Sql-server – How to trust a non Domain PC over a VPN connected via a Domain Account for SQL Windows Authentication

active-directorycross-domainsql serverwindows-authentication

We are trying to enable a windows login to SQL Server from an untrusted laptop.

The SQL Server has been enabled to allow the domain account to login and browse the data
When a domain user connects to the VPN via domain PC (over the internet) they can connect successfully

So we have a guest on non domain pc non on a domain.

Local user logs on to PC
Connects to the VPN (using domain credentials)

when trying to browse the fileserver (same as SQL Server) they get:

The User is not allowed to login from this Workstation

when trying to browse the SQL Server they get:

I've done some reseach on the latter message but no links I found talk about our non domain to domain user.

Am I right in thinking that once a user connects to the VPN they impersonate the domain user?

Best Answer

Ok we have a solution.

In Active Directory User and Computers Snapin:

Select the User and right-click Properties
Select the Account Tab
Click the Log On To button
In the Logon Workstations dialog, add the name of the untrusted PC

Ok and apply as appropirate. Close the VPN, and restart the connection.

Related Solutions

Sql-server – Running a Windows service under a domain account from a non-member server

With Rackspace's (hosting this particular configuration) support, I now understand the situation.

The "net use *..." drive mapping example and the service example is an apples to oranges comparison. With the drive mapping case it's just an authentication that's happening. In the service case, I'm actually attempting to run a local process under domain credentials, which by definition isn't possible since the server isn't in the domain. Not in domain = can't execute under domain credentials. The drive mapping works because I'm not attempting to execute a process as the domain account - I'm simply passing the credentials.

This restriction applies to any type of process, regardless of it's interactive or service-based.

Sql-server – Trusted Connection to SQL fails after connecting to a VPN

I was also having this same issue and found the solution here:

http://social.technet.microsoft.com/forums/en-US/itprovistanetworking/thread/275599f0-6239-46a5-8245-50a5c13a2713/

You'll need to locate your VPN connections .pbk file.

You can find it here:

C:\Users\{WindowsLogin}\AppData\Roaming\Microsoft\Network\Connections\Pbk

Or if you have it set to allow all users to use the connection, you can find it here:

C:\ProgramData\Microsoft\Network\Connections\Pbk

Edit it with a text editor and find the line that says:

UseRasCredentials=1

Disable it by setting it to 0

UseRasCredentials=0

Best Answer

Related Solutions

Sql-server – Running a Windows service under a domain account from a non-member server

Sql-server – Trusted Connection to SQL fails after connecting to a VPN

Related Topic