login failed sql state 28000

Question

_{Wednesday, June 18, 2008 10:46 PM}

 

I am writing a PHP  application that connects to Deep database on on a remote server 'emr-abc'. I created a system DSN ‘dkv’ using ODBC Data Source Administrator which uses windows NT authentication using windows network login id. I tested it from within ODBC Data Source Administrator and it connects successfully. In my PHP script I am using  ODBC_connect to connect to the database with the following parameters:

$data_source="dkv";
$username="dkaur";
$password="";

$conn=odbc_connect($data_source,$username,$password); 

 

But when I run the script I get the following error:

Connection Failed:[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'domain name\machine name$'., SQL state 28000 in SQLConnect in C:\Web\WebServer\htdocs\MSSqlConn2.php on line 17

 

I tried connecting to the emr-abc using telnet as follows: telnet emr-abc 1433

It connects using telnet.

 

Do you have any idea how to fix this?

 

Any help is highly appreciated.

 

Thank You

 

Deep

All replies (5)

_{Wednesday, June 18, 2008 10:51 PM}

You can't pass user name for SSPI connection. Th process user token will be used to authenticate against SQL Server. The user your process/thread is running under does not have permissions to access your SQL Server.

---

_{Wednesday, June 18, 2008 11:03 PM}

 

Thanks for a quick reply.

Please tell where do I have to give permissions to use odbc_connect.

I can connect to this database using SQL Server Management Studio Express, on the same machine where php script is.

I can also get on this remote server emr-abc using remote desktop connection.

 

Thanks

 

Deep

---

_{Wednesday, June 18, 2008 11:16 PM}

 

You mentioned that in your PHP script you used  ODBC_connect to connect to the database with the following parameters:

$data_source="dkv";
$username="dkaur";
$password="";

 

Since you have a DSN which uses integrated windows authentication, you should not pass the $username and $password in the connection string.

 

$conn=odbc_connect($data_source,"","");

 

---

_{Wednesday, June 18, 2008 11:26 PM}

 

Hi Saurabh, I tried your suggestion, but i still get the same error msg.

 

Thanks

 

Deep

---

_{Wednesday, June 18, 2008 11:37 PM}

To use windows authentication your calling process/thread must be running under SQL Server access granted windows credentials. There are two ways to achieve this:

1. Start your web server under a domain user account and grant this accout a SQL Server acceess
2. Enable Windows Authentication of every HTTP request then impersonate to the authenticated user before establishing the SQL Server connection.

Why do you use windows authentication instead of SQL Server one? It is recommended to use SQL Server authentication due to security constraints. One of them - you can't delegate client identity to the remote SQL Server. It is a double hop scenario and is not allowed by default. If you wish to have it you should enable trusted relations between Web and SQL servers in the Active Directory however this could lead to a security breach.

 

What is your scenario for Windows Authentication?