| Author |
Message |
troyhunt
Joined: 28 Nov 2010
Posts: 15
Location: Australia
|
 Posted: Mon May 21, 2012 4:29 am Post subject: Login failed when using AD credentials from the command line |
 |
|
I'm trying to run SQL Compare 10 from the command line to sync a database under source control and a remote DB server as follows:
"C:\Program Files (x86)\Red Gate\SQL Compare 10\SQLCompare.exe" /scr1:[VCS location of DB] /server2:[server name] /db2:[DB name] /Include:identical /Report:Report/SchemaDiffReport.html /ReportType:Interactive /ScriptFile:Report/SchemaSyncScript.sql /Force /Sync /u2:[domain\username] /p2:[password]
Which results in the following:
Registering data sources
Error: Comparison of 'Scripts.Database' and
'[server.database]' failed: Login failed for user
'[domain\username]'.
Can the username and password params accept Active Directory credentials or only SQL logins? I've previously used integrated auth simply by omitting the credentials but in this case I'd really like to use a named AD account - is this feasible? |
|
| Back to top |
|
 |
David Atkinson
Joined: 05 Dec 2005
Posts: 1082
|
| Posted: Mon May 21, 2012 5:40 pm Post subject: |
|
|
Sorry, this isn't possible (yet).
Is there any chance you can try using runas from the command line? Out of interest, what is kicking off the automation? If it's TeamCity, would it be a question of running the agent with a user that has the privileges you need?
David Atkinson
Product Manager
Red Gate |
|
| Back to top |
|
|
troyhunt
Joined: 28 Nov 2010
Posts: 15
Location: Australia
|
| Posted: Tue May 22, 2012 7:55 am Post subject: |
|
|
Hi David, yes, it's from TeamCity. The problem with using the identity the agent runs under is that any build can then deploy to any location the agent's account has access to. For example, if both project A and project B use the agent's identity to deploy to their DB then there's nothing stopping the owner of project A configuring their deployment target to be the location of project B.
This is mostly a problem when the build server is used for multiple autonomous projects. Basically the only way you can segregate out access rights is to specify credentials on a per-build basis which is why I wanted to pass these to the command line. It's not a biggie, it just means automation needs to happen using SQL logins instead of AD.
Thanks for clarifying! |
|
| Back to top |
|
|
David Atkinson
Joined: 05 Dec 2005
Posts: 1082
|
| Posted: Tue May 22, 2012 8:48 am Post subject: |
|
|
| Have you tried this using the "runas" command line? Using SQL Server credentials would mean exposing them in cleartext in TeamCity or NAnt scripts, which is generally undesirable. |
|
| Back to top |
|
|
troyhunt
Joined: 28 Nov 2010
Posts: 15
Location: Australia
|
| Posted: Tue May 22, 2012 9:34 am Post subject: |
|
|
Actually, as of TeamCity 7, passwords can be masked: http://youtrack.jetbrains.com/issue/TW-759
By adding an environment parameter of type "password" you can include the credentials in the build without disclosing them through any UIs. |
|
| Back to top |
|
|
David Atkinson
Joined: 05 Dec 2005
Posts: 1082
|
| Posted: Tue May 22, 2012 9:48 am Post subject: |
|
|
| Nice. I wasn't aware of that. |
|
| Back to top |
|
|
|
|
All times are GMT + 1 Hour
|
| Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
