SQL Monitor and multiple trusted domains

lehrsj24lehrsj24 Posts: 13 Bronze 1
edited February 17, 2016 12:15AM in SQL Monitor Previous Versions
I've been trying out the Active Directory authentication. In my company we have more than one domain, but they all are trusted. What I am finding that is I have a SQL Monitor server in domain A, then I can't have users from domain B access the server with Windows authentication. I have added users with domain B to a group in domain A, and the group in domain A is added in SQL Monitor with a select list of servers. Any users in domain A that are in the group can access the SQL Monitor web site. Users in domain B cannot. Am I missing anything on how to set it up?

Thanks

Comments

  • squigleysquigley Posts: 93 Silver 2
    Thanks for your inquiry about SQL Monitor.

    Can you describe to me what kind of accounts that you are using and what permissions they have?
    Is it the same permissions as designated on our documentation: https://documentation.red-gate.com/disp ... ermissions

    Also do you have SSMS installed on the same machine as SQL Monitor?
    If you do can your bring up the user for the base monitor in SSMS and try to access the machine in Domain B?

    If you do not have SSMS installed on the same machine as SQL Monitor, can you do the same thing as above on a machine in the same domain as SQL Monitor?

    Sean Quigley | Product Support Engineer | Redgate Software

    Have you visited our Help Center?





  • lehrsj24lehrsj24 Posts: 13 Bronze 1
    The only issue is with Windows authentication. I have two domains, let's say A and B. I have a SQLMonitor server on domain A. I have another one on domain B. The service account used for both of these domains is a single service account from domain A. It works fine in both domain A and domain B as this single service account has rights to the SQL servers in domain A and B. It has all the rights it needs to run and gather the data from SQL Monitor. There are no user rights issues for this.

    The problem is that if I set up Windows Authentication then in domain A, when setting it up, I specify a windows account that is going to check AD to determine if other windows users have rights when they log in. In domain A the only account it will allow is a windows account from domain A. And in domain B the only windows account it will use is an account from domain B. This too isn't a problem as I can use a different account for each of the servers. The problem is on the SQL Monitor server on Domain A, I can't add users from Domain B. It says it can't find them. And on the SQL monitor server on domain B it won't allow me to add users from domain A. It can't find them. It appears that it can only authenticate a user in a single domain - even though domain A and domain B have a full trust relationship.

    From the way this is working I it appears to me that windows authentication can only validate users in a single domain.
  • squigleysquigley Posts: 93 Silver 2
    I see,
    Can you go into more detail on how your domain trust is setup?
    Is it one way or two way trust? Is the trust transitive or nontransitive?
    Is the trust between the domains configured in a special way, or is it a default two-way transitive trusts?

    Sean Quigley | Product Support Engineer | Redgate Software

    Have you visited our Help Center?





  • KenneyHillKenneyHill Posts: 2 New member
    I am seeing this exact problem.  I don't have the information about the trust setups and don't care to find out right now.

    I see this issue was posted over 3 years ago.  We are still on version 7 for SQL Monitor and plan on updating to the latest version of 9.  My question is did this issue get resolved in a later version or does it still exist and I'll just need to go back to the SQL Monitor credential method of letting people in which means its all shared password stuff and no way to know that your ADMIN password hasn't been shared outside of what it should have been.
  • lehrsj24lehrsj24 Posts: 13 Bronze 1
    Yes the problem still exists.  We are on the version 9.  We have two domains and the trusted share is in place.  But if the SQL monitor server is on DomainA, I cannot add users from DomanB.  My workaround was to get user accounts in both domains.
  • KenneyHillKenneyHill Posts: 2 New member
    lehrsj24 said:
    Yes the problem still exists.  We are on the version 9.  We have two domains and the trusted share is in place.  But if the SQL monitor server is on DomainA, I cannot add users from DomanB.  My workaround was to get user accounts in both domains.
    Thank you for letting me know.  It's sad that the problem still exists after more than 3 years.
Sign In or Register to comment.