Citrix - SQL NT User Group Auth Problem

Citrix - SQL NT User Group Auth Problem

Post by Eric Sabin » Sun, 24 Nov 2002 21:30:00



Are the citrix users actually logging into the same domain as when they are
internal, i.e. in the domain?  Look to see if they are logging on locally to
the citrix server.

Eric


Quote:> Running Citrix Metaframe on W2K and connecting to SQL
> Server 2000 (SP2) on another W2K box using NT
> Authentication.

> Using Citrix users cannot access SQL via an NT User Group
> account until I add each individual user to the database.
> After that they are ok and are given the correct group
> access??? When not using Citrix, logging into the domain
> directly, everything works fine.

> Anybody know any Citrix setting that will allow proper NT
> Authenication to SQL Server 2000?

> Thanks in advance.

 
 
 

Citrix - SQL NT User Group Auth Problem

Post by Bill » Tue, 26 Nov 2002 16:14:25


Eric, thanks for the reply.

Yes, the users are definitly logging into the domain and
not locally on the Citrix server.

Bill

Quote:>-----Original Message-----
>Are the citrix users actually logging into the same

domain as when they are
Quote:>internal, i.e. in the domain?  Look to see if they are

logging on locally to
>the citrix server.

>Eric



>> Running Citrix Metaframe on W2K and connecting to SQL
>> Server 2000 (SP2) on another W2K box using NT
>> Authentication.

>> Using Citrix users cannot access SQL via an NT User
Group
>> account until I add each individual user to the
database.
>> After that they are ok and are given the correct group
>> access??? When not using Citrix, logging into the domain
>> directly, everything works fine.

>> Anybody know any Citrix setting that will allow proper
NT
>> Authenication to SQL Server 2000?

>> Thanks in advance.

>.


 
 
 

Citrix - SQL NT User Group Auth Problem

Post by Eric Sabin » Tue, 26 Nov 2002 21:41:49


I re-read your original post and now I am confused.  When the users connect
to SQL Server from Citrix, you say they can't access SQL until you have
created a logon in SQL for them. Is this right?  That seems fine.  Are you
saying they are in some domain group that has access in something to SQL and
therefore their membership in that group should confer all rights assigned
to it?  That is correct logic.  But what is happening is those rights are
not conferred on the user unless you explicitly add their name to SQL
Server.  Is _this_ right?

What software are they using to connect to SQL Server while they are in a
Citrix session?  Is there a firewall in front of the SQL box?  What happens
if you log into the Citrix server from the console, i.e., no RDP or ICA, as
one of these users (before you add their account directly).  Can they still
not get in?  If so, then it's not citrix/terminal server related.

It would be interesting to know if it is firewall related.

Eric


> Eric, thanks for the reply.

> Yes, the users are definitly logging into the domain and
> not locally on the Citrix server.

> Bill

> >-----Original Message-----
> >Are the citrix users actually logging into the same
> domain as when they are
> >internal, i.e. in the domain?  Look to see if they are
> logging on locally to
> >the citrix server.

> >Eric



> >> Running Citrix Metaframe on W2K and connecting to SQL
> >> Server 2000 (SP2) on another W2K box using NT
> >> Authentication.

> >> Using Citrix users cannot access SQL via an NT User
> Group
> >> account until I add each individual user to the
> database.
> >> After that they are ok and are given the correct group
> >> access??? When not using Citrix, logging into the domain
> >> directly, everything works fine.

> >> Anybody know any Citrix setting that will allow proper
> NT
> >> Authenication to SQL Server 2000?

> >> Thanks in advance.

> >.

 
 
 

Citrix - SQL NT User Group Auth Problem

Post by Bill » Wed, 27 Nov 2002 00:41:39


Eric, yes this is confusing. I've answered your followup
questions below. Keep in mind that the reason I suspect
Citrix is that the same users logging in directly to the
domain rather than going through Citrix are validated
properly by SQL using their NT user group accounts, with
no individual SQL accounts.

Quote:>-----Original Message-----
>I re-read your original post and now I am confused.  When
the users connect
>to SQL Server from Citrix, you say they can't access SQL
until you have
>created a logon in SQL for them. Is this right?

Yes, that is correct normally individual user account are
not necessary if the user is a member of an NT group with
appropriate permissions.

 That seems fine.  Are you

Quote:>saying they are in some domain group that has access in

something to SQL and
Quote:>therefore their membership in that group should confer
all rights assigned
>to it?  That is correct logic.  But what is happening is
those rights are
>not conferred on the user unless you explicitly add their
name to SQL
>Server.  Is _this_ right?

Yes, that is exactly what's happening.
Quote:

>What software are they using to connect to SQL Server
while they are in a
>Citrix session?  

The software is a FoxPro V6 application.
Is there a firewall in front of the SQL box?  
No firewall.
What happens
Quote:>if you log into the Citrix server from the console, i.e.,
no RDP or ICA, as
>one of these users (before you add their account

directly).  Can they still
Quote:>not get in?

No, they still can't get in even when logging in directly
to the Citrix server.

 If so, then it's not citrix/terminal server related.

Quote:

>It would be interesting to know if it is firewall related.

>Eric

 
 
 

1. NT auth works, SQL Server auth doesn't

I can connect to my SQL Server if I use NT authentication, but when I switch
to SQL Server authentication in the System DSN I get an error that the user
isn't associated with a trusted connection.  When I go to the server,
though, the user ID has been added as a Login, with System Administrator
privileges and owner rights to the databases.  Is there something else that
must be done to make a user "trusted"?

2. full restore of database - status "loading"

3. Problem getting User Names from NT Groups

4. Problem experienced with VID 6 and SQL Server 7 displaying correct date format

5. Problems with NT users group on SQLServer7

6. Object-oriented DBMS Systems

7. Problems with NT users groups on SQLServer7

8. Why ORA-4031 is not always logged in alert ?

9. NT Group Vs NT User

10. NT User vs NT Group

11. Add users to NT group through SQL

12. W2K Domain users added to NT Groups and SQL