what's the version of your SQL Server and NT?
>--Original Message--
>After adding NT users as SQL Server logins, I tried to
set
>them up on their PC using ODBC connections but get the
>message:
>SQL Server error: 18452
>Login failed for user (null). Reason: not associated with
>a trusted SQL Server connection
>Can someone advise on basic checks?
>(Our SQL Server is setup for MIXED MODE and I myself can
>use the NT Authentication since I belong to the SQL ADMIN
>group via the main DOMAIN server setup)
>thks!
>.
>Login failed for user 'null' means that we were unable to 'impersonate' the
user. We need to be able to impersonate when we authenticate to SQL using
your Windows NT credentials.
Typical client server environment:
Scenario 1:
Client --> SQL
If this fails, then it may be a problem with the communication between the
client and the Domain Controller. You can make network traces from the
client and /or enable Kerberos logging to verify if this is the case. This
may occur when using sockets, but not with Named Pipes connections.
Scenario 2:
Web Server/SQL Environment
Client-->IIS-->SQL.
If your scenario looks like the Scenario 2 (Web Server/SQL Environment),
then this scenario is more complicated to configure.
The middle machine (IIS) must be trusted for Security Delegation. And the
Domain Admin needs to set the spn for SQL Server.
The client machine must use TCP/IP and authenticate via Kerberos
authentication. If it uses NTLM, then this will fail with "Login failed
for user 'null'".
This article goes over various scenarios:
http://msdn.microsoft.com/library/d...-us/dnnetsec/ht
ml/SecNetch05.asp
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
No comments:
Post a Comment