JTDS driver connection string info for SQL Server Discover scanning using NTLM

book

Article ID: 160050

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

I am using the JTDS driver to scan an SQL Server target.  The SQL Server only allows NTLM credentials for login when using the JTDS driver.

How do I setup a connection string so that I can connect and scan the database?

Resolution

Background:

Windows Challenge/Response (NTLM) is the authentication protocol used on networks that include systems running the Windows operating system and on stand-alone systems. Sometimes customer environments setup the SQL Server in such a way that only NTLM credentials are allowed for authentication.

To pass the login credentials via NTML you have to provide the domain so that Active Directory can find and authenticate the user.  This is done by adding the additional options in red below.
 
SQLSERVER://<server>:<port>/<database>;domain=<domain>;useNTLMv2=true

The settings that are in red are important; ensure that the domain is properly set. The user credentials are passed within the URL through the application and do not need to be set.

This will work for Discover in Linux and Windows environments.


References:
JTDS driver URL : http://jtds.sourceforge.net/faq.html
NTLM : http://msdn.microsoft.com/en-us/library/aa378749%28VS.85%29.aspx