As you know, DualShield uses a SQL database as its data storage. In the DualShield installation process, you have the option to connect DualShield to either the internal MySQL server or an external MS-SQL or Oracle server. If you select to connect to an external SQL server then you will need to provide a SQL service account to make the connection. Some customers asked if they could use a Windows account instead. The answer is yes, but not in the installation process. You will have to use a temporary SQL account during installtion. After installation, you can switch to a Windows account.
The instruction below describes how to switch to a Windows account after the DualShield has been successfully installed.
You might also know that DualShield uses JDBC to connect to SQL server. Let us first check the original connection string in server.xml file.
<Resource driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver" maxActive="1000" maxIdle="2" maxWait="5000" name="jdbc/DasDS" password="changeit" type="javax.sql.DataSource" url="jdbc:sqlserver://192.168.208.2:1433;DatabaseName=dualshield2;SelectMethod=cursor;" username="sa" validationQuery="Select 1" />
change it to
<Resource driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver" maxActive="1000" maxIdle="2" maxWait="5000" name="jdbc/DasDS" type="javax.sql.DataSource" url="jdbc:sqlserver://192.168.208.2:1433;DatabaseName=dualshield2;SelectMethod=cursor;integratedSecurity=true;" validationQuery="Select 1"/>
In the new string, there is no username/password, instead it has integratedSecurity=true
Is that all? No, I am afraid. You need to do the following:
Download Microsoft JDBC Driver 4.0 for SQL Server, unzip it to somewhere, find the file sqljdbc4.jar, replace the one under C:\Program Files\Deepnet DualShield\tomcat\lib. find the file sqljdbc_auth.dll (make sure use the right version x64/x86, it depends on DualShield/OS version)
copy it to the folder C:\Program Files\Deepnet DualShield\tomcat\lib
Add a Java option
-Djava.library.path=C:\Program Files\Deepnet DualShield\tomcat\lib
It is close to finish. At this time, you may still wonder why there is no username /password in the new connection string? which particular user will be used to connect SQL server? Here is the answer.
Check the property of DaulShield service
By default, it logs on as "Local System account", you need to change to a windows account which is assigned some SQL permissions
Note: if DualShiled is installed on the same machine where SQL server is installed, you may still be able to use "Local System account".
Consequently, you may need to add that Windows account (in the example, spadmin@ds08.local) onto the folder "Deepnet DualShield", allow it to have write privilege on this folder, otherwise it may cause problem.
