Solved

SQL Windows authentication for same name accounts

Posted on 2011-09-06
9
354 Views
Last Modified: 2012-08-13
I have a program written in VB.NET that accesses data in a SQL 2000 database.  It uses an ODBC System DSN data source to connect, configured on Windows authentication.  For each user that needs access, I have added domain\user to the Logins in SQL Enterprise Manager and given the user public access to the relevant database.  Everything works as intended.

Where there is an issue is that some users have a SQL login that matches their domain login for the same database.  When I attempt to grant access to the database, it indicates the user already exists.  For example, domain\jsmith has a SQL account jsmith.  I can create domain\jsmith in EM, but I cannot grant them database access as it says user jsmith already exists.

In attempt to remedy the issue, I changed the ODBC System DSN to SQL authentication, specifying a valid SQL login and password.  When I attempt to run the program it gives: "ERROR  [28000] [Microsoft ODBC SQL Server Driver] [SQL Server] Login failed for user '(null)'.  Reason: Not associated with a trusted SQL Server connection."  (For testing, I tried the 'sa' account, and even this doesn't work.)

-Scott
0
Comment
Question by:CC85
  • 4
  • 3
  • 2
9 Comments
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 36493252
NO, I would change your odbc back to windows authentication.

Then try giving the user READ access by going to your db and right-click on it.

Select Properties

click on Permissions

Select the name you wish to give permission to and check the appropriate box, in your case SELECT box and I think that should take care of it.

0
 
LVL 1

Author Comment

by:CC85
ID: 36493293
In the database properties permissions tab under user/role, the only users I see are those that already have access to this particular database.  

I'm able to create a login for domain\jsmith but when I go to the Database Access tab of the Login Properties box I cannot give them database access.  It gives: Error 21002: [SQL-DMO]User 'jsmith' already exists.  (I am unable to delete the SQL login for "jsmith" because another software program requires SQL logins for all users.)
0
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 36493323
You give them permissions through the database as I described.

If you don't see them, then add them by clicking the Add or Search button.

Then click Browse.

There, you see a bunch of users, including the ones you are looking for.

Select it, then look for the appropriate permission as I described like SELEcT
0
 
LVL 8

Accepted Solution

by:
coolfiger earned 500 total points
ID: 36493334
open sql management studio

go to the database iteself expand it
go to security i believe and logins. delete the user thats saying it allready exists and then try re adding .

I would also liek to suggest usign a security group instead of a single user by user ... its a lot easier .. so in active directory u jsut add a user to the group and presto ... access to the odbc..

Please note above you may have to delete the login from under the database logins and under general sql security logins ....

0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 8

Expert Comment

by:coolfiger
ID: 36493336
the error you're geting is because the user allready exists on the databse login table ... let me know if my solution works ..
0
 
LVL 1

Author Comment

by:CC85
ID: 36493341
I'm not seeing what you're describing.  In Enterprise Manager, Console Root>MSSQL Servers>SQL Server Group>Server>Databases>MyDatabase.  Right click, Properties, MyDatabase Properties window appears.  Click Permissions.  I see a list of domain\users and SQL logins that already have access.  There is no add or search button.  (There also isn't a SELECT permission, only listed are create, such as Create Table, Create View, Create SP, and Backup.)  I'm using SQL 2000 Standard.
0
 
LVL 1

Author Comment

by:CC85
ID: 36493360
coolfiger - Correct, the user exists as a SQL account using SQL authentication and as domain\user using Windows authentication (two accounts "jsmith" (SQL) and "domain\jsmith" (Windows)).  "Jsmith" with SQL authenticiation is required for another software program, so deleting "jsmith" and leaving only "domain\jsmith" is not an option.
0
 
LVL 1

Author Closing Comment

by:CC85
ID: 36493390
Created a new security group in Active Directory and added the users.  Added domain\ODBC group to SQL logins, granted database access.  Access achieved without adding every user\domain and conflicting with existing accounts.
0
 
LVL 8

Expert Comment

by:coolfiger
ID: 36496635
glad to have helped !
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Everyone has problem when going to load data into Data warehouse (EDW). They all need to confirm that data quality is good but they don't no how to proceed. Microsoft has provided new task within SSIS 2008 called "Data Profiler Task". It solve th…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Viewers will learn how the fundamental information of how to create a table.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now