Linked server and delegation
From: Corrado Labinaz (corradolab_at_virgilio.it)
Date: 01/29/04
- Next message: fernando diaz: "store procedure debugging error"
- Previous message: Selen: "sql server database suspect"
- Next in thread: Jasper Smith: "Re: Linked server and delegation"
- Reply: Jasper Smith: "Re: Linked server and delegation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Jan 2004 11:00:35 +0100
Hi to everybody,
I've a Windows 2000 native mode domain, with 2 SQL Server 2000, SQL1 and
SQL2.
Both SQL Servers:
- are hosted on DC.
- use Windows authentication only.
- run under a domain user account, SQL1User and SQL2User.
Both SQL server domain user accounts:
- are "trusted for delegation" in AD.
- have a SPN (i.e. setspn -A MSSQLSvc/SQL1.mydomain.com SQL1User)
User Admin1 can connect successfully to both SQL Servers.
User Admin1 have not "user cannot be delegated" in AD.
Now I setup a linked server from SQL1 to SQL2.
Linked server security is set to "be made using the login's current security
context"
Trying to access the linked server cause an error 18456 "Login failed for
user NT AUTHORITY/ANONIMOUS ACCESS" error.
What am I missing??
Seems Kerberos delegation does not work and fall back to NTLM which does not
support delegation, but AFAIK my Kerberos delegation setup should be fine.
Thanks,
Corrado
- Next message: fernando diaz: "store procedure debugging error"
- Previous message: Selen: "sql server database suspect"
- Next in thread: Jasper Smith: "Re: Linked server and delegation"
- Reply: Jasper Smith: "Re: Linked server and delegation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
