Using Windows Authentication with Microsoft SQL Server
By default PaperCut can use SQL authentication by configuring the database username and password in the PaperCut server.properties
file. This is discussed in the manual here. The server.properties
file is secured by only being accessible by Administrator users.
Some customers prefer to make use of the Windows Authentication features of SQL Server. This allows PaperCut to automatically login/connect to the database using the credentials of the user the “PaperCut Application Server” is running as. This avoids the need to store the username/password in the server.properties
file.
To use Windows Authentication with SQL server some additional configuration is required.
1. Configure PaperCut to use SQL Server
It is generally recommended to configure PaperCut to first use SQL Server authentication and confirm everything is working before moving to use “Windows Authentication”. The Windows Authentication is more complicated to setup, so it’s good to get things working first with SQL Authentication.
To do this follow the upsizing guide in the PaperCut manual.
After completing this you should have PaperCut running using the SQL Server database.
2. Running the PaperCut Application Server as a non-system account
By default the PaperCut Application Server runs as the SYSTEM account. You need to change PaperCut to run under a user account that is granted permissions to the SQL Server database.
3.1. Create a domain user account to run the PaperCut Application Server service. It is recommended to name the user something like “papercut_svc”. Ensure that the user is configured so their password never expires. Also ensure that the user has local administrator privileges on the server running PaperCut.
3.2. Change the PaperCut Application Server service to run as the “papercut_svc” user. To do this select the “PaperCut Application Server” service in the Windows service tool (Control Panel→Admin Tools→Services), then right-click and select ‘Properties’. On the “Logon” tab enter the username/password of the new papercut user. Press ‘OK’ to apply the changes.
3.3. Restart the PaperCut Application Server service using the service control panel. Wait for the service to start and test that PaperCut is operating correctly by logging into the admin interface.
3. SQL Server configuration
SQL Server must first be configured to allow Windows authentication. This is configured within the SQL Server administration tools.
You will also need to grant the “papercut_svc” user full access to the PaperCut database (e.g. full access to read/updated tables and also to create and drop database tables.
4. Additional steps for PaperCut 11.4 and earlier
Skip this section if you are running PaperCut 11.5 or newer (and continue with Configure PaperCut for SQL Server Windows authentication)
4.1. PaperCut versions 11.4 and earlier require an additional download: the jTDS SQL Server database driver package. This contains some DLLs required to use Windows Authentication with SQL Server. This can be downloaded from the jTDS project at the link below:
http://sourceforge.net/projects/jtds/files/jtds/1.2.5/jtds-1.2.5-dist.zip/download
4.2. Save and extract the jtds-1.2.5-dist.zip
file to the server running PaperCut.
4.3. Copy the x86\SSO\ntlmauth.dll
file into PaperCut under the directory: [app-path]\server\bin\win\lib
(i.e. in the same directory as wrapper.dll
).
4.4. If you are running the PaperCut 64-bit add-on pack (if you have not installed the 64-bit add-on pack, skip this step), you must ALSO copy the x64\SSO\ntlmauth.dll
file into PaperCut under the directory: [app-path]\server\bin\win\lib64
(you will need to create the lib64
directory). Then edit the file at [app-path]\server\bin\win\win64.conf
and add the following line to the end of the file:
wrapper.java.library.path.1=bin/win/lib64
5. Configure PaperCut for SQL Server Windows authentication
5.1. Open the PaperCut [app-path]\server\server.properties
file in a text editor.
The connection settings need to be changed to enable Windows authentication, add integratedSecurity=true
to the connection string:
jdbc:sqlserver://[server][:port];databaseName=[database];socketTimeout=600000;integratedSecurity=true
then remove the username (and password). If the username is not blank, “SQL Server” authentication will be used instead. Edit the server.properties file so that database.username
is empty. E.g.:
database.username=
5.2. Save the configuration file.
5.3. Restart the service PaperCut Application Server
using the service control panel (Control Panel→Admin Tools→Services).
5.4. Test that PaperCut is working correctly by logging into the PaperCut admin interface.
Categories: How-to Articles , Databases , Authentication
Keywords: Microsoft SQL Server , Integrated Authentication , Windows Authentication
Last updated June 13, 2024
Comments