Re: How Does SQL Server Verify Domain Security

From: Will (DELETE_westes_at_earthbroadcast.com)
Date: 04/24/05 

Date: Sun, 24 Apr 2005 09:54:32 -0700

I suspected this, so this is where we see the problem. We would
have a domain controller on the internal network and then another
domain controller on the other side of the proxy server. User A
authenticates behind the proxy with his domain controller. SQL
Server resides on the Internet side of the proxy. Upon receiving
the Kerberos ticket, SQL Server attempts to validate it with the
local domain controller. The local domain controller won't
recognize this ticket, and I assume it will try to validate it
with the internal domain controller. But it cannot do this,
because the internal domain controller is behind a proxy server.

Is there any way around this dilemma? 

-- 
Will
Internet: westes at earthbroadcast.com
"Jens Süßmeyer"
<Jens@Remove_this_For_Contacting.sqlserver2005.de> wrote in
message news:OaDBRELSFHA.508@TK2MSFTNGP12.phx.gbl...
> No problem, thats a good articl about Autentification in SQL
Server:
>
>
http://www.databasejournal.com/features/mssql/article.php/3341651
>
> To summarize Aut: You logon on a domain controller prooving
that your are
> the individal that you are supposed to be. (Username and
Password) If this
> Aut. is successfull you get a Kerberos ticket is valid for a
specific amount
> of time. With this ticket you are able to logon to SQL Server
bcause the
> server can validate the ticket with the domain controller to
proove "time"
> and identity.
>
>
> HTH, Jens Suessmeyer.
>
> ---
> http://www.sqlserver2005.de

Relevant Pages

  • RE: I replaced the missing ntldr file and then...
    ... I get internet anywhere, i.e. all workstations as well as backup server. ... I also successfully pinged the domain controller both by ip and by name. ... >>> then I think it's a connectivity issue or AD connectivity issue that's ...
    (microsoft.public.win2000.general)
  • Re: Network Security
    ... server that is also a windows 2000 domain controller and the exchange ... 2000 server for the internal domain. ... (I don't even allow Internet access to OWA unless I force SSL on it.) ...
    (microsoft.public.security)
  • Re: How to connect the NT4 PCD from windows 2003 server
    ... Are the 128.97.213.xxx range used for internet ... The network adapters used for internal networking ... troubleshooting the RPC server is unavailable message. ... > click on traing1.gov, select connect to domain controller, ...
    (microsoft.public.win2000.security)
  • Registered ISP Domain using same name as local DNS / DC
    ... I setup a WinSrv03 server using Active ... Directory as a Domain Controller and DNS server. ... request to the internet. ...
    (microsoft.public.windows.server.dns)
  • Re: Group policy (OU) is not applied to client PC in domain
    ... First check that the domain controller has the proper default gateway ... possible that firewall rules are blocking access to the internet from your ... forward lookup zones and I configured 2 forwarders for the ISP DSN server IP ...
    (microsoft.public.win2000.group_policy)