| Release | Classification | Level | DB Platform | Categories |
| All | How To |  |
MSSQL | Connection Management |
| PURPOSE |
In relevance to connecting to MSSQL server database, microsoft typically offers two common authentication methodologies for clients to connect to database -
- SQL Authentication
- Windows Authentication
This article is intended to cover prechecks and limitations for achieving success with a windows authenticated connectivity.
| HOW TO SET UP SCALEARC |
WARNING : Please refer to "ScaleArc Support for AD Integration" prior to joining AD
https://support.scalearc.com/kb/articles/3117
Scenario-1 - AD authentication ON all the time through ScaleArc
Steps - a. Join AD domain "SETTINGS > System Settings > Windows AD Setup"
note: Joining Scalearc to AD domain has few known limitations. Failing to comply to those might lead to failure.
b. "Users & DBs > Authentication Offload" = ON
c. "Users & DBs > Fetch Users Auto Fetch Database Users>" = ON
d. "Cluster Settings > ScaleArc > Windows Authentication" = ON
Scenario-2 - AD authentication ON only once through ScaleArc
Steps - a. Join AD domain "SETTINGS > System Settings > Windows AD Setup"
note: Joining Scalearc to AD domain has few known limitations. Failing to comply to those might lead to failure.
b. "Users & DBs > Authentication Offload" = ON
c. "Users & DBs > Fetch Users Auto Fetch Database Users>" = ON
d. Once all users are fetched, Auto Fetch = OFF
e. Unjoin Scalearc from AD domain
f. "Cluster Settings > ScaleArc > Windows Authentication" = ON
Scenario-3 - No AD authentication at all through ScaleArc
Steps - a. "Users & DBs > Authentication Offload" = ON
b. "Users & DBs > Fetch Users Auto Fetch Database Users>" = OFF
c. Add individual Windows users by using "Add User"
d. "Cluster Settings > ScaleArc > Windows Authentication" = ON
Scenario-4 - Authenticating directly against Database
Steps - a. "Users & DBs > Authentication Offload" = OFF
b. "Users & DBs > Fetch Users Auto Fetch Database Users>" = OFF
c. "Cluster Settings > ScaleArc > Windows Authentication" = OFF
| CHECKLIST |
The following is a checklist for settings related to AD and ScaleArc security which are necessary for successful implementation: Functional Capabilities for ... on ...
- Login protocol negotiation: NTLM (version 1) is very old and not supported. Only NTLMv2 is supported. Type of NTLM authentication set on Client/Server - MSSQL
- Host name resolution: rDNS (reverse lookup) is required by AD for the ScaleArc host. Refer to PTR record creation. Add a Host (A) DNS Record Manually to a Windows DNS Server, DNS setup for ScaleArc for MSSQL
- TDS version 7.0 or greater.
- Setting the "Search Domain"
- Use the ADC for the Primary NTP server
- By default, Samba adds the ScaleArc main IP and VIPs into DNS for various services (as SRV records). ScaleArc is a Trusted Host. Ensure that the ADC does not deligate ScaleArc as a BDC (uncheck "trust this host for deligation").
Verifying or troubleshooting a login from ScaleArc (using the TSQL CommandLine Interface) How To: Test my MSSQL Connection from ScaleArc CommandLine
Using SSMS (SQL Server Management Studio How to connect from SQL Server Mgmt Studio to MSSQL Database with Windows Authenticated User
Understanding the SQL Server PORT
Comments
0 comments
Please sign in to leave a comment.