As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
How to configure the Database Security Server to work with operating system authentication
Technical Articles ID:
KB79879
Last Modified: 2023-06-14 11:06:36 Etc/GMT
Environment
Database Security 4.x
Summary
Windows credentials don't work during installation; you can only use SQL credentials.
Windows credentials only work when Database Security Server has been installed:
Using Microsoft SQL Server (MSSQL) back-end database with SQL credentials.
Using internal back-end database with the migration tool to move the database to Microsoft SQL Server (MSSQL).
The following sections describe how to configure the Database Security Server to use Windows credentials to connect to a Microsoft SQL Server (MSSQL) Database Security back-end database.
Click to expand the section you want to view:
Prerequisites:
Database Security Server is installed.
The server configured to work with Microsoft SQL Server (MSSQL) back-end database using built-in SQL authentication.
Configuration tasks:
Open the Services snap-in (services.msc) and configure the service named McAfee Database Security. Log on with an operating system or domain user with access to the Microsoft SQL Server instance (example: "domain\user").
Make sure that the operating system user is part of the Local Administrators group on the Database Security Server host and is configured in MSSQL with the following database roles for the database SNTRSRV:
db_datareader
db_datawriter
db_ddladmin
db_owner
NOTE: Log on to MSSQL using the operating system user and make sure that you have the appropriate access to SNTRSRV.
Download sqljdbc_9.4.1.0_enu.tar.gz from the bottom of this article.
Extract sqljdbc_9.4.1.0_enu.tar.gz to a temporary directory.
Copy <extractDir>\sqljdbc_9.4\enu\auth\x64\mssql-jdbc_auth-9.4.1.x64.dll (assuming the Database Security Server host is running in 64-bit mode) to <installDir>\bin\.
For example: C:\Program Files (x86)\McAfee\McAfee Database Security\bin.
For example: C:\Program Files (x86)\McAfee\McAfee Database Security\ webapps\ROOT\WEB-INF\lib.
Remove the jar file sqljdbc42.jar from the location <installDir>\ webapps\ROOT\WEB-INF\lib
Back up <installDir>\conf\server-custom.properties.
Edit <installDir>\conf\server-custom.properties in a text editor as follows:
NOTE:<osauth> is a placeholder and can be any value. It's not used for authentication, only for display in logs and under System >Backend DBMS Details.
Change the line as instructed below:
From: database.url=jdbc…
To end with:integratedSecurity\=true
For example: database.url=jdbc\:sqlserver\://localhost\:1433;databaseName\=SNTRSRV;integratedSecurity\=true
Delete the line that begins with: database.password=enc…
Change the line as instructed below:
From: database.user=<original-sql-auth-user>
To: database.user=<osauth>
Restart the Database Security service.
Verify that the osauthconfiguration change is used as the display user under System > Backend DBMS Details in the Database Security console.
Prerequisites:
Database Security Server is installed.
The server is configured to work with the internal database.
Configuration tasks:
Stop the Database Security service.
Make sure that the operating system user is configured in MSSQL Database Server with at least the following database roles:
db_owner
public
And the following server roles in the master database:
public
sysadmin
Download sqljdbc_9.4.1.0_enu.tar.gz from the bottom of this article.
Extract sqljdbc_9.4.1.0_enu.tar.gz to a temporary directory.
Copy <extractDir>\sqljdbc_9.4\enu\auth\x64\ mssql-jdbc_auth-9.4.1.x64.dll(assuming the Database Security Server host is running in 64-bit mode) to <installDir>\bin\.
For example:C:\Program Files (x86)\McAfee\McAfee Database Security\bin