Re: Authentication problems

---

• From: "Costas" <cpstechgroup@xxxxxxxxx>
• Date: Sun, 13 Jul 2008 10:05:06 -0400

---

I think the big question is, do they want to have a separate domain at the Accounts department and if yes, what is the purpose for it. If they don't want to discuss it, they need to understand that the SBS domain does not support domain trusts and if they want you to re-write the app to use SQL authentication, they will pay for it.

Don't lose sleep over it. If someone is paying for a custom SQL application, they need to understand they need to carry the costs for maintaining/modifying it. If I was you, I would stay with the technicals and wouldn't take the the EULA violation route. I think, if you tell them they could be in violation of the EULA (I don't say that they are) you could create friction in the business relationship.

My $0.02

--
Costas
http://costas.cpstechgroup.com




"Alex Clark" <quanta@xxxxxxxxxxxxxxx> wrote in message news:OeimBD94IHA.1420@xxxxxxxxxxxxxxxxxxxxxxx

Hi all,

I would really appreciate any help that anyone can offer on this, as it's becoming a major problem for me.

My company wrote an accounting client/server solution with an MS SQL Server backend for one of our customers, and it worked fine for many years. Recently however, they just upgraded their hardware across the entire organisation, including the accounts dept's server and workstations.

This should have been fine, but they rather foolishly installed SBS2003 onto the accounts dept server. Because of this, the accounts server has to manage its own domain (ACCOUNTS) whereas all the users on the workstations in the accounts department still log onto the "master" domain (ITSERVICES).

This has created authentication problems, because now those users aren't authenticated against the SBS machine and so cannot connect to the SQL Server. We told them they need to put Windows Server 2003 Standard on it, but they refuse. They asked us to rewrite the entire suite of software to use SQL Authentication instead of Windows Authentication, but the cost to them would be prohibitive (we're talking about a lot of apps, and a lot of testing time).

I have tried creating a user account on that SBS box which has database access, and then running a "net use \\accountsrver\ipc$ /user:ACCOUNTS\accuser password" command at startup for all users. Although this gives them access to network shares via Windows Explorer, it doesn't give them access to SQL (I think Explorer does some magic that SQL via ODBC doesn't or cannot do).

Their current workaround is to create users on the ACCOUNTS domain that match user accounts in the ITSERVICES domain (exact same user/pass), and they then automatically get authenticated, but it comes at a price:
1) It's slow
2) Their passwords expire every 6 weeks, meaning they have to be changed on the accounts server every 6 weeks to sync up to whatever the user's new password is.

Question 1) Can anyone think of a better workaround than this?


Their IT dept is being rather inflexible and demanding that we rewrite the software to cover their mistake. We feel they should put the correct version of Windows on there. I think they have another problem though, regarding licensing.

Question 2) Are they in violation of the license agreement with MS by using SBS like this?

The EULA is a bit vague. It does clearly state "You may not use SBS as a departmental server" and various other things, but it doesn't actually state "You're violating your license agreement with MS if you do". I feel they're in a very precarious state license wise, but again their IT dept. is adamant that there's no violation and that this is a perfectly acceptable cost-cutting measure, so long as we rewrite our software to accommodate it.

Sorry for the long post ladies & gentleman, but it required a bit of explanation! Once again, I really appreciate any help that anyone can offer on this.

Thanks,
Alex

.

---

• Follow-Ups:
  • Re: Authentication problems
    • From: Alex Clark

• References:
  • Authentication problems
    • From: Alex Clark

• Prev by Date: Re: SBS as the AD controller in a Child domain
• Next by Date: Re: Choosing a server configuration for a small office
• Previous by thread: Authentication problems
• Next by thread: Re: Authentication problems
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Win2K3 domain account connecting to Win2K VPN server in an NT4 ... - since the server is not in the AD domain, you can't add it to the AD ... NT4 accounts can still authenticate, ... I verified that my test accounts could connect to the VPN before migrating ... > The authentication server did not respond to authentication requests in a ... ... (microsoft.public.win2000.ras_routing) Sending email to mydomain.com ... They do not offer an smtp server, ... different from the user account names for the exchange ... I added one user account in the POP3 Mailbox Accounts ... (microsoft.public.windows.server.sbs) Re: Removing SPA from POP3 service of Windows 2003 Server ... If you wish to change the authentication type from "Local Accounts" to ... right-click on the server and bring up the properties. ... I think what you need to do is configure your Outlook accounts, ... (microsoft.public.windows.server.security) Re: SQL MAIL and Sql Server Agent problem ... know how to prove that I am using the same account for SQL Server and SQL ... Is it a true statement that if the accounts are different I ... Exchange setup by just rebooting the server. ... (microsoft.public.sqlserver.connect) Re: Critical e-mail problem. ... I upgraded from Win2K Server to WinSBS2003 on my desktop ... of my POP3 e-mail accounts as an Exchange Server account. ... I found that I was only receiving mail from the Exchange ... your Outlook profile will have Exchange as its default (and this ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2008-07