Tuesday, November 15, 2016

An Apparent Guardium V10 GUI Bug that Prevents Configuration of Domain Authentication for MS SQL Server - And It's Workaround

by John Haldeman, Enterprise Architect

Today someone on our team ran into an issue with connecting to a MS SQL Server database using a domain authenticated user. It was the second time this happened to us, so I thought I would write a blog post in case someone else encounters it. You might already be familiar with the special considerations for making SQL Server domain authenticated connections in order to set up things like entitlement reports and vulnerability assessments. Specifically, you need the jTDS driver and some special configuration as outlined in this support document:
              https://www-01.ibm.com/support/docview.wss?uid=swg21675924

The problem is that we've encountered what looks like a bug in Guardium V10's GUI that prevents connection properties from being saved. This is with V10 GPU 125 applied. I think it's likely it affects all current V10 versions, but can't be sure. What that means is that the "domain=<your domain>" instructions listed at the end of the support document don't seem to work. When you test the connection, you'll get failed login errors and when you exit and try and edit the datasource again you might find that the domain parameter that you enter disappears - it looks like it isn't being applied to the datasource definition.


The workaround for this is to populate the "Custom URL" field in the datasource editor instead and specify the connection properties there. For SQL server domain authenticated connections it would take the following form:
               jdbc:jtds:sqlserver://<host/ip>:<port>;domain=<windows_domain>

Replace the items in bold with your host/ip, port, and windows domain name. If you do that you'll likely have more luck. I'll try and update this post if I see this problem gets fixed in a later version of Guardium.



No comments:

Post a Comment