Is Windows Authentication possible without a domain controller?
I am running a testbed with two Win2K machines without firewalls. One
computer contains the MSDE 2000A, set for Windows Authentication
only. Running MS Access on the other computer under the Administrator
account causes a connection failure error message:
Microsoft SQL Server Login
Connection failed:
SQLState: '01000'
SQL Server Error: 87
[Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionOpen
(Connect()).
Connection failed:
SQLState: '08001'
SQL Server Error: 6
[Microsoft][ODBC SQL Server Driver][DBNETLIB]Specified SQL server not
found.
Lou Arnold,
Ottawa, Canada
PS...This is a peer-to peer network...no domain controller.
On Sun, 18 Jul 2004 03:53:19 GMT, Lou_Arnold@.nospam.com (Lou Arnold)
wrote:
>Is Windows Authentication possible without a domain controller?
>I am running a testbed with two Win2K machines without firewalls. One
>computer contains the MSDE 2000A, set for Windows Authentication
>only. Running MS Access on the other computer under the Administrator
>account causes a connection failure error message:
>Microsoft SQL Server Login
>--
>Connection failed:
>SQLState: '01000'
>SQL Server Error: 87
>[Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionOpen
>(Connect()).
>Connection failed:
>SQLState: '08001'
>SQL Server Error: 6
>[Microsoft][ODBC SQL Server Driver][DBNETLIB]Specified SQL server not
>found.
>Lou Arnold,
>Ottawa, Canada
|||Try substituting WORKGROUP\USERNAME for DOMAIN\USERNAME. Your error looks
like something other than authentication, however. The two machines can see
each other? Are they in the same workgroup? Maybe try connecting by IP
address instead of machine name and make sure your SQL Server service is
running.
Thanks,
Michael C.
"Lou Arnold" <Lou_Arnold@.nospam.com> wrote in message
news:40f9f68a.19289767@.nntp.flfrd.phub.net.cable.r ogers.com...
> PS...This is a peer-to peer network...no domain controller.
> On Sun, 18 Jul 2004 03:53:19 GMT, Lou_Arnold@.nospam.com (Lou Arnold)
> wrote:
>
|||Michael, Pls see my replies below.
On Sun, 18 Jul 2004 05:18:01 GMT, "Michael C" <nospam@.lol.net> wrote:
>Try substituting WORKGROUP\USERNAME for DOMAIN\USERNAME.
I don't understand where to specify this. There is no domain name as
there is no domain controller.
>Your error looks
>like something other than authentication, however.
> The two machines can see
>each other? Are they in the same workgroup? Maybe try connecting by IP
>address instead of machine name and make sure your SQL Server service is
>running.
Yes, the machines can see each other. File and Printer sharing is
enabled and i can see shares on each computer from the other.
Yes, The work group name WORKGROUP for each computer.
Yes, the SQL server instance is running. (it is a named instance)
Yes, I tried using <ipaddr>\<instancename> and got the same error
message.
Lou Arnold
Ottawa, Canada
|||"Lou Arnold" <Lou_Arnold@.nospam.com> wrote in message
news:40fa18ff.473050@.nntp.flfrd.phub.net.cable.rog ers.com...
> Michael, Pls see my replies below.
> On Sun, 18 Jul 2004 05:18:01 GMT, "Michael C" <nospam@.lol.net> wrote:
> I don't understand where to specify this. There is no domain name as
> there is no domain controller.
If you were connected to a Domain Controller, you would specify
DOMAIN\USERNAME. If you are working on a small LAN with no domain
controller, you can specify WORKGROUP\USERNAME instead; or possibly
MACHINENAME\USERNAME (like this: "MSHOME\BOB" or "COMPUTER1\BOB"). You
might also try connecting using the sa username/password.
> Yes, the machines can see each other. File and Printer sharing is
> enabled and i can see shares on each computer from the other.
> Yes, The work group name WORKGROUP for each computer.
> Yes, the SQL server instance is running. (it is a named instance)
> Yes, I tried using <ipaddr>\<instancename> and got the same error
> message.
>
Do you have a default instance running, or just a named instance? Try
connecting to just <ipaddr> if it's the default instance.
Cheers,
Michael C.
|||In reply:
The instance is a single named instance.
I tried connecting with the SA username and password, but it failed
with the same error message. This was expected since the server is set
up for Windows Authentication only.
Re the Workgroup/Domain name: I understand your explanation, but I
still don't know where (or how) to enter the
workgroup-name/computer-name. Can you be specific about the window
and field that this info should be entered? I am still using the
ipaddr/instance-name in the MIcrosoft SQL Server Database Wizard
Dialog box. This box is the first box displayed when, in MS Access,
you try to create a new Access project. The field has the text label:
"What SQL Server would you like to use for this database?"
Lou
On Sun, 18 Jul 2004 17:42:49 GMT, "Michael C" <nospam@.lol.net> wrote:
>"Lou Arnold" <Lou_Arnold@.nospam.com> wrote in message
>news:40fa18ff.473050@.nntp.flfrd.phub.net.cable.ro gers.com...
>If you were connected to a Domain Controller, you would specify
>DOMAIN\USERNAME. If you are working on a small LAN with no domain
>controller, you can specify WORKGROUP\USERNAME instead; or possibly
>MACHINENAME\USERNAME (like this: "MSHOME\BOB" or "COMPUTER1\BOB"). You
>might also try connecting using the sa username/password.
>
>Do you have a default instance running, or just a named instance? Try
>connecting to just <ipaddr> if it's the default instance.
>Cheers,
>Michael C.
>
|||Michael...here are a few more details:
On the server computer, I have used the SQL Server Network Utility to
disable all but TCP/IP connections. Also, the server is set to use
port 1433. Is this appropriate?
On the client computer, I have used the SQL Server Client Network
Utility to disable all but TCP/IP, and to set the default port value
for TCP/IP to use 1433. Is this appropriate?
Lou.
|||Michael...Sorry I was in error. I enabled File and Printer Sharing and
Client for MS Network on the server computer. Doing this got me past
the connect error I gave in the initial post. However, no database was
created, and no error message was generated. Again, I wonder if this a
Windows Authentication problem.
The symptom is now tthis:
The MS SQL Server Database Wizard apparently connects to the server,
after which a dialog box appears saying that it has all the info it
needs. When I Click Finish, a dialog box appears for a split second.
This dialog box is a progress bar that shows the progress of creating
the new database on the server. This bar shows no progress and quickly
disappears. Why does this happen?
Why is Client for MS Networks and File and Printer Sharing required to
make the connection to the server?
Lou Arnold
|||OK, I'm a little lost now. I was under the assumption that you were trying
to connect to your SQL Server via SQL Enterprise Manager and set up
permissions on an account using that. Now I'm not so sure. Just a couple
of questions so I can try to help you a little better:
1. What exactly are you trying to do?
2. Do you have SQL Server 2K on one computer or both?
3. Are both computers in the same Workgroup (right-click on My Computer >
Properties > Computer Name)?
4. Are both computers set up in the same IP range with the same Subnet
(TCP/IP settings)?
5. Are you running any firewall software?
Thanks,
Michael C.
"Lou Arnold" <Lou_Arnold@.nospam.com> wrote in message
news:40fbcf8b.2586869@.nntp.flfrd.phub.net.cable.ro gers.com...
> Michael...Sorry I was in error. I enabled File and Printer Sharing and
> Client for MS Network on the server computer. Doing this got me past
> the connect error I gave in the initial post. However, no database was
> created, and no error message was generated. Again, I wonder if this a
> Windows Authentication problem.
> The symptom is now tthis:
> The MS SQL Server Database Wizard apparently connects to the server,
> after which a dialog box appears saying that it has all the info it
> needs. When I Click Finish, a dialog box appears for a split second.
> This dialog box is a progress bar that shows the progress of creating
> the new database on the server. This bar shows no progress and quickly
> disappears. Why does this happen?
> Why is Client for MS Networks and File and Printer Sharing required to
> make the connection to the server?
> Lou Arnold
|||Michael...see my replies below.
On Tue, 20 Jul 2004 00:36:08 GMT, "Michael C" <nospam@.lol.net> wrote:
>OK, I'm a little lost now. I was under the assumption that you were trying
>to connect to your SQL Server via SQL Enterprise Manager and set up
>permissions on an account using that. Now I'm not so sure. Just a couple
>of questions so I can try to help you a little better:
Don't blame you for being lost.
>1. What exactly are you trying to do?
The objective is to establish a testbed of two Win2K computers. This
is to be a peer network without a domain controller. The intent is to
establish a configuration whereby these two computers can be used for
development. The server is to be used with Windows Authentication
security only unless this proves impossible. We can play with settings
such as TCP/IP, File and Printer sharing and internet port numbers as
long as we establish a minimum configuration and the reason for each
setting.
>2. Do you have SQL Server 2K on one computer or both?
Only one computer (I'll call it the server computer) has the SQL
Server installed. Only one server is installed and this is a named
instance. The server is set to use port 1433. The other computer (the
client computer) has MS Access installed. This is a requirement for
this testbed. No other computers are connected to these computers.
Both computers are run only under the Windows Administrator account to
avoid the cofiguration of permissions.
>3. Are both computers in the same Workgroup (right-click on My Computer >
>Properties > Computer Name)?
Yes, both are in the same workgroup.
>4. Are both computers set up in the same IP range with the same Subnet
>(TCP/IP settings)?
Yes. they run thru a router and so have adjacent addresses, and the
subnet mask of 255.255.255.0. The router's internet connection is
disabled.
BTW: both TCP/IP and Named Pipes are enabled on both client and server
machines using the client and server network utilities.
>5. Are you running any firewall software?
No. No firewalls have been installed.
More info:
In my initial post, MS Access generated a connection error. After some
trials, it was found that networking components "File and Printer
Sharing" and "Client for MS Networks" had to be enabled on both
computers for the connection to work (why is unclear and must be
investigated). After enabling these two networking components, the
connection appears to succeed, but creation of the database fails and
no error message is generated.
In my mind are the following possible causes:
1) Windows Authentication cannot work because there is no domain
controller. Therefore SQL Server authentication must be used. We must
be sure that this is the only recourse before we abandon Windows
Authentication.
Or
2) Somehow the client's Windows Administrator account is not
recognized by the Server as having permission to create a database,
despite the fact that Windows Administrators should have that
permission by default.
Lou.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment