Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Using multiple NT Domains and Integrated Security.

2 posts in Windows NT Last posting was on 1998-01-22 09:26:09.0Z
Michael D. Lilley Posted on 1998-01-21 15:45:02.0Z
Message-ID: <34C617FE.615B307@worldnet.att.net>
Date: Wed, 21 Jan 1998 08:45:02 -0700
From: "Michael D. Lilley" <Lilley.Mike@worldnet.att.net>
Organization: Lookout Mountain Consulting
X-Mailer: Mozilla 4.04 [en] (WinNT; U)
MIME-Version: 1.0
Subject: Using multiple NT Domains and Integrated Security.
Content-Type: multipart/alternative; boundary="------------A507931462BF456E05F7CBC4"
Newsgroups: sybase.public.sqlserver.nt
Lines: 68
Path: forums-1-dub!forums-master.sybase.com!forums.powersoft.com
Xref: forums-1-dub sybase.public.sqlserver.nt:5280
Article PK: 1081359

Folks -

    Can anyone enlighten me as to how to add users from domains other than the default domain to a system using integrated or mixed-mode security?  The documentation appears to say that it can be done using sp_addlogin, sp_grantlogin, and sp_adduser in some combination, but I haven't been able to figure it out.

    Here are the particulars:

  • Our servers live in a single NT domain.
  • Some of our users are members of that domain.
  • We need to add several new users, in another domain.
  • We can't add NT trust relationships to that domain due to corporate security issues.
  • We are running ASE 11.5 on Windows NT 4.0, with NT and Windows 95 clients.
  • Popping up lots of "Please login" dialogs (for new connections and apps) would be inappropriate for the application design (currently, with the mixed-mode security, all they need to do is login to Windows NT domain, and the various apps take it from there).
Anyone out there have a solution, example, or better yet, any scripts for doing this kind of thing they could send me?  I'd appreciate any help.

Thanks,
-Mike


Reinoud van Leeuwen Posted on 1998-01-22 09:26:09.0Z
Message-ID: <34C710B1.6798@sybase.com>
Date: Thu, 22 Jan 1998 10:26:09 +0100
From: Reinoud van Leeuwen <reinoud@sybase.com>
Organization: Sybase Inc.
X-Mailer: Mozilla 3.0 (Win95; I)
MIME-Version: 1.0
To: "Michael D. Lilley" <Lilley.Mike@worldnet.att.net>
Subject: Re: Using multiple NT Domains and Integrated Security.
References: <34C617FE.615B307@worldnet.att.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Newsgroups: sybase.public.sqlserver.nt
Lines: 52
Path: forums-1-dub!forums-master.sybase.com!forums.powersoft.com
Xref: forums-1-dub sybase.public.sqlserver.nt:5277
Article PK: 1081356

Michael D. Lilley wrote:

As I understand it (I've never worked in 'real' environments where
integrated or mixed-mode sucurity was used :-), the mechanism works like
this

- A user tries to login on the SQL server
- The SQL server assumes the NT username for the SQL login name
- The SQL server checks whether such a SQL login name exists
- The SQL server asks the NT server wheter the user is authenticated on
the NT domain

Following these rules, the NT server has to know that the user is
authenticated. This can only be the case
- when the user is logged on the 'local' domain
- the user is logged on a trusted domain

I don't think integrated security will be of much use when users are
logged on a remote domain. The local NT server has no way of validating
this, so the SQL server won't know it either.

>
> Folks -
>
> Can anyone enlighten me as to how to add users from domains other
> than the default domain to a system using integrated or mixed-mode
> security? The documentation appears to say that it can be done using
> sp_addlogin, sp_grantlogin, and sp_adduser in some combination, but I
> haven't been able to figure it out.
>
> Here are the particulars:
>
> * Our servers live in a single NT domain.
> * Some of our users are members of that domain.
> * We need to add several new users, in another domain.
> * We can't add NT trust relationships to that domain due to
> corporate security issues.
> * We are running ASE 11.5 on Windows NT 4.0, with NT and Windows 95
> clients.
> * Popping up lots of "Please login" dialogs (for new connections
> and apps) would be inappropriate for the application design
> (currently, with the mixed-mode security, all they need to do is
> login to Windows NT domain, and the various apps take it from
> there).
>
> Anyone out there have a solution, example, or better yet, any scripts
> for doing this kind of thing they could send me? I'd appreciate any
> help.
>
> Thanks,
> -Mike