MSSQL Server is in the "abc" domain and have mixed mode authentication. I am connecting from the machine which is not in domain or in a domain "xyz" but with in the same network using MSSQL Jdbc driver 2.0. I have logged in as admin or account in xyz domain.
MSSQL服务器位于“abc”域中,具有混合模式身份验证。我正在使用MSSQL Jdbc驱动程序2.0从不在域中或在“xyz”域中的机器连接,而是在同一个网络中连接。我以管理员或xyz域的帐户登录。
It works fine using following url for connection for "sa" or SQL Mode Authentication.
使用以下url连接“sa”或SQL模式身份验证可以很好地工作。
jdbc:sqlserver://%DB_IP%:%DB_PORT%;SelectMethod=cursor;DatabaseName=dbname
jdbc::状态"置疑" / / % DB_IP %:% DB_PORT %;SelectMethod =游标;数据库名= dbname
It doesn't work For window authentication using credential "MSSQLDomain\username" i.e "abc\username", using following url
它不能使用凭据“MSSQLDomain\用户名”i进行窗口身份验证。e“abc\用户名”,使用以下url
jdbc:sqlserver://%DB_IP%:%DB_PORT%;SelectMethod=cursor;integratedSecurity=true;DatabaseName=dbname;
jdbc::状态"置疑" / / % DB_IP %:% DB_PORT %;SelectMethod =游标;integratedSecurity = true;数据库名= dbname;
Gives following error. Login failed for user ''. The user is not associated with a trusted SQL Server connection.
使跟踪误差。用户登录失败"。用户与受信任的SQL服务器连接没有关联。
I have tried adding property Trusted_Connection=Yes to url, but still gives same error. I don't want to map the drive of the SQL Server. I am able to access the any shared folder of the SQL Server Machine by providing "MSSQLDomain\username" and password.
我尝试过向url添加属性Trusted_Connection=Yes,但是仍然会产生相同的错误。我不想映射SQL服务器的驱动器。通过提供“MSSQLDomain\username”和密码,我可以访问SQL Server机器的任何共享文件夹。
It works fine for both authentication mode, if both machine is in same domain. If I am using jtDS Driver from the machine which is not in domain or in "xyz" domain within same network i.e same subnet, it works fine.
如果两台机器都在同一个域中,那么对于两种身份验证模式都可以正常工作。如果我正在使用来自计算机的jtDS驱动程序,它不在同一个网络I中的域中或“xyz”域中。子网相同,运行良好。
3 个解决方案
#1
2
This is the deliberate and correct behaviour of Windows Authentication.
这是Windows身份验证经过深思熟虑的正确行为。
It is because the Domain from which you are connecting from, is not the same Windows Domain as the one where your SQL Server instance resides.
这是因为所连接的域与SQL Server实例所在的域不同。
I believe there are methods for bridging the Domains so to speak, however they require custom and tricky implementation. You also will have to configure a trust relationship between the domains.
我相信有一些方法可以桥接域,但是它们需要自定义和复杂的实现。您还必须配置域之间的信任关系。
The following thread contains discussions which you will likely find useful.
下面的线程包含您可能会发现有用的讨论。
http://sql-server-performance.com/Community/forums/p/24601/137574.aspx
http://sql-server-performance.com/Community/forums/p/24601/137574.aspx
#2
2
Changing the login credentials might help, use SQL authentication instead of nt authentication
更改登录凭证可能会有帮助,使用SQL身份验证而不是nt身份验证
https://support.microsoft.com/en-us/kb/555332
https://support.microsoft.com/en-us/kb/555332
Symptoms
After you install Microsoft SQL Server 2014, SQL Server 2012, SQL Server 2008, SQL Server 2005, or SQL Server 2000 and you try to connect to the server that is running SQL Server, you receive one of the following error messages:
当您安装了Microsoft SQL Server 2014、SQL Server 2012、SQL Server 2008、SQL Server 2005或SQL Server 2000并试图连接到正在运行SQL Server的服务器后,您将收到以下错误消息之一:
Login failed for user '%.*ls'. The login is a SQL Server login and cannot be used with Windows Authentication.%.*ls
用户'%.*ls'登录失败。登录是一个SQL服务器登录,不能与Windows authentication.% .*ls一起使用
Login failed for user ''. The user is not associated with a trusted SQL Server connection. (Microsoft SQL Server, Error: 18452)
用户登录失败"。用户与可信的SQL服务器连接没有关联。(Microsoft SQL Server, Error: 18452)
Login failed for user ''. (Microsoft SQL Server, Error: 18456)
用户登录失败"。(Microsoft SQL Server, Error: 18456)
Resolution
This problem occurs if the user tries to log in with credentials that cannot be validated. This problem can occur in the following scenarios:
如果用户试图使用无法验证的凭据登录,则会出现此问题。这个问题可以出现在以下场景中:
Scenario 1:
The login may be a SQL Server login but the server only accepts Windows Authentication
登录可能是SQL服务器登录,但服务器只接受Windows身份验证
To resolve this issue, configure SQL Server in Mixed Authentication Mode.
要解决这个问题,可以在混合身份验证模式下配置SQL Server。
Scenario 2:
You are trying to connect by using SQL Server Authentication but the login used does not exist on SQL Server
您试图通过使用SQL Server身份验证来连接,但是在SQL Server上不存在登录。
To resolve this issue, verify that the SQL Server login exists. For more information, see Create a login in SQL Server Books Online.
要解决这个问题,请验证SQL Server登录是否存在。有关更多信息,请参见在SQL Server Books在线创建登录。
Scenario 3:
The login may use Windows Authentication but the login is an unrecognized Windows principal
登录可以使用Windows身份验证,但是登录是一个无法识别的Windows主体
An unrecognized Windows principal means that Windows can't verify the login. This might be because the Windows login is from an untrusted domain. To resolve this issue, verify that you are logged in to the correct domain.
未识别的Windows主体意味着Windows无法验证登录。这可能是因为Windows登录来自一个不受信任的域。要解决这个问题,请验证您已登录到正确的域。
#3
0
I have been involved with making a SQL server connection cross to domains like that, and it is exceptionally painful. In order to use credentials from another domain, the domain where you are assigning the permissions has to trust the domain, where the account is coming from. IT Pro's are generally VERY reluctant to trust another domain in this manner, and for good reason, so if this trust relationship has not been established it might not be very likely to convince the admins to do this.
我曾参与过将SQL服务器连接交叉到类似的域,这是非常痛苦的。为了使用来自另一个域的凭据,您正在分配权限的域必须信任该帐户来自的域。IT专业人士通常非常不愿意以这种方式信任另一个域,而且出于良好的理由,所以如果这个信任关系还没有建立起来,它可能不太可能说服管理员这么做。
Once you have the trust relationship established, you will probably need to register the SPN's for your SQL server in Active Directory, and assign delegation permissions. This type of environment is very difficult to setup, troubleshoot and maintain.
一旦建立了信任关系,您可能需要在Active Directory中为SQL服务器注册SPN,并分配授权权限。这种类型的环境很难设置、故障排除和维护。
I hope that there is some other way that you can do this, because it sounds like you are headed for a very difficult scenario.
我希望有其他的方法可以做到这一点,因为听起来你正在走向一个非常困难的局面。
Hope it helps Rihan
希望它能帮助Rihan
#1
2
This is the deliberate and correct behaviour of Windows Authentication.
这是Windows身份验证经过深思熟虑的正确行为。
It is because the Domain from which you are connecting from, is not the same Windows Domain as the one where your SQL Server instance resides.
这是因为所连接的域与SQL Server实例所在的域不同。
I believe there are methods for bridging the Domains so to speak, however they require custom and tricky implementation. You also will have to configure a trust relationship between the domains.
我相信有一些方法可以桥接域,但是它们需要自定义和复杂的实现。您还必须配置域之间的信任关系。
The following thread contains discussions which you will likely find useful.
下面的线程包含您可能会发现有用的讨论。
http://sql-server-performance.com/Community/forums/p/24601/137574.aspx
http://sql-server-performance.com/Community/forums/p/24601/137574.aspx
#2
2
Changing the login credentials might help, use SQL authentication instead of nt authentication
更改登录凭证可能会有帮助,使用SQL身份验证而不是nt身份验证
https://support.microsoft.com/en-us/kb/555332
https://support.microsoft.com/en-us/kb/555332
Symptoms
After you install Microsoft SQL Server 2014, SQL Server 2012, SQL Server 2008, SQL Server 2005, or SQL Server 2000 and you try to connect to the server that is running SQL Server, you receive one of the following error messages:
当您安装了Microsoft SQL Server 2014、SQL Server 2012、SQL Server 2008、SQL Server 2005或SQL Server 2000并试图连接到正在运行SQL Server的服务器后,您将收到以下错误消息之一:
Login failed for user '%.*ls'. The login is a SQL Server login and cannot be used with Windows Authentication.%.*ls
用户'%.*ls'登录失败。登录是一个SQL服务器登录,不能与Windows authentication.% .*ls一起使用
Login failed for user ''. The user is not associated with a trusted SQL Server connection. (Microsoft SQL Server, Error: 18452)
用户登录失败"。用户与可信的SQL服务器连接没有关联。(Microsoft SQL Server, Error: 18452)
Login failed for user ''. (Microsoft SQL Server, Error: 18456)
用户登录失败"。(Microsoft SQL Server, Error: 18456)
Resolution
This problem occurs if the user tries to log in with credentials that cannot be validated. This problem can occur in the following scenarios:
如果用户试图使用无法验证的凭据登录,则会出现此问题。这个问题可以出现在以下场景中:
Scenario 1:
The login may be a SQL Server login but the server only accepts Windows Authentication
登录可能是SQL服务器登录,但服务器只接受Windows身份验证
To resolve this issue, configure SQL Server in Mixed Authentication Mode.
要解决这个问题,可以在混合身份验证模式下配置SQL Server。
Scenario 2:
You are trying to connect by using SQL Server Authentication but the login used does not exist on SQL Server
您试图通过使用SQL Server身份验证来连接,但是在SQL Server上不存在登录。
To resolve this issue, verify that the SQL Server login exists. For more information, see Create a login in SQL Server Books Online.
要解决这个问题,请验证SQL Server登录是否存在。有关更多信息,请参见在SQL Server Books在线创建登录。
Scenario 3:
The login may use Windows Authentication but the login is an unrecognized Windows principal
登录可以使用Windows身份验证,但是登录是一个无法识别的Windows主体
An unrecognized Windows principal means that Windows can't verify the login. This might be because the Windows login is from an untrusted domain. To resolve this issue, verify that you are logged in to the correct domain.
未识别的Windows主体意味着Windows无法验证登录。这可能是因为Windows登录来自一个不受信任的域。要解决这个问题,请验证您已登录到正确的域。
#3
0
I have been involved with making a SQL server connection cross to domains like that, and it is exceptionally painful. In order to use credentials from another domain, the domain where you are assigning the permissions has to trust the domain, where the account is coming from. IT Pro's are generally VERY reluctant to trust another domain in this manner, and for good reason, so if this trust relationship has not been established it might not be very likely to convince the admins to do this.
我曾参与过将SQL服务器连接交叉到类似的域,这是非常痛苦的。为了使用来自另一个域的凭据,您正在分配权限的域必须信任该帐户来自的域。IT专业人士通常非常不愿意以这种方式信任另一个域,而且出于良好的理由,所以如果这个信任关系还没有建立起来,它可能不太可能说服管理员这么做。
Once you have the trust relationship established, you will probably need to register the SPN's for your SQL server in Active Directory, and assign delegation permissions. This type of environment is very difficult to setup, troubleshoot and maintain.
一旦建立了信任关系,您可能需要在Active Directory中为SQL服务器注册SPN,并分配授权权限。这种类型的环境很难设置、故障排除和维护。
I hope that there is some other way that you can do this, because it sounds like you are headed for a very difficult scenario.
我希望有其他的方法可以做到这一点,因为听起来你正在走向一个非常困难的局面。
Hope it helps Rihan
希望它能帮助Rihan