August 23, 2007 at 3:25 pm
I have inhereted a SQL Server 2000 application with an Access 2003 front end. Currently users are using SQL Server authentication and that works. Due to corporate policy I need to switch them to NT Authentication. Our employees are fine, but our contractors are getting Cannot Generate SSPI Context errors.
We have traced this to the fact that the contractors do not log on to our corporate domain. Whereas employees use MYCORP\MYid when they log into their workstations they are fine connecting with NT Authentication. I've been told they are "in the ACL List of the server". Contractors are logging into their own domain CONTRACTCO\My.ID and "are not on the ACL List". If the contractors attempt to attach to a shared drive, they get a new login dialog box where they can enter a valid MYCORP\Myid. Is there any way to have this happen when connecting to the data base server?
Thanks in advance.
August 23, 2007 at 4:08 pm
You might be able to create a local group on the Windows server the sql server is on with the same access as the folks access the current SQL server and place your contractors into that with CONTRACTCO\My.ID. Depending on your network setup this might do the trick.
August 24, 2007 at 9:39 pm
You could try adding a local user account with the exact same user name as the users corresponding user name in your domain (e.g. domain user namt is domain\cliffordj, create user account cliffordj on local machine) with the same password on the user local machine... might work depending on how your contractors are connecting to your domain and their workstations domain settings.
Joe
August 27, 2007 at 9:53 am
Thanks, I will see if this is acceptable to our security group. We are in a tighten security mode, and I am not sure they will go for adding ID's to the server - especially for contractors! I will ask, though. I am also going to take an educated guess that when passwords change they would have to change on the server as well.
Ken
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply