Using Windows Authentication with Microsoft SQL Server

KB Home   |   Using Windows Authentication with Microsoft SQL Server

By default PaperCut can use SQL authentication by configuring the database username and password in the PaperCut server.properties file. This is discussed in the manual here. The server.properties file is secured by only being accessible by Administrator users.

Some customers prefer to make use of the Windows Authentication features of SQL Server. This allows PaperCut to automatically login/connect to the database using the credentials of the user the “PaperCut Application Server” is running as. This avoids the need to store the username/password in the server.properties file.

To use Windows Authentication with SQL server some additional configuration is required.


1. Configure PaperCut to use SQL Server

It is generally recommended to configure PaperCut to first use SQL Server authentication and confirm everything is working before moving to use “Windows Authentication”. The Windows Authentication is more complicated to setup, so it’s good to get things working first with SQL Authentication.

To do this follow the upsizing guide in the PaperCut manual.

After completing this you should have PaperCut running using the SQL Server database.


2. Running the PaperCut Application Server as a non-system account

By default the PaperCut Application Server runs as the SYSTEM account. You need to change PaperCut to run under a user account that is granted permissions to the SQL Server database.

3.1. Create a domain user account to run the PaperCut Application Server service. It is recommended to name the user something like “papercut_svc”. Ensure that the user is configured so their password never expires. Also ensure that the user has local administrator privileges on the server running PaperCut.

3.2. Change the PaperCut Application Server service to run as the “papercut_svc” user. To do this select the “PaperCut Application Server” service in the Windows service tool (Control Panel→Admin Tools→Services), then right-click and select ‘Properties’. On the “Logon” tab enter the username/password of the new papercut user. Press ‘OK’ to apply the changes.

3.3. Restart the PaperCut Application Server service using the service control panel. Wait for the service to start and test that PaperCut is operating correctly by logging into the admin interface.


3. SQL Server configuration

SQL Server must first be configured to allow Windows authentication. This is configured within the SQL Server administration tools.

You will also need to grant the “papercut_svc” user full access to the PaperCut database (e.g. full access to read/updated tables and also to create and drop database tables.


4. Additional steps for PaperCut 11.4 and earlier

Skip this section if you are running PaperCut 11.5 or newer (and continue with Configure PaperCut for SQL Server Windows authentication)

4.1. PaperCut versions 11.4 and earlier require an additional download: the jTDS SQL Server database driver package. This contains some DLLs required to use Windows Authentication with SQL Server. This can be downloaded from the jTDS project at the link below:

4.2. Save and extract the jtds-1.2.5-dist.zip file to the server running PaperCut.

4.3. Copy the x86\SSO\ntlmauth.dll file into PaperCut under the directory: [app-path]\server\bin\win\lib (i.e. in the same directory as wrapper.dll).

4.4. If you are running the PaperCut 64-bit add-on pack (if you have not installed the 64-bit add-on pack, skip this step), you must ALSO copy the x64\SSO\ntlmauth.dll file into PaperCut under the directory: [app-path]\server\bin\win\lib64 (you will need to create the lib64 directory). Then edit the file at [app-path]\server\bin\win\win64.conf and add the following line to the end of the file:

wrapper.java.library.path.1=bin/win/lib64


5. Configure PaperCut for SQL Server Windows authentication

5.1. Open the PaperCut [app-path]\server\server.properties file in a text editor. The connection settings need to be changed to remove the username (and password). If the username is not blank, “SQL Server” authentication will be used instead. Edit the server.properties file so that database.username is empty. E.g.:

database.username=

5.2. Save the configuration file.

5.3. Restart the service PaperCut Application Server using the service control panel (Control Panel→Admin Tools→Services).

5.4. Test that PaperCut is working correctly by logging into the PaperCut admin interface.


Categories: Databases, Architecture


Keywords: Microsoft SQL Server, Integrated Authentication, Windows Authentication

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on February 12, 2014, at 11:39 PM
Printable View   |   Article History   |   Edit Article