID. I know they don't have kerboros installed, but I'm not sure about the SQL ID part.
Will update as I get more information.
I've read some articles with subject "Enable computer and user accounts to be trusted for delegation" and wonder if this might be the issue. This is what I'm going to bring up when I finally find the right team to tackle this issue. This is the closest I've come to finding something that didn't say to use SQL ID or Kerberos. SQL IDs are against corporate policy.
January 23, 2014 at 12:35 am
DSQLServer (1/22/2014)
I have a server that doesn't have kerberos setup and isn't using sql ID and it all works. Since it works, I've not checked the finer related details so I will run some checks and update this post afterwards.
Its either using sql auth or the account sql server runs under is local system.
DSQLServer (1/22/2014)
I know they don't have kerboros installed
Kerberos is not something you install, its activated by properly configuring the application service and AD.
DSQLServer (1/22/2014)
I've read some articles with subject "Enable computer and user accounts to be trusted for delegation" and wonder if this might be the issue.
This is just one of the required steps to activate kerberos security over NTLM.
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply