Board index MS SQL Server

connect string with sspi=anonymous

connect string with sspi=anonymous

Post by Nikl » Fri, 21 Mar 2003 00:28:15



Hello,

I've been running some olap applications for a while and everything
seems to be working quite well. The server is a w2k machine with sql
server 2000 (not enterprise edition).

My problem is that whe're switching to XP on the server and all of a
sudden the cubes are unavailable for my applications. After studying
some discussions I found out that:

1. on a w2k server the anonymous logon is mapped to the NT
AUTHORITY\ANONYMOUS LOGON user wich is a member of the global everyone
group.

2. That does not apply on a server running XP.

I've tried to assign various users and groups in the cube roles, but
none of the available ones seems to be working.

The connect string I'm using looks something like this:
Data Source=myserver;Initial Catalog=my catalog; Provider=msolap;
SSPI=anonymous; MDX Compatibility=2;

So the question is if there is anyone who has an idea how to deal with
this?

regards
/Niklas

 
 
 
Top

connect string with sspi=anonymous

Post by Mosha Pasumansky [MS » Fri, 21 Mar 2003 07:59:23



Quote:> Hello,

> My problem is that whe're switching to XP on the server and all of a
> sudden the cubes are unavailable for my applications. After studying
> some discussions I found out that:

> 1. on a w2k server the anonymous logon is mapped to the NT
> AUTHORITY\ANONYMOUS LOGON user wich is a member of the global everyone
> group.

> 2. That does not apply on a server running XP.

> So the question is if there is anyone who has an idea how to deal with
> this?

Niklas, I beleive that in Windows XP, it is still mapped to NT
AUTHORITY\ANONYMOUS LOGON, but in Windows XP by default this account is not
member of the Everyone group. You either need to explicitly add it to you
role, or you can tweak registry to force it to be part of Everyone group:

Anonymous tokens do not include the Everyone Group SID unless the system
default has been overridden by setting the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\EveryoneIncludesAnon
ymous registry value to DWORD=1.

--
==================================================
Mosha Pasumansky (moshap at microsoft dot com)
Development Lead in the Microsoft Analysis Server team
More info at http://www.mosha.com/msolap
All you need is love (John Lennon)
Disclaimer : This posting is provided "AS IS" with no warranties, and
confers no rights.
==================================================

 
 
 
Top

1. SSPI=anonymous - what does this really mean?

We have been investigating using SSPI=anonymous in the
MSOLAP connection string. We have win2k server (SP3) and
IIS on one box with SQL Server 2000 and Analysis Services
(both SP3)on win2k (SP3) on another box. The integrated NT
Authentication works if all products on one server, but
fails when the IIS is separated.

Using SSPI=anonymous works if we define a role on an OLAP
cube and give everyone access. What user should I give
access given this scenario? WHat does SSPI=anoymous really
mean?

Many Thanks

2. itm Web Site - 200+ pages of IS Information

3. Using NT User without SSPI in connection string.

4. Backup Without User Info

5. Can not connect to Sever (sspi context error)

6. Oracle DB_BLOCK_SIZE and it's relationship to TS/table initial extent

7. SSPI error when connecting to remote db

8. Dont Be a fool

9. SQL7 - Cannot generate SSPI context when connecting to Server

10. ODBC Connects, but not an anonymous user in ASP

11. Connect String to connect to SQL Server via a port other than 1433

12. Connecting with Connect string vs DSN

13. How to test a connect string user/password@instance without actually doing the connect


All times are UTC
Board index