Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can I use NT Authentication with server running as "System Account"

Status
Not open for further replies.
jadn

jadn

Programmer
Oct 28, 2005
23
US
Hi,
I'd like to use NT Authentication to allow Domain Users to connect (via ODBC connections) to an SQL Server (2000). The server is running under "System account". When adding myself as a Login on the server, I can connect from a client. I've also added a "MYDOMAIN\Domain User" group-Login, but domain users (besides me) get the "[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user" message. I'm using the "ODBC Data Source Administrator" to do the connection-testing on client machines.

Right now, my applications want to connect to the Server using an ODBC connection string like "ODBC;DSN=MyServer".

In searching for an answer, I've seen some references relating OLE DB with ODBC, but don't understand if/how it might apply to my situation. Have also seen solutions which require running server as a specific domain-user (instead of System account) - but this is not an option.

Any help/insight would be appreciated,
Cheers!
 
Sort by date Sort by votes

It wouldn't matter the service is run under 'system' accunt or your domain account. To use the windows athentication, the NT account need to be add to the logins of SQL Server. The easy way is create NT groups on the server then add domain users to their group. Add these groups to SQL Server logins.
 
Upvote 0 Downvote
Hi maswien,
Thanks for the reply. When you say "add domain users to their group", do you mean to add users individually? Is it possible to grant permission to all "MyDomain" users without having to specify each specific user?

Thanks!
 
Upvote 0 Downvote
yes, you can do that. You create separate groups only for granting different permissions to the users.
 
Upvote 0 Downvote
Hi maswien,
I added a [Local]"MyReadGroup" to the server, then added "MyReadGroup" as a Login in SQL Server.

After adding a specific user, "myUser", to MyReadGroup, then myUser can connect. If I remove myUser from MyReadGroup, and add "MyDomain\Domain Users", then myUser can no-longer connect.
The error message is:
"[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'MyDomain\myUser'

... which implies that the server knows myUser is a member of MyDomain, but myUser isn't getting authenticated as a member of "MyDomain\Domain Users" - is it reasonable to expect this?

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

grnzbra
  • Locked
  • Question
SQL Server in Windows
Replies
1
Views
285
pjw001
pjw001
CodeWell
  • Locked
  • Question
SQL Server 2017 Install Issue - Database Not in Configuration Manager
Replies
0
Views
266
CodeWell
CodeWell
baran121
  • Locked
  • Question
take a database from system databse place
Replies
2
Views
222
iambob
iambob
bethabernathy
  • Locked
  • Question
Front End Access 365 Database dsn Connection Fails when attempting to link to 2016 SQL server
Replies
1
Views
218
dhookom
dhookom
Ikatiemarie
  • Locked
  • Question
SQL Server 2008 SP_Send_dbmail
Replies
0
Views
572
Ikatiemarie
Ikatiemarie

Part and Inventory Search

Sponsor

Back
Top