Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Authenticating from domain 'X' PC towards domain 'Y' Azure SQL
#1
Hi, 

I have a small question that I was hoping you could assist with.

Here's the scenario as we see it:

We're considering creating an Azure SQL database on domain YYYY's Azure tenant, but on our local PC's are logged into domain XXXX.

We've tested with the following:
- Integrated Windows authentication (We did not expect this to work and it didn't)
- Reading over the Forums, we found that the suggestion is often to set up a Full Trust between the two domains, but that will NEVER be an option for us. 
- RunAs does not work either 

However, we are wondering if we can use Azure AD to authentication our users with?

Looking over some other tools, we've seen that it works with those. 

Any help would be greatly appreciated.
Reply
#2
You should try to use the latest patch (ASGRD 2018 Patch4) - untrusted domain login is supported with that version...
Regards/Gruss
Oliver
Reply
#3
Hi Oliver, 

Thank you for the reply. 
I just installed it now, however I'm having a bit of a hard time seeing how it can solve our issue. 
Is there any doumentation on the topic?

As mentioned we're using an Azure SQL server and I guess we ultimately want to authenticate the users against our Azure AD. 

Perhaps we're going about it wrong.
Reply
#4
Did the AZURE SQL database is running and is working? If yes use the login dialog of ASGRD - uncheck Integrated and use an ActiveDirectoy-Account from your Azure AD - that should work (version 2018 Patch4) - if not what error do you get? Or what is not working as expected? In ASGRD you should be able to add the AZURE AD in Settings=>Domains so you can also browse this AD in the application, add users in permissions and so on...
Regards/Gruss
Oliver
Reply
#5
(29-05-2018, 03:31 PM)DevOma Wrote: Did the AZURE SQL database is running and is working? If yes use the login dialog of ASGRD - uncheck Integrated and use an ActiveDirectoy-Account from your Azure AD - that should work (version 2018 Patch4) - if not what error do you get? Or what is not working as expected? In ASGRD you should be able to add the AZURE AD in Settings=>Domains so you can also browse this AD in the application, add users in permissions and so on...


The Azure SQL DB is up and running. 
I've managed to log-in with both the SQL Server admin account as well as the accounts that are assigned as Active Directory Admins. 

What doesnt seem to work is that if a password is reset on the AD Admin account, ASGRD still expects the old PW. I have not added the admin account on the DB or anything, so I'm intrigued as to where the PW is coming from in the first place. 

Perhaps the step you mentioned regarding adding Azure AD in Settings => Domains is what I'm missing. You mentioned that i should be able to browse the AD in the application, add users in permissions and such, however I can't quite get that integration to work Sad   Any documentation on that?  

Also, I do apologize for the limited tech-talk and I appreciate your help
Reply
#6
Yes, first you need to add the AD to "Domains" in Settings - quite easy, server, username and password! Then this AD is shown in any AD-Browse dialog - so I don't know which documentation you are looking for? If you have trouble in any dialog in the program just press F1 :-)

The problem with password reset I have no idea - perhaps it will be synced in AZUE AD to a second instance?!? We use a LDAP query when trying to login via untrusted domain - so there is nothing cached.
Regards/Gruss
Oliver
Reply
#7
Hi Oliver, 


I'll give it all a go and see how far i can get before I need to bother you again Wink

Thank you very much for your help.
Reply
#8
Hi Oliver, 

After some tinkering I resolved the issues i was having. Main issue was our VPN connection, which leads me to a new question.
We require the VPN to connect to our AD since its hosted in Azure, however that creates some problems for users that may need an offline mode. 

Scenario:
User is at a customer with no access to internet - only LAN. 
The user wants to be able to start the program and be able to access the customers machines. 

Currently I have enabled the offline mode and such, however I cannot login once the internet access is cut.
Reply
#9
What kind of error message do you get? Your scenario should work... All data is saved to an offline file and can be used without access to the database...
Regards/Gruss
Oliver
Reply
#10
Hi Oliver, 

I get the following:

-----
Login failed. Please veridy user name and password!
The server is not operational.
-----

I fully agree with what you said regarding the offline file and such, which is why I'm confused as to why this is happening :O
Reply
#11
Ok - will check that...
Regards/Gruss
Oliver
Reply
#12
One question - do you have access to the ActiveDirectory when trying to start in offline mode? If not I think that might be the problem...
Regards/Gruss
Oliver
Reply
#13
I think that's it - then I get the same error message (tried on offline VM and tried to logon to my untrusted domain account) - so we will try to find a solution for that...
Regards/Gruss
Oliver
Reply
#14
Hi Oliver, 


Your findings are spot on! Smile
Thanks for the help.
Reply
#15
If you enable Private Messages I could send you a link for a Preview version where this issue is already fixed...
Regards/Gruss
Oliver
Reply
#16
(06-06-2018, 01:26 PM)DevOma Wrote: If you enable Private Messages I could send you a link for a Preview version where this issue is already fixed...

Hi Oliver, 

I apologize for missing your last message regarding the link for a preview option and replying so late. 
I have enabled PMs now, so I was wondering if you could perhaps send me the link? Smile
Reply
#17
I'm facing the exact same issue, can we confirm if a cause was found?
Reply
#18
Yes it will be fixed in the next patch - comming soon...
Regards/Gruss
Oliver
Reply




Users browsing this thread: 1 Guest(s)