Passing Credentials to linked server

  • Hello guys,

    please, help me with the problem of linked servers.

    The short descr. of environment :

    - 2 NT4 member servers (SQL 7.0) in one resource NT4 domain

    - one NT4 logon domain

    - resource domain trusts the logon domain

    - one account from logon domain is an SQL system admin for both servers

    - sysadmin role is assigned to NT local groups defined on the member servers

    - above mentioned account gets sysadmin priviledge via memberships in local NT groups.

    - a linked server has been created on one server (connection to the second one)

    Although I've choosen "they will be impersonated" at the "Security" tab (Enterprise Manager, Linked Servers, <server>, Properties), if I want to "do" anything I receive always the error message :

    Server: Msg 18456, Level 14, State 1, Line 1

    Login failed for user '\'.

    The problem is very good described at

    http://www.ntsecurity.net/Articles/Index.cfm?ArticleID=23471

    but the solution is only for W2000 servers.

    I do need something for NT4/SQL7 environment.

    Could you please give me some hint, at least ?

  • Sounds like a double-hop issue and there's no work around if you want to use NT authentication all the way through. Double-hop is prohibited in NTLM (the security mechanism for NT 4.0 domains) by design.

    The work around is to have one of the hops via a SQL Server login. I know, this goes against Microsoft's best practice of NT authentication everywere, but with NTLM there's no way around it.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

  • Hello Brian,

    I'm amazed with the swiftness of your reply!

    Thank you very much.

    Unfortunatelly, your answer confirms what I've been afraid of.....

  • Keep in mind if you are simply talking between the two servers (and not needing to use the linked server connection from another client), the double-hop issue won't occur. In that case it's server to server, a single hop. It will mean, however, if you're building queries for a SQL Server job you'll need to test your query on the server itself, either by logging on at the console or by using some sort of console-like remote access such as Terminal Services.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply