All Apps and Add-ons

Splunk DB Connect 2: Is it possible to use multiple Windows Authentication accounts to connect with multiple MS SQL databases?

jialiang123
New Member

Hi,

I have a use case in using multiple Windows accounts to log in into multiple MS SQL databases using Windows Authentication.

According to the documentation, I will have to configure the splunk service to run as the windows account. However, that will limit me to run as only a single account.

I need to account multiple MS SQL databases with each one using a different Windows authentication account.

Is this possible? I am still stuck with the DB connect 1 for this reason alone.
Please advise.

Thank you.

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

Hi, just to clarify: Windows integrated authentication is one thing, and using a Windows account to access a database is another. Connecting with Active Directory credentials (DOMAIN -backslash- USER) works on Linux or Windows. It does require careful handling of the domain field and JDBC URL: we’ve improved the out of the box templates for this in version 2.1.0: http://docs.splunk.com/Documentation/DBX/2.1.0/DeployDBX/Createandmanagedatabaseconnections and http://docs.splunk.com/Documentation/DBX/2.1.0/DeployDBX/Troubleshooting#Cannot_connect_to_Microsoft...

Integrated authentication requires the Microsoft generic driver, which uses OS libraries — you must use a Windows forwarder for this to work, and multiple forwarders on Windows is not supported (http://blogs.splunk.com/2014/04/07/running-two-universal-forwarders-on-windows/ for more info). There is a non-accepted patch to jTDS for this, but it is not supported by Splunk; also the jTDS driver means that you can’t use SSL or connection pooling: http://docs.splunk.com/Documentation/DBX/2.1.0/DeployDBX/Supporteddatabases

0 Karma
Get Updates on the Splunk Community!

This Week's Community Digest - Splunk Community Happenings [9.26.22]

Get the latest news and updates from the Splunk Community here! Upcoming User Group Events! 👏 Check ...

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...