I've setup an SSAS server and I've connected it with my active directory server.
But when I try to login on the ssas server (sql server management studio) using an active directory account I get the following error:
Cannot connect to SQLASServer.
The integrated security 'ClaimsToken' is not supported for native connections. (Microsoft.AnalysisServices.AppLocal.AdomdClient)
This error shows up before it actually tries to connect or anything so if I try to login using a bogus username and no password I still get the same error.
When I login to the server with an active directory account and then login on sql server management studio using Windows Authentication it does work without any errors.
Does anybody know how I can solve this issue?
Make sure you choose Windows Authentication from the Authentication dropdown. The options that say “Active Directory” are poorly worded as they mean Azure Active Directory and are not appropriate for on premises SSAS.
If that does not solve it provide a screenshot of your connection dialog in SSMS.
my mistake was that I had chosen Azure Analysis Services from before from the first drop down menu so I was getting this error. Once I changed it to SQL database, the option to connect with Azure Active Directory was available as well as to connect through SQL database credentials. In order to use the Azure Active Directory you need to create an active directory account and set that account as admin on Azure Portal first.
Related
I am trying to connect to Azure database via DataGrip using Active Directory connection (Note: not Active directory - password)
I followed accepted answer from this
I set integratedSecurity=false and authentication=ActiveDirectoryIntegrated.
When trying to connect to Test Connection I get error message
Connection to Azure SQL Database failed. Cannot set "Authetication" with "IntegratedSecurity" set to "true".
Is it some kind of bug that can be repaired, if so how could I solve this issue?
Edit:
More information:
On Azure Portal I can see that this is SQL database.
Server name ends with database.windows.net.
When I try to connect via Connection String (in Data Grip Add data from URL) generated by Azure I am not able to connect also.
The DataGrip support us using Azure Active Directory Authentication. Please see: Microsoft Azure .
You can get the connect string (URL) with Active Directory integrated authentication from Portal:
Replace the URL with the Connect string(Active Directory integrated authentication):
Hope this helps.
There is a lot of confusion around terminology here.
In short, the connection string attribute Integrated Security=true indicates you want to use "windows authentication". This type of authentication might be supported by any Azure SQL (anything whose hostname ends in database.windows.net). Azure SQL only supports Azure Active Directory authentication, butit might be possible to implement single sign on between a windows domain account and Azure Active Directory.
I have a Microsoft Access Application which generates a connection string like:
Provider=SQLNCLI11;Server=servername;Database=db_name;Trusted_Connection=yes;
This works without any problem.
What I want to do is to connect to a SQL Server instance where the user must insert his Active Directory name and password.
Like this:
Provider=SQLNCLI11;Server=servername;Database=db_name;Uid=username;Pwd=password;
This only works for users which are created on the SQL Server directly.
I tried Uid=DOMAIN\username, but it isn't working.
Is this possible? Or is there another way how I can get through this?
The environment:
The User is using a local PC with a local account and then he's doing a "NetworkConnect" with his AD-User and password.
After that, "RunAs" as his AD-User is working BUT there is another Application that is started from the Access Application and this App must be started with the local User-Account.
SQL-Server and the AD-User are member of the same domain.
Your choices are
Login to SQL Server using your the Windows Domain account that you are currently logged into. You do this automatically by specifying Trusted_Connection=yes;, or
Login to SQL Server using a SQL Login.
Those are the only two choices possible using a SQL provider connection string. Specifically, you cannot use the SQL access provider to do impersonation, that is, to login to SQL Server using a different Windows domain account than the one that you are currently logged into.
Microsoft designed the AD integration with SQL Server to use the account of the client application, not to be able to handle logging in as a part of the connection string. If the user isn't going to be logged into the machine using the account needed for the database access, the next best option may be something like ShellRunAs in order to let the user run your client app as the correct AD account.
I need to query Azure SQL Server using Azure Active Directory, I have tried mssql, tediuos, odbc npm's
I'm always getting the same error:
Cannot open the server {server} requested by the login.
Login failed
How to fix this?
Actually, mssql uses tedious as TDS driver, and Azure Active Directory Authentication is currently not supported by tedious. The issue has been reported here.
So, you need to switch to C# to connect Azure SQL Database with Azure AD identity.
From server1, I've created a connection to a remote server (server2) with the Linked Server facilities. Both servers are on the same domain. When I log to server1 I can successfully execute my stored procedures from SQL Server Management Studio but when I execute my stored procedures from my browser application I get the following error on server 2.
Error: 18456, Severity: 14, State: 58.
Login failed for user 'sa'. An attempt to login using SQL authentication failed.
Server is configured for Windows authentication only.
I've searched the Internet and Stackoverflow for solutions but I'm not sure what's the best way to solve this issue. I'm sure it involves adding/changing database security settings but I'm unsure where to make these changes.
Thanks in advance.
Right-click the server in Enterprise Manager, select properties, goto Security, and change to SQL Server and Windows Authentication mode.
Mixed mode is required if you want to use sa or any other sql-account for authentication. However i believe that the recommended way is to keep the server at Windows authentication mode, and use domain accounts for authentication. The sa-account is the quick and dirty way.
If you have the exact same security setup on both servers, the link between them should work if you select "Be made using the login's current security context" in the linked server properties. That way, the account will be "inherited" in the connection to the linked server.
Check under Security - Logins on each of the server so that the same account is added to both servers. Also check the properties of both entries, under Server Roles you can try to add the sysadmin-role to make sure the accounts will have access to all databases on the server. You should however limit this access in live environments :)
MSSQL Server is in the "abc" domain and have mixed mode authentication.
I am connecting from the machine which is not in domain or in a domain "xyz" but with in the same network using MSSQL Jdbc driver 2.0. I have logged in as admin or account in xyz domain.
It works fine using following url for connection for "sa" or SQL Mode Authentication.
jdbc:sqlserver://%DB_IP%:%DB_PORT%;SelectMethod=cursor;DatabaseName=dbname
It doesn't work For window authentication using credential "MSSQLDomain\username" i.e "abc\username", using following url
jdbc:sqlserver://%DB_IP%:%DB_PORT%;SelectMethod=cursor;integratedSecurity=true;DatabaseName=dbname;
Gives following error.
Login failed for user ''. The user is not associated with a trusted
SQL Server connection.
I have tried adding property Trusted_Connection=Yes to url, but still gives same error.
I don't want to map the drive of the SQL Server. I am able to access the any shared folder of the SQL Server Machine by providing "MSSQLDomain\username" and password.
It works fine for both authentication mode, if both machine is in same domain.
If I am using jtDS Driver from the machine which is not in domain or in "xyz" domain within same network i.e same subnet, it works fine.
This is the deliberate and correct behaviour of Windows Authentication.
It is because the Domain from which you are connecting from, is not the same Windows Domain as the one where your SQL Server instance resides.
I believe there are methods for bridging the Domains so to speak, however they require custom and tricky implementation. You also will have to configure a trust relationship between the domains.
The following thread contains discussions which you will likely find useful.
http://sql-server-performance.com/Community/forums/p/24601/137574.aspx
Changing the login credentials might help,
use SQL authentication instead of nt authentication
https://support.microsoft.com/en-us/kb/555332
Symptoms
After you install Microsoft SQL Server 2014, SQL Server 2012, SQL Server 2008, SQL Server 2005, or SQL Server 2000 and you try to connect to the server that is running SQL Server, you receive one of the following error messages:
Login failed for user '%.*ls'. The login is a SQL Server login and cannot be used with Windows Authentication.%.*ls
Login failed for user ''. The user is not associated with a trusted SQL Server connection. (Microsoft SQL Server, Error: 18452)
Login failed for user ''. (Microsoft SQL Server, Error: 18456)
Resolution
This problem occurs if the user tries to log in with credentials that cannot be validated. This problem can occur in the following scenarios:
Scenario 1:
The login may be a SQL Server login but the server only accepts Windows Authentication
To resolve this issue, configure SQL Server in Mixed Authentication Mode.
Scenario 2:
You are trying to connect by using SQL Server Authentication but the login used does not exist on SQL Server
To resolve this issue, verify that the SQL Server login exists. For more information, see Create a login in SQL Server Books Online.
Scenario 3:
The login may use Windows Authentication but the login is an unrecognized Windows principal
An unrecognized Windows principal means that Windows can't verify the login. This might be because the Windows login is from an untrusted domain. To resolve this issue, verify that you are logged in to the correct domain.
I have been involved with making a SQL server connection cross to domains like that, and it is exceptionally painful. In order to use credentials from another domain, the domain where you are assigning the permissions has to trust the domain, where the account is coming from. IT Pro's are generally VERY reluctant to trust another domain in this manner, and for good reason, so if this trust relationship has not been established it might not be very likely to convince the admins to do this.
Once you have the trust relationship established, you will probably need to register the SPN's for your SQL server in Active Directory, and assign delegation permissions. This type of environment is very difficult to setup, troubleshoot and maintain.
I hope that there is some other way that you can do this, because it sounds like you are headed for a very difficult scenario.
Hope it helps
Rihan