I am attempting to connect to a Microsoft SQL server db using PHP (in IIS). The user/pass provided in the code is an AD account that can access the database via ODBC in Access just fine.
$serverName = "servername";
$connectionInfo = array( "Database"=>"dbname", "UID"=>"myuser", "PWD"=>"mypass");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn ) {
echo "Connection established.<br />";
}else{
echo "Connection could not be established.<br /><pre>";
die( print_r( sqlsrv_errors(), true));
}
The username and password are valid, as are the server name and database name. But this is returning the error:
[Microsoft][SQL Server Native Client 10.0][SQL Server]Login failed for user 'myuser'.
For the username (which is a valid user in AD, and I can connect/link to this database using Access) I've also tried:
DOMAIN.ORG\myuser
DOMAIN.ORG\\myuser
myuser#DOMAIN.ORG
My domain user (myuser) has admin privileges to that server via AD. But that returns the same Login failed error. Is there something I'm missing? I can connect to this same db using Access without a problem (under the same user).
The way I connect in Access is an ODBC Data Source for the local user. The Data Source is set to authenticate "With Windows NT authentication using the network login ID". How can I do that in PHP?
Is this impersonation configuration the possible cause?
PHP is running under the user nt authority\iusr
If it was trying to login using iusr wouldn't the error message say so?
I've tried creating a Data Source on this machine called "TestDS" and using the code:
$conn = odbc_connect("TestDS", "", "");
But that gives me:
The specified DSN contains an architecture mismatch between the Driver and Application, SQL state IM014 in SQLConnect
Machine1 is a client trying to access a webpage (where the PHP code is on Machine2) and the code on Machine2 is making the SQL connection to Machine3 (servername).
"Windows Security" in SQL Server connections is enabled by specifying "Trusted Connection=SSPI" in the connection string. No username or password is stored in the connection string (that's only for "SQL Server Security"). The process running PHP (presumably php_cgi.exe itself) must run under a Windows (either local or AD) that has a Windows login registered on the SQL Server.
Under IIS php_cgi.exe runs under the user identity of the application pool. If you have a heterogenous security environment I suggest creating an IIS application pool just for this single website.
Related
I am trying to connect to a SQL server database with a windows account. In sql managment studio, I can open the database with this account but not with my php application. This user is not a sql user, but he have the right on the SQL database.
I tried with a sql user and it works with my php application.
Is it possible to use my windows account from the php application, and not a specifique sql user?
sqlsrv_connect
By Default it trys to establish a Connection with a Windows Auth. u can try the snipped below. If u have to use a defined WindowsUser to Login, try the Code from the documentation link above.
$serverName = "serverName\sqlexpress"; //serverName\instanceName
// The connection will be attempted using Windows Authentication.
$connectionInfo = array( "Database"=>"dbName");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn ) {
echo "Connection established.<br />";
}else{
echo "Connection could not be established.<br />";
die( print_r( sqlsrv_errors(), true));
}
There is a part of code with connection string in which you provide instance name, login, password etc for PHP to connect to MS SQL. You can change connection string on your credentials from windows domain. But its acceptable for testing but not for production :)
Another way is to connect PHP to your AD and make user to enter login/pass from domain when they come on your site. For example it is simply done in IIS (I haven't work with domain auth on PHP that runs on Linux, but as I know LDAP can help you).
I am trying to connect to a SQL Server database from PHP but I'm having problems with the connection string. Here is a rundown of what I've tried and the effect it has had:
Running PHP 5.3.13, Apache 2.2.22, Windows 7, and SQL Server 2008 R2
I've installed SQL Server Native Client 11.0
I've dropped using MSSQL driver, using the SQLSRV driver instead.
Loaded these extensions in php.ini: extension=php_pdo_sqlsrv_53_ts.dll, extension=php_sqlsrv_53_ts.dll,
extension=php_pdo.dll.
phpinfo() shows these as active:
Registered PHP Streams php, file, glob, data, http, ftp, zip, compress.zlib, phar, sqlsrv
PDO drivers mysql, odbc, sqlite, sqlsrv
sqlsrv support enabled
Connection code is as follows:
$serverName = "[servername]";
$connectionInfo = array( "Database"=>"[databasename]");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn )
{
echo "Connection established.\n";
}
else
{
echo "Connection could not be established.\n";
die( print_r( sqlsrv_errors(), true));
}
The string is set up to use Windows authentication, which sqlsrv_errors() reports:
[message] => [Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user '[networkname]\[machinename]'
I have also tried this using my network id/pwd, resulting in
[message] => [Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user '[username]'
I do know that the database is up and functional, as I can connect and run queries without problem from the SQL Server client, and from sqlcmd. The SQL Client and the command line work when using my network/machine credentials. The command line client fails when I try with username/password. This would indicate that any PHP connection should use the Windows authentication to connect.
Someone in another thread suggested that changing permissions in a registry entry would work, but this did not help my issue. PHP 5.3 not recognizing Native Client to connect to MS SQL
I also had some success creating a system DSN. The connection test reports success:
Microsoft SQL Server Native Client Version 11.00.2100
Running connectivity tests...
Attempting connection
Connection established
Verifying option settings
INFO: A network alias was found for the DSN server. 'Protocol: DBMSSOCN; Address: [servername]' was used to establish the connection.
Disconnecting from server
TESTS COMPLETED SUCCESSFULLY!
I've searched extensively within stackoverflow.com, and the interwebs in general with no luck. Obviously the db connection is alive using other methods, but what is going wrong in my connection via PHP?
I got this solved by creating a new login using sql server authentication. I hope this helps somebody with similar issues.
SQLSRV uses the absence of a UID (uid==NULL || strlen(uid) ==0) to indicate that it should try set the "trusted connection" flag in the connection string, i.e. connect using the credentials implied by the execution context.
You can't pass a domain login and password (e.g. UID='MYDOMAIN\user') explicitly.
I had a weird compiler version issue with Microsoft's driver for PHP, and solved my connection problem with PHP's ODBC driver:
//$pdo = new PDO("sqlsrv:Server=$hostname;Database=$dbname;", $username, $password); // works with proper driver for PHP.
$pdo = new PDO("odbc:Driver={SQL Server};Server=$hostname;Database=$dbname;", $username, $password); // works with proper driver for ODBC and PHP ODBC.
I am trying to establish a connection to my company's MSSQL server with windows authentication , but it fails as it is trying to use my computer name as login instead of my login id. When logging in with the MS SQL Server Management the windows authentication works fine, but not with this PHP code:
<?php
// Server in the this format: <computer>\<instance name> or
// <server>,<port> when using a non default port number
$serverName = "xxx";
$connectionInfo = array( "Database"=>"xxx");
/* Connect using Windows Authentication. */
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn ) {
echo "Connection established.<br />";
}else{
echo "Connection could not be established.<br />";
die( print_r( sqlsrv_errors(), true));
}
//
?>
The printout I get is the following:
[Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for
user 'xxx\T2002197$'. ) )
T2002197 is my computer name, not my login id, so of course it fails. How can I solve this? I am using WAMP.
Edited out some info, replaced with 'xxx'
Aah problem solved! I changed the settings on my WAMP service (open service.msc in Windows) and made sure the service logged on the correct account. It works now.
The manual says that per default the connection is using Windows Authentication and not the SQL Server authentication.
To bypass this you need to provide the uid and pwd options in your $connectionInfo data.
Se the manuals;
http://php.net/sqlsrv_connect
http://msdn.microsoft.com/en-us/library/ff628167.aspx
I am trying to connect using PHP to an SQL Server on another machine. I have found two ways of doing this. Either with odbc_connect or sqlsrvr connect.
$connection = odbc_connect("Driver={SQL Server Native Client 10.0};Server=$serverName;Database=$db;", 'user', 'pass');
or
$conn = sqlsrv_connect($serverName, array('UID' => '', 'PWD' => ''));
The connection works if I try to connect to an SQL account. Unfortunately I cannot manage to connect using the Windows Authentication.
So far I have tried the following : used a working pass, added Trusted_Connection=yes; or Integrated Security=SSPI; . I have also tried combining this with fastcgi.impersonate = 1 or 0.
When I use directly my user and pass I get a login denied error and when I try the windows authentication with sspi I receive the following error:Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
I've googled the problem a lot but I could not find a solution. Some people however were talking about php not using the Network Service account and that that might be the problem.
Does anyone know how I could fix this or maybe give me a lead?
Thank you in advance.
I was able to establish a trusted connection to a remote SQL server from PHP running on a seperate IIS server using:
$connectionInfo = array('Database' => $dbname);
$con = sqlsrv_connect($servername,$connectionInfo);
In php.ini:
fastcgi.impersonate = 0
mssql.secure_connection = On
In IIS for my PHP site:
Anonymous Authentication = Disabled
Windows Authentication = Enabled
Application Pool settings for site: Integrated, Network Service
Database Security on SQL Server for $dbname database:
create login: domainname\iisservername$
map domainname\iisservername$ to db_datareader privilege for $dbname database
Note: The $ in the iisservername is important. With the above settings IIS will establish a trusted connection with the SQL server without the need to store userid and password information in your PHP file. Locally the permissions used by the application pool are "Network Service". Remotely, these permissions pass through the network as user domainname\iisservername$.
Open the IIS Console
Configure your App Pool identity with the desired user which must have enough permissions in your SQL Server+Database
Select your "Specific Website"
Open "Authentication" settings
Right-click on "Anonymous Authentication" and click on "Edit"
By last select the option: Application pool identity (radio button) and press the "OK" button to apply the changes.
basically the problem is that the identity that is used to connect to the server will always be the identity of the process in which PHP is running
This link may help you.
For PHP on IIS 7.5 to connect without a username and password using SSPI authentication. I had to do the following:
In my IIS application pool advanced settings, I set it to use a custom account Domain\username to the user I needed PHP to connect as.
In my IIS specific website, I changed the Basic settings to Connect As that same Domain\username.
In my PHP code I could then connect using $conn = sqlsrv_connect($dbhost, array("Database" => $dbname, "UID" => "", "PWD" => ""));
Other notes: fastcgi.impersonate = 1
And I only have: Anonymous Authentication Enabled
*
Have you tried $conn = sqlsrv_connect($serverName);
The array is optional. Windows authentication is used as default. See this MSDN article
IIS should have Windows authentication enabled and anonymous access turned off.
Open the IIS Console
Go to your site
Open "Authentication" settings
Right-click on "Anonymous Authentication" and click on "Edit"
By last select the option: Application pool identity (radio button) and press the "OK" button to apply the changes.
Go to "Application Pools" and get the application pool name.
Open SSMS (SQL management studio), enter the relevant database and choose "Security".
Add a new user, fill only the name and save. The name of the user should be:
IIS APPPOOL\{YOUR_APP_POOL_NAME}
Good luck!
i can connect from client PC to SQL Server Express using the following creds. in mgnt sudio:
server: 192.168.44.96\sqldb
auth: windows auth
user name: domain\user
pw: 1234!
Have a LAMP server trying to connect to the above SQL server, here's what the PHP looks like:
$server = '192.168.44.96\sqldb';
$username = 'domain\user';
$password = '1234!';
$database = 'testing123';
$connection = mssql_connect($server, $username, $password);
if($connection != FALSE){
echo "Connected to the database server OK<br />";
}
else {
die("Couldn't connect" . mssql_get_last_message());
}
if(mssql_select_db($database, $connection)){
echo "Selected $database ok<br />";
}
else {
die('Failed to select DB');
}
the page displays 'couldn't connect' and the error.log says "unable to connect ot server: 192.168.44.96".
I have also set mssql.secure_connection = On in php.ini and restarted apache2.
any thoughts?
thanks!
I can't comment on the PHP part, I only know SQL Server.
But I can tell you: That's not how Windows authentication works.
You can't use Windows authentication and then pass user name and password explicitly to the server. You need to do one of these:
Use SQL Server authentication and pass user name and password explicitly
Use Windows authentication and do not pass user name and password - you will connect automatically with the active Windows user.
Since you're using a Linux server, I'm pretty sure that you can't use Windows authentication. So you have to use SQL authentication (which needs to be enabled on a fresh SQL Server installation), and you have to create an user on the SQL Server.
If you have a default sqlexpress installation you probably need to configure your sql server to allow remote access connections.
Also I don't know if you can connect with windows auth. At your sql server you can also setup sql authentication and use uid=;pwd=.