Re: Domain group members cannot connect [SQL Server 2k5 Workgroup Ed.]
- From: "PSPDBA" <DissendiumDBA@xxxxxxxxx>
- Date: 21 Dec 2006 04:43:22 -0800
Is the server that SQL is on joined to the domain?
Jim Kilmer wrote:
We have a brand new out-of-the-box SQL Server 2005 Workgroup Edition install.
We are using Windows Authentication, and have created SQL logins for about
40 different groups on our domain. We've given those logins the appropriate
permissions on the databases they're supposed to be able to access.
The problem is that when users try to connect to the SQL server, they cannot
connect. An error 18456 is thrown, and logged in the Application event log
stating "Login failed for user OURDOMAIN\theuser" (example values). The
user is properly a member of group added as a login to SQL Server, and we've
confirmed that there are not conflicting permissions that would deny those
users access via another route.
This is only a problem for domain-based groups. If we create a local group
on the SQL server machine, through Computer Management -> Local Users and
Groups, then make the same users a member of THAT group, and finally then
follow the same process to add that local group to SQL Server Logins and set
the database privileges, it works!!
Our group memberships change frequently, and are used for a lot more than
just SQL server permissions. So, using local groups and maintaining
membership in both places is not really feasible. Any ideas why a local
machine group containing domain user accounts would work fine, but a domain
group containing the same accounts would not?
Thanks in advance.
~Jim
.
- Prev by Date: Re: Job owned by a non-sysadmin fails to run
- Next by Date: Re: Job owned by a non-sysadmin fails to run
- Previous by thread: Job owned by a non-sysadmin fails to run
- Next by thread: auditing access to object
- Index(es):
Relevant Pages
|
