Troubleshooting Masking Connector with an AD account
When defining the user using the default AD account the connector fails.
The following fails: "<DomainName>\<UserName>".
An example of the error message is:
|Login failed for user 'ACME\Joey_Blogs'|
The masking engine does not accept domain-user format. The Domain and User details need to be specified as properties for the masking connector.
Solution: How to configure an AD Account
To use an AD account follow these steps:
- On SQLServer
- Be aware there are two types of Login: DB server level (under Login) vs. Instance DB instance level (under Security -> Users).
- Ensure a regular local SQLserver user, eg. "delphixmasking", shows as SQLserver authentication under SSMS and successfully tests as the Delphix connector.
- On Windows SSMS: Check the AD account permissions:
- Add access to the specific DB desired.
- The default MSSQL Microsoft JDBC connector string needs additional information and parameters.
- These can now be added as JDBC driver properties with the Basic connector.
- Prior to version 220.127.116.11, the engine required adding additional parameters in the JDBC URL (using the Advanced connector).
- On Masking Engine: Configure a Masking Connector using the Advanced option.
- Use the Basic connector.
- Start by creating a text file that is either ascii or UTF-8 encoded containing the following lines:
- Edit the domain line to specify your own AD domain.
- Save as a file named
myMSSQLConnectorAD.properties. Ensure you append the .properties extension to the file. It is required.
- Upload the file for each the MSSQL connector on the masking engine.
- After saving the properties file, using the View button confirm the properties are properly set.
- Delphix Masking 6.0.x: Database Connection Properties
- ServerFault: Why Does A/D Account Need SQL Server Login?
- ESHA Research: Granting Access To Additional Users With SQL Server Management Studio For Genesis Food And Food Processor