RE: Unable to connect to MSSQL with PHP through a firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I came across this problem when I separated my web applications and database
(sql 2000) onto separate servers.  The problem is that Windows does not
(cannot) pass user authentication information to SQL server ... if they are
different machines.  I used Mixed authentication and added user
accounts/groups to sql server to authenticate at the database.
Unfortunately, Windows doesn't support this when IIS and SQL servers reside
on separate machines.  My understanding is that it will work in native AD
environment using Kerberos delegation, but I have no way to test/validate
that.

Change your connection to use SQL authentication and you will be able to
connect to SQL just fine.
Your connectionstring should look something like this:
"PROVIDER=SQLOLEDB.1; Persist Security Info=False; Data Source=<ip or
servername>; Initial Catalog=<database>; UID=<sql_login>; PWD=<password>"

Give the sql login the necessary rights to do what the application needs to
do.

hth,

Duane
www.ciber.com




> -----Original Message-----
> From: Ricky Boone [mailto:whiplash@xxxxxxxxxxxxxxx]
> Sent: Thursday, January 29, 2004 7:24 PM
> To: php-db@xxxxxxxxxxxxx
> Subject:  Unable to connect to MSSQL with PHP through
> a firewall
>
>
> I've got an odd little problem that I just can't figure out.
> First, let
> me briefly describe my setup:
>
>  * Behind a firewall is a Windows 2003 Server running SQL Server 2000
> with mixed mode authentication
>  * On that same internal network is a Linux web server with Apache 2,
> PHP 4.3.4, FreeTDS, etc.
>  * The firewall is setup to only allow the external web servers access
> to specific NAT forwarded ports (1433 TCP, 1434 UDP, 445 TCP)
>  * At a colocation ISP is another web server running Windows
> 2000 Server
> with Apache 2, PHP 4.3.3, etc.
>
> I've written a script that connects to the SQL server for simple
> authentication and tracking.  This script was developed on
> the internal
> Linux box.  Everything works fine on this server: connecting,
> authenticating, queries, etc..
>
> Running the same script on the external Windows box isn't working as
> well, though.  Apache and PHP run just fine on this box with other
> scripts, but connecting to the SQL server through the
> firewall with the
> same script and settings, except for the IP address of the
> server (since
> we are connecting to the firewall's NAT'd ports), but I consistantly
> receive the following error:
>
> Login failed for user 'JoeShmoe'. Reason: Not associated with
> a trusted
> SQL Server connection.
>
> I'm thinking either there is a problem with the SQL server's settings
> (somewhere, I don't know), or PHP on the external webserver,
> but I'm not
> sure what to do.  I've looked all over the configurations for both
> servers and they look fine, checked several sites and lists for advice
> and couldn't find anything that would work.
>
> Any ideas as to what I should be looking for?
>
> --
> Ricky Boone <whiplash@xxxxxxxxxxxxxxx>
> Planetfurry.com
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux