Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
rhavenn
Starting Member
14 Posts |
 Posted - 2010-02-11 : 17:00:24
|
| So, I'm trying to get integrated security to work and I'm just having some trouble understanding all the pieces.Here is our layout:2008 server with SQL 2008 SSRS installed running as a domain user.2003 server with sql 2005 with a database that we want to query for a report.The report works fine if I use "credentials stored securely stored in the report server" and just use a SQL user.However, we'd like to switch this to use the "windows integrated security". My understanding of "windows integrated security" is that it will try and make the database connection as the windows user browsing the report site. Browser is IE 8 and all users are domain users.According to this document, http://technet.microsoft.com/en-us/library/cc281382.aspx , when using a domain user account as the service account I have to use NTLM auth. I tried setting up some SPNs on the report server using both the report server "user account" and the user account the report server is running as. Neither of which worked.Do I have to do anything special on the DB server on the remote end? I'm a sa on the other end, so I wouldn't think I would need special permissions.Any advice? |
|
|
Sarah Grove
Starting Member
1 Post |
Posted - 2010-03-25 : 18:19:13
|
| Has anyone found the resolution to this? We are working on moving from SQL Server 2005 to SQL Server 2008 with all of our instances. I want to move Reporting Services first, but this security bit has us at a standstill. The current configuration -- RS2005 on Windows 2003 getting data from SQL Server 2005 on Windows 2003 allows the use of integrated security without problem. But RS2008 on Windows 2008 getting data from SQL Server 2005 on Windows 2003 using integrated security consistently returns "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." |
 |
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2010-03-25 : 18:48:09
|
| need to be a domain admin to register the SPN.setspn for the service accounts on SQL Server and IISmake sure that in Active Directory the account(s) is tagged to allow delegation |
|
|
|
|
|
|
reports using windows integrated security?