RE: VPN NT Authentication
From: Bill Hollinshead [MS] (billhol@online.microsoft.com)
Date: 10/25/02
- Next message: Bill Hollinshead [MS]: "RE: Security Hotfix Update 7.00.1078 on SQL Server 7"
- Previous message: Bill Hollinshead [MS]: "Re: Access Denied Error"
- In reply to: Lisa: "VPN NT Authentication"
- Next in thread: Lisa: "RE: VPN NT Authentication"
- Reply: Lisa: "RE: VPN NT Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: billhol@online.microsoft.com ("Bill Hollinshead [MS]") Date: Thu, 24 Oct 2002 22:20:00 GMT
Hi Lisa,
One possibility is the documentation omission that is corrected in
http://support.microsoft.com/support/kb/articles/q277/6/58.asp. Use the
setspn version that is available at
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/setspn-o
.asp.
Another possibility may be
http://support.microsoft.com/support/kb/articles/q322/1/44.asp, but the
symptoms in the More Information section of that article must match,
otherwise the fix will not help <g>. If the symptoms do match then please
open a Microsoft Support Case with ODBC support to request the HotFix. Note
that the article's HotFix does not guarantee the error will be seen again
(see the last sentence of that article) <g>, and there are times when such
a login failed is required. For example, login 'NULL' tells me it is likely
the Domain is an NT4.0 domain and the account (i.e., SID) being supplied to
SQL Server is unknown. As an alternative workaround, you can configure the
DSN to use the Named Pipes Network-Library instead of the TCP/IP Sockets
Network-Library (both of those Network-Libraries do work over the TCP/IP
Network Protocol).
And you can try pass-through authentication:
0. The client box must be running NT (not Windows ME, 98, etc)
1. Upon the SQL Server box, create a Local account with a password.
2. Upon the client box create the identical Local account and password.
3. Log onto the client as that local account, and attempt to connect to SQL
Server.
Note that Local accounts were set up (not domain accounts).
I have attached the Resource Kit's whoami.exe. It may help you determine
the security context of the account that attempting to use integrated (NT)
authentication (from the client), and thus what SID is being passed to SQL
Server from that client via the VPN.
Thanks,
Bill Hollinshead
Microsoft, SQL Server
This posting is provided "AS IS" with no warranties, and confers no
rights. Subscribe to MSDN & use http://msdn.microsoft.com/newsgroups.
- application/octet-stream attachment: WHOAMI.EXE
- Next message: Bill Hollinshead [MS]: "RE: Security Hotfix Update 7.00.1078 on SQL Server 7"
- Previous message: Bill Hollinshead [MS]: "Re: Access Denied Error"
- In reply to: Lisa: "VPN NT Authentication"
- Next in thread: Lisa: "RE: VPN NT Authentication"
- Reply: Lisa: "RE: VPN NT Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
