Devolutions ForumDevolutions Forum

Subject:Client authentication

Subject:Client authentication

avatar
davhut
Disabled

Hello again. We have an issue with our setup and hope you have a solution. We have two domains (A & B). Our SQL database is located in domain A and everything there functions just fine. We have access to the database from domain B but are not able to authenticate well enough to be able to edit the entries from there. So read only is fine, just not able to edit. We see the error in the attached file. In looking at the packet trace, I can see the client trying to authenticate but it tries to authenticate to domain B rather than domain A (desired). I had expected that it would go back to the same domain the database is in for A/D authentication ( we are doind A/D integrated). We do have the capability to authenticate from B to A via ldap & kerberos for other purposes so I'm wondering if there is a way to force the client to look to domain A for all RDM Client authentication needs?

Regards,

Dave

Capture.PNG

All Comments (5)

avatar
David Hervieux

Hi,
It look like a SQL Server access right issue. You will have to check with your DBA. It seems that you don't have the write access on a part of the table.

David Hervieux

avatar
davhut

Hi, I do have full edit access. The problem is that I am not able to authenticate properly from domain B, which of course then creates the no edit access problem. I cannot change the domain Active Directory structure, so must find a way to force the RDM client to send any request for authentication to my DC's in domain A. As it stands now, the client tries to authenicate my domain A credentials from a DC in domain B. Since the credential does not exist in Domain B, I get an authentication failure. That's why I was asking if there is some way to force the RDM client to behave differently. If I can somehow direct the client request for authentication in the right direction, then it will solve my problem. I know I can always create a second database in domain B for sessions in domain B, or simply edit any session entries from domain A, but I'm jsut trying to make life simpler for my user base.

Regards,

Dave

avatar
David Hervieux

If you are using the SQL Server datasource, all the authentication is done by SQL Server directly.

David Hervieux

avatar
davhut

Hmmm. Okay then, given that's the case I still cannot understand why I cannot edit my session entries from the other domain. My data sources are all set the same (AD integrated) and reference the exact same SQL database. I can edit anything while using the RDM client to access the database from anywhere in domain A but NOT from domain B. I can access any session entry from either domain A or B with no issues - I cannot edit from B however. As given previously I need to be able to force the client to look to another domain for AD verification, as it seems that the client will only look to the current domain for this - which is standard AD behaviour. It is strange however that I seem to be able to authenticate to domain A fine upon accessing the database from domain B, but not when trying to edit an entry? It cannot be SQL edit permissions, since I have those permissions and have no trouble using the same account from domain A to both access and edit. Just seems odd that for accessing the DB it works but not when trying to edit, which makes me think the RDM client is taking a different approach to authenticate when trying to edit a session.

avatar
Stéfane Lavergne

Could you please send us the "My Data Source Information" for both instances (can edit & can't edit). Something odd is going on and having this diagnostic information should be helpful.

File -> My Data Source Information



Regards,

Stéfane Lavergne

11-10-2014 1-03-51 PM.png