[PHP-DB] Unable to connect to MSSQL with PHP through a firewall
I've got an odd little problem that I just can't figure out. First, let me briefly describe my setup: * Behind a firewall is a Windows 2003 Server running SQL Server 2000 with mixed mode authentication * On that same internal network is a Linux web server with Apache 2, PHP 4.3.4, FreeTDS, etc. * The firewall is setup to only allow the external web servers access to specific NAT forwarded ports (1433 TCP, 1434 UDP, 445 TCP) * At a colocation ISP is another web server running Windows 2000 Server with Apache 2, PHP 4.3.3, etc. I've written a script that connects to the SQL server for simple authentication and tracking. This script was developed on the internal Linux box. Everything works fine on this server: connecting, authenticating, queries, etc.. Running the same script on the external Windows box isn't working as well, though. Apache and PHP run just fine on this box with other scripts, but connecting to the SQL server through the firewall with the same script and settings, except for the IP address of the server (since we are connecting to the firewall's NAT'd ports), but I consistantly receive the following error: Login failed for user 'JoeShmoe'. Reason: Not associated with a trusted SQL Server connection. I'm thinking either there is a problem with the SQL server's settings (somewhere, I don't know), or PHP on the external webserver, but I'm not sure what to do. I've looked all over the configurations for both servers and they look fine, checked several sites and lists for advice and couldn't find anything that would work. Any ideas as to what I should be looking for? -- Ricky Boone [EMAIL PROTECTED] Planetfurry.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Unable to connect to MSSQL with PHP through a firewall
I came across this problem when I separated my web applications and database (sql 2000) onto separate servers. The problem is that Windows does not (cannot) pass user authentication information to SQL server ... if they are different machines. I used Mixed authentication and added user accounts/groups to sql server to authenticate at the database. Unfortunately, Windows doesn't support this when IIS and SQL servers reside on separate machines. My understanding is that it will work in native AD environment using Kerberos delegation, but I have no way to test/validate that. Change your connection to use SQL authentication and you will be able to connect to SQL just fine. Your connectionstring should look something like this: PROVIDER=SQLOLEDB.1; Persist Security Info=False; Data Source=ip or servername; Initial Catalog=database; UID=sql_login; PWD=password Give the sql login the necessary rights to do what the application needs to do. hth, Duane www.ciber.com -Original Message- From: Ricky Boone [mailto:[EMAIL PROTECTED] Sent: Thursday, January 29, 2004 7:24 PM To: [EMAIL PROTECTED] Subject: [PHP-DB] Unable to connect to MSSQL with PHP through a firewall I've got an odd little problem that I just can't figure out. First, let me briefly describe my setup: * Behind a firewall is a Windows 2003 Server running SQL Server 2000 with mixed mode authentication * On that same internal network is a Linux web server with Apache 2, PHP 4.3.4, FreeTDS, etc. * The firewall is setup to only allow the external web servers access to specific NAT forwarded ports (1433 TCP, 1434 UDP, 445 TCP) * At a colocation ISP is another web server running Windows 2000 Server with Apache 2, PHP 4.3.3, etc. I've written a script that connects to the SQL server for simple authentication and tracking. This script was developed on the internal Linux box. Everything works fine on this server: connecting, authenticating, queries, etc.. Running the same script on the external Windows box isn't working as well, though. Apache and PHP run just fine on this box with other scripts, but connecting to the SQL server through the firewall with the same script and settings, except for the IP address of the server (since we are connecting to the firewall's NAT'd ports), but I consistantly receive the following error: Login failed for user 'JoeShmoe'. Reason: Not associated with a trusted SQL Server connection. I'm thinking either there is a problem with the SQL server's settings (somewhere, I don't know), or PHP on the external webserver, but I'm not sure what to do. I've looked all over the configurations for both servers and they look fine, checked several sites and lists for advice and couldn't find anything that would work. Any ideas as to what I should be looking for? -- Ricky Boone [EMAIL PROTECTED] Planetfurry.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Unable to connect to MSSQL with PHP through a firewall
On Thu, 2004-01-29 at 21:57, Duane Lakoduk wrote: I came across this problem when I separated my web applications and database (sql 2000) onto separate servers. The problem is that Windows does not (cannot) pass user authentication information to SQL server ... if they are different machines. I was under the impression that Windows did not have to send the authentication information if you use the username and password arguments in mssql_connect(). I'm not having to do anything different on my Linux box. I used Mixed authentication and added user accounts/groups to sql server to authenticate at the database. Unfortunately, Windows doesn't support this when IIS and SQL servers reside on separate machines. My understanding is that it will work in native AD environment using Kerberos delegation, but I have no way to test/validate that. My options at the moment are a bit limited; AD and Kerberos are not in my available list of authentication mediums. Also, just to verify, I am using Apache 2 on both the internal Linux box and the external Windows box. IIS is fortunately (or unfortunately depending on your point of view) not part of the equation. Change your connection to use SQL authentication and you will be able to connect to SQL just fine. I've been using SQL authentication. Using Windows authentication was time prohibitive even during development internally, so we made sure we setup the server with mixed mode. It works just fine this way when connecting from the Linux box on the internal network. Your connectionstring should look something like this: PROVIDER=SQLOLEDB.1; Persist Security Info=False; Data Source=ip or servername; Initial Catalog=database; UID=sql_login; PWD=password I'm unfamiliar with this kind of connection string. This is how I connect: $sqlConnect = mssql_connect($sqlHost, $sqlUser, $sqlPass) or die(Could not connect to database: .mssql_get_last_message()); Give the sql login the necessary rights to do what the application needs to do. I've even tried 'sa', no luck. -- Ricky Boone [EMAIL PROTECTED] Planetfurry.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
