This is a continuation from another thread in the SSIS forum. The broader issue is a Security/Permissions issue.
We are running SQL Server on a Windows 2003 server that is isolated from our main Novell network. The db admin does not want to load the Netware Client on the server for security reasons. As we continue to develop and extend our data access I am finding, as a developer, that I will need to frequently consume data and files store on the Novell network.
I did get the "net use" command working in a Job as a part of an SSIS package. This took a fair amount of research and trial and error to get working but at least it works. Now I am trying to use the same process to open a connection to Novell in the Query editor so I can setup a stored procedure that a Web service can call to open a connection to an access.mdb linked server on the Novell drive. When I try to execute via xp_cmdshell the net use command succeeds but does not make the conncetion availible to any other session. When I ran it in a batch to do a simple file copy the net use command succeeded but the copy failed. It works fine in a dos window opened manually. So I started looking at permissions. Whoami returns Administrator from the manual dos window. Whoami returns nt autority from the batch file. Since I have a valid Novell user/password in the net use command why does if fail? When I used impersonate it did not change the user from NT AUTHORITY/? I can't a connection open.
My goal is to find a method to connnect and disconnect to the Novell network as needed from SQL Server as well as from IIS Web applications. My Network Admin does not have any answers for me. I have done a ton of research and so far the only thing that has worked, at least partially, is "net use." Does anyone know how to overcome this issue? I know next to nothing about networking and security and certainly not how to get Windows and Novell to play well together without the Netware Client running. I do have the Gateway for Client Services running but not logged in for the net use function. Any help would be greatly appreciated!
Cory Bonallo
Retail Services
Developer
Please, I am still stuck. Does anyone have a clue on how to resolve this? Is there something different about permissions for the nt authority and administrator accounts at the server level? Something that would present different credentials to the Novell Server when trying to connect?
Cory
|||Generally,
If your SQL Server service account is Localsystem then you will present credentials of domain\machine_name$ to other systems.
If your SQL Server service account is domain\domain_user then you will present credentials of domain\domain_user to other systems.
For xp_cmdshell there is a proxy account that can be set so the credentials sent out of sql server's process are the proxy accounts instead of the server's when the caller is not a sysadmin. If the caller is a sysadmin then xp_cmdshell will use the server's credentials.
hth,
-Steven Gott
S/DET
SQL Server
|||Thank you for the reply. I tried changing the cridentials for xp_cmdshell but "whoami" still returns nt authority and the h: and dir commands fail. Why would the proxy account not take? I don't get it. That same batch works fine from the command prompt. The only difference I can see is that "whoami" returns Administrator there. I just don't understand enough to see the difference. The "net use" command succeeds either way, just the drive switch and dir fail.
Cory
|||If you are calling xp_cmdshell as a sysadmin then the proxy account is not used.
hth,
-Steven Gott
S/DET
SQL Server
|||Oh. But if I log in as me then I don't have write to execute xp_cmdshell.... hmmm.
Cory
|||I'm having the same problem with two SQLServer 2000 servers in different domains (single hop). sql accounts don't work unless they have system administrator privileges.Help would be greatly appreciated.|||http://support.microsoft.com/?kbid=830382
apparently, is a bug.
No comments:
Post a Comment