I am in support of a database driven windows application wherein the data may come from local or remote system (depending on some configuration files).
Currently MS ACCESS Database is being used.
Application runs smoothly when connected to local database.
But when trying to connect to a remote PC Which is password protected,i am getting the
following error
"The Microsoft Jet database engine cannot open the file '\\\XXX.XXX.X.X \ YYYY \ ZZZ.mdb'. It is already opened exclusively by another user, or you need permission to view its data.
i am providing the credentials for database in the connection string as below.
pConObj.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & pAppPath & "\zzzz.mdb;Persist Security Info=True;Jet OLEDB:Database Password=ppp"
The Remote database resides in a shared folder in remote pc which has read/write permissions for everyone user group
following is the format of remote path (pAppPath VALUE in above connection string)
\REMOTE IP ADDRESS\SHARE FOLDER NAME
Please let me know how can i supply remote pc credentials?? or is there anything i am missing here.
PS:If the remote pc do not have user name and password i am able to connect to remote dabase.
Thanks in advance.
Security wise approach:
You need to connect with a user that has access to the remote pc.
Assign the user you are connecting with both Share permissions and security permissions on the shared folder.
Not good for security approach:
Assigning Full control permissions for Everyone is not good for security reasons. But if you prefer so, just verify that you allowed full control permissions on folder security and folder share permissions.
Ok, i got it working now.
What i learnt from microsoft articles is whenever we try to access resources on a remote
computer,corresponding network connections are mapped to Guest account on the remote pc.
So,in my case guest account was not added in the list of allowed users for the shared folder.
I added the guest account in permissions list and it worked.:-)
Related
I am trying to share a file containing a table of information pulled from an external SQL query connection. It works fine for me as I have the connections set up on my PC but when I send the file out, it asks for connection credentials. I could go to each PC and enter the credentials but would prefer the end users to open up the file and use it without having to enter any credentials and would like them to be able to refresh the data as and when needed.
How would I set this up or is it even possible?
Thanks in advance.
Your connection string should be using Windows Authentication, and the local user must be a member of a domain group that has the privileges to run the query on SQL Server.
If you go to Connection Properties, open the connection, and click on Definition, the Integrated Security tag should be set to SSPI.
I have WebLogic 11G (10.3.6) on Linux Server and SQL Server 2012 on Windows 2012. I would like to create the connection pool to SQL Server from WebLogic using Windows Active Directory Kerberos authentication.
I am looking for steps to accomplish the above. I found information in bits and pieces but looking for clear steps. Any help is greatly appreciated.
I have access to WebLogic 10.3.3. So all version numbers are according to that. But the principals are the same.
Login through the console
Lock and Edit. If this isn't a production mode server, you won't need to do this.
Go to Services > JDBC > Data Sources and click "New".
Give it a name and JNDI name. I probably don't need to mention that the JNDI name is the important one. Also, choose the "Database Type" as "MS SQL Server".
Next you'll have to choose the driver. I didn't observe anything about distribute transactions in your question. Thus, I'm assuming you won't need an "XA" driver.
Again, I didn't see anything about Global Transactions in your quesiotn. So in the next step, disable it.
Next is the information about your Database; its name, Host's IP, and Port. If you have a named instance, add the name after the IP like this: \\instance_name. Since you want to use Kerberos, don't enter the Username and Password.
In the next step, you need to tell your datasource to use kerberos. Add ";AuthenticationMethod=kerberos" to end of the URL field. Connection properties are separated with a ";". For example, jdbc:sqlserver://192.168.10.56:17888;AuthenticationMethod=kerberos
Next, specify which Servers in your Domain will have access to this DataSource. Basically, specifying the DataSource's target servers.
Side notes and other important settings:
When you specify the "AuthenticationMethod" connection property with the value of "kerberos", any username or password will be ignored.
Your database server must be administered by the same Domain Controller that administers the Weblogic server.
Under $WL_HOME/server/lib find krb5.conf (Kerberos configuration file containing values for the Kerberos realm and the KDC name for that realm) and open it in a text editor. Specify the system properties java.security.krb5.realm and java.security.krb5.kdc. In Windows Active Directory, the Kerberos realm name is the Windows domain name and the KDC name is the Windows domain controller name.
The application and driver code bases must be granted security permissions in the security policy file of the Java 2 Platform. Something like this:
grant codeBase "file:/WL_HOME/server/lib/-" {
permission javax.security.auth.AuthPermission
"createLoginContext.DDTEK-JDBC";
permission javax.security.auth.AuthPermission "doAs"
permission javax.security.auth.kerberos.ServicePermission
"krbtgt/your_realm#your_realm", "initiate";
permission javax.security.auth.kerberos.ServicePermission
"MSSQLSvc/db_hostname:SQLServer_port#your_realm", "initiate";
};
where:
WL_HOME is the directory in which you installed WebLogic Server.
your_realm is the Kerberos realm (or Windows Domain) to which the database host machine belongs.
db_hostname is the host name of the machine running the database.
SQLServer_port is the TCP/IP port on which the Microsoft SQL Server instance is listening.
I must say though I don't think you searched hard enough. Because almost everything I wrote here came from the online documentation:
http://docs.oracle.com/cd/E12839_01/web.1111/e13753/mssqlserver.htm
I'm trying to drag and drop a file from my desktop to my local MSSQLSERVER shared folder/directory used for filestream files. Everytime I do so, I receive the following Windows error - "You need permission to perform this action."
I feel like I've tried everything under the sun to resolve this, from adding users and groups to the share's permission list (and granting full access) -- all the way to adjusting permission settings in SQL Server (for the database and individual filetable).
My local MSSQLServer service is logged on as a network account and I'm trying to drag/drop with my windows authenticated account. I've tried modifying so the service so it's logged on by a windows auth account, restarted, but still no luck there.
Any thoughts?
Thanks
You tried to enable the "Allow remote clients to have streaming access to FILESTREAM data" in SQL Server Configuration Manager | SQL Server Services | SQL Server (MSSQLSERVER) | FILESTREAM?
Tried to change the ownership Filestream Access Level:
EXEC sp_configure filestream_access_level, 2
RECONFIGURE
(0 - disabled, 1 - T-SQL access enabled and 2 - full access enabled [including access via windows explorer].)
(http://lennilobel.wordpress.com/2010/12/12/sql-server-2008-filestream-part-2-of-3-enabling-and-using-filestream-2/)
PS: Sorry for my english.
I have create a windows service which access SQL db. The connection string is grabbed from the app.config file .
The Following is the format of the connection string
connectionString="Integrated Security=SSPI;Persist Security Info=False;server=xxxxx\SQLEXPRESS;database=Sample;uid=sa;password=xxxxx;Trusted_Connection=False"
The Windows Installer Account Type is LocalSystem.
This service is running of some system successfully, but on some system's its showing login failure for 'SA'.
Please suggest a solution.
It's quite straightforward: login failure for 'SA' refers to the fact that the login sa exists, but the password is not. Particularly, sa is a system default login that always exists, but you have probably set the password differently on different servers.
Another thing to check is whether or not there are multiple instances on the machine. It could be \SQLExpress on one, but the default instance on another that you are meant to connect to.
I have trouble accessing filestream via SqlFileStream. Sql server and IIS7 are on different servers, remote access to Filestream is enabled. Workgroup for both servers is the same.
I've tried everything, including opening user with identical username/passwords on both servers. Didn't work.
Dim sqlFileStream As New SqlTypes.SqlFileStream(filePath, txContext, IO.FileAccess.Read)
I have both filePath and context.
However, when I open server via explorer logged on locally as Administrator, I also get access denied if I try to acesss this share. Any ideas?
Can permissions for this share be edited at all?
The solution to this problem is to have user with same credentials on both sql server machine and IIS machine. Also, application pool identity must be running with these credentials, and connection string must be set to integrated security.
To edit permissions for this share you edit permissions on this table, as the documentation clearly states (funny how this clearly comes to you only after tenth time reading it):
In SQL Server, FILESTREAM data is secured just like other data is secured: by granting permissions at the table or column levels. If a user has permission to the FILESTREAM column in a table, the user can open the associated files.
"Integrated Security = True;" in connection string