Domain credentials not the same for SQL 2014

rwheeler23
rwheeler23 used Ask the Experts™
on
I had installed a querying program that uses the user's windows credentials to query the data. I went into SQL and added the user using Windows credentials. The user went into SQL is as mydomain\user. However, when I go into the querying tool security program and grant access it picks up the user as mydomain.com\user. So when the user tries to login the user ID's do not match. I am not sure if there is something that needs to be fixed in SQL or in active directory.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017
Commented:
it should not matter, the domain user you add user@domain domain\user domain.suffix\user should match. what is the issue whtat you are running into.

Did you search and add a user from the AD, .....
sql has an active directory helper.

It is not clear to me where the issue is.
The login entry you use to login into the workstation is the credentials the Windwos integrated application will use.
try logging in user@domain and see if that makes a difference...
once you are authenticated into the workstation, the query application is passing a token to the sql server .......
rwheeler23President

Author

Commented:
It has something to do with this application. I used the SQL AD browser to pull the user. The application has the same type of browser. The problem is that  when the application pulled the user it added the '.com' suffix and then when it goes to encrypt the user's password it uses this version not the version without the suffix. So now when the user tries to login to the application the login fails because the combination of username and password do not match what is in SQL. I have asked the creator of this application how to proceed.
Distinguished Expert 2017

Commented:
where is the failure the authentication in the SQL or a subsequent verification....

Look at sql auth events to see whether it is the one rejecting the ..

Commonly, when using windows integrated authentication in an application, there would not be a need to list/select the user, the user loged into the system is whose token the application provides to the sql server to access.
it sounds as though the application ......

the display commonly is domain\username the suffix is dropped. check the options on the application whether you can narrow down the user listing to use domain versus domain.suffix...
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

rwheeler23President

Author

Commented:
Good idea. They have gone home for the weekend so I will check on Monday.
rwheeler23President

Author

Commented:
It appears the issue is that this client is still using a W2000 server as the AD. No matter what we do the windows credentials will not work for this application. I am trying to convert to sql credentials.
rwheeler23President

Author

Commented:
Thanks for your insight.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial