Saturday, February 25, 2012

Pass-Through Authentication won't work when replicating via the ActiveX Library?

Hi all,
My sql2000 to sql2000 merge replication via internet is run via an
application on the subscriber using activex library.
I read about setting up pass-through authentication so that the user
accounts don't need to be on the same domain. So, I set up Sql Server
and Sql Agent to run on a user account set up identically on each
machine. But, it doesn't seem like the Sql Agent is even involved in
the communication on the subscriber.
Authentication at the publisher fails because it is trying to
authenticate - not the account that sql server and sql agent services
are running under - but the current windows account running on the
subscriber.
ie:
- sql server and sql agent running under "serviceAccount"
- windows user on subscriber machine logged in as "Joe"
- error at publisher = cannot authenticate Joe.
Now, if I create a Joe user on the publisher, with the same password as
on the subscriber, everything works. But this is an impossible setup to
work with because of course there will be many different unknown users.
Please, can anyone help with this? I can't find this problem
anywhere...
JJ
Its probably using the security context of the account you are logged in
under. If you were to run this program/script as a job spawned by SQL Server
agent it would work. Another option would be to use the run as command (have
a look at runas from the command prompt).
I think your best bet would be to use sql authentication though.
This could also be an rights issue when you connect to the snapshot share -
exactly what error message are you getting?
Hilary Cotter
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Looking for a FAQ on Indexing Services/SQL FTS
http://www.indexserverfaq.com
"JJ" <joe.jabour@.gmail.com> wrote in message
news:1121742075.969113.19600@.z14g2000cwz.googlegro ups.com...
> Hi all,
> My sql2000 to sql2000 merge replication via internet is run via an
> application on the subscriber using activex library.
> I read about setting up pass-through authentication so that the user
> accounts don't need to be on the same domain. So, I set up Sql Server
> and Sql Agent to run on a user account set up identically on each
> machine. But, it doesn't seem like the Sql Agent is even involved in
> the communication on the subscriber.
> Authentication at the publisher fails because it is trying to
> authenticate - not the account that sql server and sql agent services
> are running under - but the current windows account running on the
> subscriber.
> ie:
> - sql server and sql agent running under "serviceAccount"
> - windows user on subscriber machine logged in as "Joe"
> - error at publisher = cannot authenticate Joe.
> Now, if I create a Joe user on the publisher, with the same password as
> on the subscriber, everything works. But this is an impossible setup to
> work with because of course there will be many different unknown users.
>
> Please, can anyone help with this? I can't find this problem
> anywhere...
> JJ
>
|||Yes I'm pretty sure that it's a rights issue - i was seeing error 1326
(unknown user or bad password). Like you said, it's likely because it's
using the security context of the account that I am logged in under on
the subscriber. In fact, I know that's the issue, b/c if I change the
username and password of my windows account that i am logged in under
on the subscriber to match the publisher, everything works like a
charm. But this is an impossible setup for me.
The issue here is that this is supposed to be an installable
application (unknown users)using MSDE on the subscriber, and the
application is using the ActiveX library - so anything outside of the
control of what can be set up by an installation app won't be feasible.
Re SQL authentication, are you saying that if I change the SQL Server
setup on the subscriber to use SQL authentication instead of windows
authentication, that it might work?
JJ
|||Yes, I am suggesting you do both (SQL authentication on the publisher and
subscriber). You can also use a com component and have this component run
under different security credentials than the account the user is logged on
under.
Hilary Cotter
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html
Looking for a FAQ on Indexing Services/SQL FTS
http://www.indexserverfaq.com
"JJ" <joe.jabour@.gmail.com> wrote in message
news:1121776681.002861.67670@.o13g2000cwo.googlegro ups.com...
> Yes I'm pretty sure that it's a rights issue - i was seeing error 1326
> (unknown user or bad password). Like you said, it's likely because it's
> using the security context of the account that I am logged in under on
> the subscriber. In fact, I know that's the issue, b/c if I change the
> username and password of my windows account that i am logged in under
> on the subscriber to match the publisher, everything works like a
> charm. But this is an impossible setup for me.
> The issue here is that this is supposed to be an installable
> application (unknown users)using MSDE on the subscriber, and the
> application is using the ActiveX library - so anything outside of the
> control of what can be set up by an installation app won't be feasible.
>
> Re SQL authentication, are you saying that if I change the SQL Server
> setup on the subscriber to use SQL authentication instead of windows
> authentication, that it might work?
> JJ
>
|||SQL auth on both didn't work - It was still using the credentials of
the windows login on the subscriber.
Solution - I created a "launcher" application that starts the
application under credentials that match the publisher.
Thanks for the help.
|||Well, it worked on my LAN, but not when i tested it from outside the
LAN. Again, permission problems. Do I need to upgrade the server to a
domain controller?
JJ

No comments:

Post a Comment