Windows Authentication
-
We have decided to change from SQL Server Authentication to Windows authentication in light of recent articles (we are just starting out with SQL Server 2000)but are experiencing problems. SQL server is on a Windows 2000 server on a domain. The domain controller is on a Windows NT machine. I have set up Domain users and added them to a group and set up SQL Server logins to map to these accounts. Although the users can log on to the domain on the Windows 2000 server and connect to SQL server, when they log onto the domain from another Windows 2000 machine on the network they cannot get a connection to SQL server ("Reason: Login failed for user (null). Reason: not associated with a trusted SQL Server conenction.") Is this problem with NT and 2000? In addition, some users are still on Windows 98 machines. Will this also create problems?
-
(Reason: Login failed for user (null). Reason: not associated with a trusted SQL Server conenction.")
This error id shows that the account information was not passed to sql. for instance if you were connecting via a web server with anom access turned on.
Check the application connection strings
Steven
-
This error will also show if you are using a user login from an untrusted domain. The Windows 2000 and 98 machines that are failing, are they on the same domain (or a trusted domain) as the SQL Server? This is the typical no-brainer question and you probably are, but it always needs to be asked.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley -
Thanks for your help. No, the machines are not on the domain. We use Novell mainly but log on to this domain to access Exchange. Currently the SQL Server machine is on this domain & I assumed (not being a network person) that logging on to the domain would allow me to log on to SQL server too? Perhaps we should stick to SQL Server authentication?
-
Connecting via Exchange isn't the same as logging on to the domain, unfortunately. You actually would have to add the workstations to the domain and then have the users also log on to the domain when they logon in the morning. The Novell client is capable of handling both logons (to Novell and to the Windows domain).
If this isn't an option, I'm afraid you're going to have to stick to SQL Server authentication.
Another trick that *might* work is to create user accounts on the SQL Server box itself, but the catch is the accounts have to match the Windows account and password the user is using from the client workstation. This gets around the untrusted domain issue. Password synchronization will be a bear.
For instance, I often connect to a friend of mine's SQL Server using Windows authentication from my workstation. However, I'm not on his domain. He has set up a Windows user account locally on the SQL Server. So long as I'm logged into my system (there's another way, but it requires a bit more explanation so I'll skip it for now... it's runas for the curious) with the identical user account and password, I can "pass through" and connect via Windows authentication to his SQL Server.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley -
Thanks for your help. The previous network administrator had set up a series of workgroups and a small domain. We have now added the machines to the domain and everything is working great.
-
Excellent news.
Glad to be of help.K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
Glad to be of help.Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply