Re: How Does SQL Server Verify Domain Security

From: Mike Epprecht (SQL MVP) (mike_at_epprecht.net)
Date: 04/25/05

  • Next message: Will: "Re: How Does SQL Server Verify Domain Security" 
    Date: Mon, 25 Apr 2005 04:45:01 -0700

    Hi

    The only way would be to setup a one-way trust, with only the external
    Domain trusting the internal one. Proxy server ports would need to be opened.

    Regards
    Mike

    "Will" wrote:

    > I suspected this, so this is where we see the problem. We would
    > have a domain controller on the internal network and then another
    > domain controller on the other side of the proxy server. User A
    > authenticates behind the proxy with his domain controller. SQL
    > Server resides on the Internet side of the proxy. Upon receiving
    > the Kerberos ticket, SQL Server attempts to validate it with the
    > local domain controller. The local domain controller won't
    > recognize this ticket, and I assume it will try to validate it
    > with the internal domain controller. But it cannot do this,
    > because the internal domain controller is behind a proxy server.
    >
    > Is there any way around this dilemma?
    >
    > --
    > Will
    > Internet: westes at earthbroadcast.com
    >
    >
    > "Jens Süßmeyer"
    > <Jens@Remove_this_For_Contacting.sqlserver2005.de> wrote in
    > message news:OaDBRELSFHA.508@TK2MSFTNGP12.phx.gbl...
    > > No problem, thats a good articl about Autentification in SQL
    > Server:
    > >
    > >
    > http://www.databasejournal.com/features/mssql/article.php/3341651
    > >
    > > To summarize Aut: You logon on a domain controller prooving
    > that your are
    > > the individal that you are supposed to be. (Username and
    > Password) If this
    > > Aut. is successfull you get a Kerberos ticket is valid for a
    > specific amount
    > > of time. With this ticket you are able to logon to SQL Server
    > bcause the
    > > server can validate the ticket with the domain controller to
    > proove "time"
    > > and identity.
    > >
    > >
    > > HTH, Jens Suessmeyer.
    > >
    > > ---
    > > http://www.sqlserver2005.de
    >
    >
    >

  • Next message: Will: "Re: How Does SQL Server Verify Domain Security"

    Relevant Pages

    • RE: I replaced the missing ntldr file and then...
      ... I get internet anywhere, i.e. all workstations as well as backup server. ... I also successfully pinged the domain controller both by ip and by name. ... >>> then I think it's a connectivity issue or AD connectivity issue that's ...
      (microsoft.public.win2000.general)
    • Re: Win Server 2003 -- 0x80072F78
      ... Service Pack 1 of Windows Server 2003, the technology used to deliver updates ... You do not know the proxy server name or its IP address and/or ... You cannot find the above items specified in the LAN Settings of the Internet ...
      (microsoft.public.windowsupdate)
    • Re: How to connect the NT4 PCD from windows 2003 server
      ... Are the 128.97.213.xxx range used for internet ... The network adapters used for internal networking ... troubleshooting the RPC server is unavailable message. ... > click on traing1.gov, select connect to domain controller, ...
      (microsoft.public.win2000.security)
    • Re: Network Security
      ... server that is also a windows 2000 domain controller and the exchange ... 2000 server for the internal domain. ... (I don't even allow Internet access to OWA unless I force SSL on it.) ...
      (microsoft.public.security)
    • RE: 401.2 Errors
      ... What's the version of SBS server? ... and go through the Internet option. ... Under Proxy Server, click Advanced. ... Collect IIS Log: ...
      (microsoft.public.windows.server.sbs)