Search code examples
databaseodbcdatabase-connectionteradatadatabase-administration

Teradata CLI / ODBC Login authentication : DBA Database administration / configuration / connectivity / ODBC / CLI

We moved from LDAP authentication to Active directory from MS. So right now instead of using a separate TD password we will use our workstation password. I'd like to know the why of this rather than how , which I already seemed to have.
I am using Teradata 15.00.xx ODBC driver ( we are on 15.1xxx Server ) and these are the available logon as per doc .On my ODBC settings I dont not have a drop-down for NTLM% rest of 'em are there 

mechanisms


Mechanism

Specify the desired security checking mechanism.

Apple OS X supports only TD2 and LDAP.

Kerberos (KRB5), Kerberos Compatibility (KRB5C), NT LAN Manager (NTLM), and NT LAN Manager Compatibility (NTLMC).

Valid Mechanism values are:



•  

Empty - the same as omitting the keyword.




•  

TD1 - selects Teradata 1 as the Authentication Mechanism. Username and password are required.




•  

TD2 - selects Teradata 2 as the Authentication Mechanism. Username and password are required.




•  

LDAP - selects Lightweight Directory Access Protocol (LDAP) as the Authentication Mechanism. The application provides the username and password.




•  

KRB5 - selects Kerberos (KRB5) on Windows clients working with Windows servers. To logon using KRB5, the user needs to supply a domain, username, and password. The domain is specified by setting the username to MyUserName@MyDomain.




•  

NTLM - selects NTLM on Windows clients working with Windows servers. The application provides the username and password.

When we were on LDAP - we chose LDAP from the drop down and stuck in a TD user/pass & all was well.After moving to MS active directory we still do have to use LDAP followed by workstation username / password and it will work fine. Question was even after we migrated to MS active directory why does the drop-down for LDAP still apply. Other mechanisms wont work.Some of em give Invalid credential errors while others will give spit out some weird byte code and quit

Solution

  • NTLM has been replaced by Windows Kerberos. NTLM in the Teradata client is provided for backward compatibility. Active Directory can be configured to use either LDAP or Kerberos as the protocol used to complete authentication tasks. In your environment, LDAP is the protocol being used to query the directory services provided by Active Directory.