1

I have a requirement to connect to a local SQL Server using PHP and Windows Authentication (specifying a username and password is not an option; it must be via Windows Authentication only).

Here is the connection string as per the Microsoft examples:

try {   
   $conn = new PDO( "sqlsrv:Server=(local)\SQLEXPRESS;Database=accounting;ConnectionPooling=0", NULL, NULL);   
   $conn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );  
}

Here is the error message that I am receiving:

PDOException: SQLSTATE[28000]: [Microsoft][ODBC Driver 13 for SQL Server][SQL Server]Login failed for user 'DOMAIN\server$'. in ...

However I had already added this computer to the access on the SQL Server using these commands:

CREATE LOGIN [DOMAIN\server$] FROM WINDOWS;
GO
USE accounting;
GO
CREATE USER [DOMAIN\server$] FROM LOGIN [DOMAIN\server$];
GO

What else could be the issue?

Álvaro González
  • 142,137
  • 41
  • 261
  • 360
Jack
  • 29
  • 6
  • `(specifying a username and password is not an option; it must be via Windows Authentication only).` Why? setting up a dedicated SQL account for that database is easy to do, easy to maintain. Windows authentication is a PAIN. – Tschallacka Jun 21 '17 at 10:15
  • @Tschallacka Best practice is to use a AD account. Windows Authentication Mode in SQL Server can leverage the organization-wide Active Directory, account, group and password policies, thereby making access more secure. – Oscar Jun 21 '17 at 10:17
  • See this: https://stackoverflow.com/questions/857194/php-pdo-connection-to-sql-server-with-integrated-security – Oscar Jun 21 '17 at 10:22
  • @Oscar I am already not supplying a username and password in the connection string, which is what that answer suggests to do. – Jack Jun 21 '17 at 10:24
  • @Tschallacka This question is more of why it is showing that error message when I've added the permissions, rather than why we want to do it as we do. – Jack Jun 21 '17 at 10:24
  • I don't have any clue about WINdows auth but the error says soemthing with a server$ ...Login failed for user 'DOMAIN\server$'. is that what you want or shouldn't this be something like Login failed for user 'MY_NICE_DOMAIN\the_best_server_ever' ??? – Alex Odenthal Jun 21 '17 at 10:32
  • @AlexOdenthal Obviously I am using place holders rather than the company and server as that could be a security risk :-) – Jack Jun 21 '17 at 10:33
  • May be it's related to this article: [Only Windows Auth allowed](https://dba.stackexchange.com/questions/29992/odbc-data-source-sql-server-connection-login-failed-for-user) – Alex Odenthal Jun 21 '17 at 10:40
  • Check sql server error log to find out the cause. It's the next row to 18456 error – sepupic Jun 21 '17 at 14:36
  • ...And where is trusted connection in your connection string? I see no Integrated Security=true, nieghter Trusted_Connection=True – sepupic Jun 21 '17 at 14:41
  • There is no such option in PDO and it is not required. See https://learn.microsoft.com/en-us/sql/connect/php/how-to-connect-using-windows-authentication. It uses Windows Authentication by default, when no username and password is specified. Please state correct information only. – Jack Jun 22 '17 at 08:47
  • @Jack my comment is related to the server side. not the PDO Driver or something. If you connect to using Windows auth by default and the server doesn't accept this...well. – Alex Odenthal Aug 24 '17 at 10:41

0 Answers0