Eric, yes this is confusing. I've answered your followup
questions below. Keep in mind that the reason I suspect
Citrix is that the same users logging in directly to the
domain rather than going through Citrix are validated
properly by SQL using their NT user group accounts, with
no individual SQL accounts.
>I re-read your original post and now I am confused. When
the users connect
>to SQL Server from Citrix, you say they can't access SQL
until you have
>created a logon in SQL for them. Is this right?
Yes, that is correct normally individual user account are
not necessary if the user is a member of an NT group with
That seems fine. Are you
Quote:>saying they are in some domain group that has access in
something to SQL and
Quote:>therefore their membership in that group should confer
all rights assigned
>to it? That is correct logic. But what is happening is
those rights are
>not conferred on the user unless you explicitly add their
name to SQL
>Server. Is _this_ right?
Yes, that is exactly what's happening.
>What software are they using to connect to SQL Server
while they are in a
The software is a FoxPro V6 application.
Is there a firewall in front of the SQL box?
Quote:>if you log into the Citrix server from the console, i.e.,
no RDP or ICA, as
>one of these users (before you add their account
directly). Can they still
Quote:>not get in?
No, they still can't get in even when logging in directly
to the Citrix server.
If so, then it's not citrix/terminal server related.
>It would be interesting to know if it is firewall related.