Re: Linked Server - Windows Authentication passthrough?

• Previous message: Ron: "SQL Server and virus scanning."
• In reply to: Peter A. Schott: "Re: Linked Server - Windows Authentication passthrough?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: billchng@online.microsoft.com (Bill Cheng [MSFT])
Date: Wed, 23 Apr 2003 15:44:40 GMT

Hi Peter,

Thanks for Jasper's help. I agree with him that delegation cannot be set up
on NT 4.0. It is a feature of Windows 2000.

In this situation, mapping to a SQL login would be necessary.

This posting is provided "AS IS" with no warranties, and confers no rights.

Regards,
  
Bill Cheng
Microsoft Support Engineer
--------------------
| From: Peter A. Schott <pschott@drivefinancial.com>
| Subject: Re: Linked Server - Windows Authentication passthrough?
| Date: Tue, 22 Apr 2003 10:20:50 -0500
| Message-ID: <rbnaav8l4b5ihkkre5bpun1tkeu4tpaag2@4ax.com>
| References: <ult8avglhagaicuaau42o7vvsb0icgtr8b@4ax.com>
<XaL$TnNCDHA.2556@cpmsftngxa06.phx.gbl>
| X-Newsreader: Forte Agent 1.93/32.576 English (American)
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Newsgroups: microsoft.public.sqlserver.security
| NNTP-Posting-Host: drivefinancial.com 65.105.152.62
| Lines: 1
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.sqlserver.security:13189
| X-Tomcat-NG: microsoft.public.sqlserver.security
|
| Bill,
| Is there any way to enable delegation on an NT 4 domain? That may be the
| problem. I'd like to have this working when I connect from my
workstation to
| s1 & from s1 to s2 (w ->s1->s2).
|
|
| Thanks.
|
| -Pete Schott
|
| billchng@online.microsoft.com (Bill Cheng [MSFT]) wrote:
|
| > Hi Peter,
| >
| > I understand that you want to choose "Be made using the login's current
| > security context" for "a login not defined in the list above" in linked
| > server properties.
| >
| > Can you log on as the Windows account on the source SQL Server and use
| > Query Analyzer "Windows Authentication" to connect to the SQL Server to
be
| > linked? First make sure that your account can access the destination
SQL
| > Server.
| >
| > In addition, impersonation cannot pass longer than 1 hop, e.g. client -
SQL
| > Server (sql1) - linked SQL Server (sql2). If you log on from the client
to
| > sql1, and execute "select * from sql2.<db>..<table>", the security
token
| > cannot be passed longer than 1 hop. You would need to enable delegation
to
| > bypass the limit.
| >
| > 810572 HOW TO: Configure an ASP.NET Application for a Delegation
Scenario
| > http://support.microsoft.com/?id=810572
| >
| > 283201 HOWTO: Use Delegation in Windows 2000 with COM+
| > http://support.microsoft.com/?id=283201
| >
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > Regards,
| >
| > Bill Cheng
| > Microsoft Support Engineer
| > --------------------
| > | From: Peter A. Schott <pschott@drivefinancial.com>
| > | Subject: Linked Server - Windows Authentication passthrough?
| > | Date: Mon, 21 Apr 2003 17:56:15 -0500
| > | Message-ID: <ult8avglhagaicuaau42o7vvsb0icgtr8b@4ax.com>
| > | X-Newsreader: Forte Agent 1.93/32.576 English (American)
| > | MIME-Version: 1.0
| > | Content-Type: text/plain; charset=us-ascii
| > | Content-Transfer-Encoding: 7bit
| > | Newsgroups: microsoft.public.sqlserver.security
| > | NNTP-Posting-Host: drivefinancial.com 65.105.152.62
| > | Lines: 1
| > | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
| > | Xref: cpmsftngxa06.phx.gbl microsoft.public.sqlserver.security:13177
| > | X-Tomcat-NG: microsoft.public.sqlserver.security
| > |
| > | Is there a way to get my NT login to passthrough using Linked
Servers? I
| > have
| > | to set it up to link my NT login to a specific SQL user on the other
| > server
| > | right now. When I try to run it without that, I get access denied
| > messages
| > | for anonymous login (or something like that).
| > |
| > | TIA,
| > |
| > | -Pete Schott
| > |
|
|

• Previous message: Ron: "SQL Server and virus scanning."
• In reply to: Peter A. Schott: "Re: Linked Server - Windows Authentication passthrough?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]