Hitachi Vantara Pentaho Community Forums
Results 1 to 6 of 6

Thread: JNDI configuration for Windows Authentication

  1. #1
    Join Date
    Oct 2017
    Posts
    4

    Default JNDI configuration for Windows Authentication

    Hello,

    I have a Pentaho server that utilizes JNDI connections. We recently had a client complain about text passwords sitting in the JNDI folder. I thought I had found a work around by utilizing the Windows Authentication on the Pentaho Server (Windows Server), but I am unable to successfully connect to the database with JNDI and integratedSecurity=true. The error I get continues to say "Required subelement 'user'."

    The integratedSecurity option works when I set it up within Spoon as a MS SQL Server Native JDBC connection, but not when referenced in the JNDI file. I have obviously moved the sqljdbc_auth.dll to the correct location.

    Can anyone help me with the proper JNDI reference to make the connection operate as it does with MS SQL Server Native JDBC connection setup?
    I have tried jtds and useNTLMv2=true and the standard jdbc setups. There has to be a way to do this right?

    Thanks,
    Dustin

  2. #2
    Join Date
    Apr 2008
    Posts
    4,635

    Default

    Quote Originally Posted by dpent15 View Post
    There has to be a way to do this right?
    Not necessarily.

    But... Does your JDBC.Properties file (Where you configured JNDI) have spaces around the = ?
    Those aren't allowed. Remove them and try again.

    Another question to consider: When the Pentaho system is running as a service, what Windows user is it running as? Is it running as a Domain user? Does that Domain (or Local) user have access to the Database?

    If you are setting the permissions on your JNDI file and folder appropriately (ie. Locking them down so that basically NOONE can read them), then having the plain text passwords in a file is not a problem.

  3. #3
    Join Date
    Oct 2017
    Posts
    4

    Default

    gutlez - appreciate the response. To answer your questions...

    I have removed spaces around the =. We have been running all of our standard reports on the pentaho server utilizing JNDI for all of them. A new upgraded customer (financial institution-banking industry) is requiring a solution w/o plain text passwords stored in a file. I thought we could utilize Windows Auth since 90+% of our Pentaho servers are running on windows.

    When I execute Spoon jobs with the integratedSecurity optioned checked above on my Pentaho server, I see in my sql logs that I am hitting the database as my user. I would expect the JNDI file to utilize the same windows user.

    Here is one of about 30 different JNDI settings I tried:
    CONNECTION_JNDI/type=javax.sql.DataSource
    CONNECTION_JNDI/driver=com.microsoft.sqlserver.jdbc.SQLServerDriver
    CONNECTION_JNDI/url=jdbc:jtds:sqlserver://MYIP/MYDB;useNTLMv2=true;integratedSecurity=true
    CONNECTION_JNDI/user=dustin
    CONNECTION_JNDI/password=11111

    I have downloaded/installed and read up on the JTDS driver for SQL SERVER. It sounds like they have a windows auth solution also, it just doesn't seem to be executed by the pentaho engine w/JNDI in an acceptable way.

    Again, thanks for reading, any ideas are appreciated.
    Dustin

  4. #4
    Join Date
    Oct 2017
    Posts
    4

    Default

    Thanks for the response gutlez.

    To answer your questions below...

    The spaces have been removed from the JNDI file. We use JNDI for all of our standard report connections on our Pentaho servers.

    When I tested the JDBC connection with integrated security turned on (uses windows auth) and watched it hit my SQL database, I was able to confirm it was using my windows credentials (that also has access to the SQL database server).

    The client is a banking/financial institution and has a no-plain text password policy.

    Here is one of the JNDI entries I have tried (of probably 30 different attempts).

    Connection_JNDI/type=javax.sql.DataSource
    Connection_JNDI/driver=com.microsoft.sqlserver.jdbc.SQLServerDriver
    Connection_JNDI/url=jdbc:jtds:sqlserver://mysqlserver/mydatabase;useNTLMv2=true;integratedSecurity=true
    Connection_JNDI/user=user
    Connection_JNDI/password=password

    Any other ideas are much appreciated.

    Thanks for reading!
    Dustin
    Last edited by dpent15; 07-12-2018 at 10:59 AM.

  5. #5
    Join Date
    Apr 2008
    Posts
    4,635

    Default

    Unfortunately, I don't have any further hints for you.
    Remember that if you are running a Pentaho server, it's not running as your user, but often as a service account -- but that won't explain the error you're reporting.

    When you remove the spaces, do you still get the error "Required subelement 'user'."?

  6. #6
    Join Date
    Oct 2017
    Posts
    4

    Default

    Hello gutlez,

    After a lot of trial and error, I am happy to report we got this to work.

    Here is what we did on our Pentaho Server.

    First, find the sqljdbc_auth.dll file and move it to your Pentaho\java\bin folder.

    Second, make sure your JNDI connections look similar to this in your jdbc.properties file:

    InfoLease_JNDI/type=javax.sql.DataSource
    InfoLease_JNDI/driver=com.microsoft.sqlserver.jdbc.SQLServerDriver
    InfoLease_JNDI/url=jdbc:sqlserver://SQLSERVERIP;databaseName=your database name;integratedSecurity=true
    InfoLease_JNDI/user=dummyuser
    InfoLease_JNDI/password=dummypassword

    The username and password aren't actually used by PDI, but are required in order for it work.

    Thanks for the responses gutlez and I hope this helps some folks with a similar question.

    Dustin

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2017 Pentaho Corporation. All Rights Reserved.