Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Accessing SQL Server via Windows Authentication from Linux

See original GitHub issue

I’m running dbeaver on Ubuntu 17.04

It appears I should be able to run kinit and then dbeaver and connect, but no such luck.

derek@043SC646:~$ kinit derbro
Password for derbro@MBA.AC.UK: 
derek@043SC646:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: derbro@MBA.AC.UK

Valid starting     Expires            Service principal
13/04/18 15:13:43  14/04/18 01:13:43  krbtgt/MBA.AC.UK@MBA.AC.UK
        renew until 20/04/18 15:13:35
derek@043SC646:~$ /usr/share/dbeaver/dbeaver      
2018-04-13 15:14:00.044 - Create display
2018-04-13 15:14:00.110 - DBeaver 5.0.2 is starting
2018-04-13 15:14:00.111 - Install path: '/usr/share/dbeaver'
2018-04-13 15:14:00.111 - Instance path: 'file:/home/derek/.dbeaver4/'

with the jtds driver, I get:

2018-04-13 15:14:29.233 - Connect with 'jdbc:jtds:sqlserver://cprdatabase.mba.ac.uk/master' (mssql_jdbc_jtds-162bf5b8666-1fbf43ea0d700a20)
2018-04-13 15:14:29.315 - Connection failed (mssql_jdbc_jtds-162bf5b8666-1fbf43ea0d700a20)
2018-04-13 15:14:29.316 - org.jkiss.dbeaver.model.exec.DBCConnectException: I/O Error: GSS Failed: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
org.jkiss.dbeaver.model.exec.DBCConnectException: I/O Error: GSS Failed: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
        at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:191)
        at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.openConnection(GenericDataSource.java:126)
        at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:79)
        at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeMainContext(JDBCDataSource.java:115)
        at org.jkiss.dbeaver.ext.generic.model.GenericDataSource.<init>(GenericDataSource.java:108)
        at org.jkiss.dbeaver.ext.mssql.model.SQLServerDataSource.<init>(SQLServerDataSource.java:43)
        at org.jkiss.dbeaver.ext.mssql.model.SQLServerDataSource.<init>(SQLServerDataSource.java:35)
        at org.jkiss.dbeaver.ext.mssql.SQLServerDataSourceProvider.openDataSource(SQLServerDataSourceProvider.java:123)
        at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:752)
        at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
        at org.jkiss.dbeaver.ui.dialogs.connection.ConnectionWizard$ConnectionTester.run(ConnectionWizard.java:216)
        at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:95)
        at org.eclipse.core.internal.jobs.Worker.run(Worker.java:56)
Caused by: java.sql.SQLException: I/O Error: GSS Failed: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
        at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:654)
        at net.sourceforge.jtds.jdbc.JtdsConnection.<init>(JtdsConnection.java:371)
        at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:184)
        at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:177)
        ... 12 more
Caused by: java.io.IOException: GSS Failed: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
        at net.sourceforge.jtds.jdbc.TdsCore.sendMSLoginPkt(TdsCore.java:1976)
        at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:617)
        ... 15 more

With the Microsoft driver it’s more onimous because it’s asking for a DLL, which isn’t ever going to be found on a Linux system, but in any case I don’t seem to have anything named sqljdbc_auth on my system:

2018-04-13 15:21:18.335 - Connect with 'jdbc:sqlserver://cprdatabase;databaseName=master' (mssql_jdbc_ms_new-162bf61c476-4e0f91af488ac42e)
Apr 13, 2018 3:21:18 PM com.microsoft.sqlserver.jdbc.AuthenticationJNI <clinit>
WARNING: Failed to load the sqljdbc_auth.dll cause : no sqljdbc_auth in java.library.path

https://blogs.msdn.microsoft.com/psssql/2015/01/09/jdbc-this-driver-is-not-configured-for-integrated-authentication/ implies that this means it’s trying to connect with a connection string containing authenticationScheme=NativeAuthentication (either explicitly or implicitly–which would only work on Windows) and requires authenticationScheme=JavaKerberos (which should work on any OS). I expect I could set that in the driver advanced parameters, but I’m not sure where–and also rather expect that if I did, I’d just end up with the same problem as with the jTds driver.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:9 (1 by maintainers)

github_iconTop GitHub Comments

2reactions
kafrancommented, Jan 28, 2019

With jTDS just set DOMAIN=, USENTLMV2=True, USER=and PASSWORD= on Driver Properties. If someone knows how to do this using the MS jdbc driver please let me know.

1reaction
kafrancommented, Jan 31, 2019

With integrated authentication, you don’t need to keep passing usernames and passwords around.

Only if your Linux machine is authenticated on the Domain.

because that looks like the method for using SQL Server logins, not Windows logins.

No, no. Thats gonna use Windows Authentication. For SQL Server Login you can you the MS JDBC driver, which is open source now. But using the MS JDBC with Windows AD you need to use Kerberos on your Linux machine, which could be a little complicated as it will need installation and configuration on the server side as well and your IT team may be laze for that.

Developers are bringing NTLM to MS JDBC as well: https://github.com/Microsoft/mssql-jdbc/issues/696; when this is working then you wouldn’t need jTDS anymore.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Active Directory authentication for SQL Server on Linux
Active Directory authentication enables domain-joined clients on either Windows or Linux to authenticate to SQL Server using their domain ...
Read more >
Using Windows Authentication to connect to SQL Server from ...
This article will cover how to setup Windows Authentication to connect to SQL Server from a Linux server. This functionality is dependent on ......
Read more >
Connect To SQL Server With Windows Authentication From A ...
1.- Select SQL Server jTDS driver. enter image description here · 2.- Enter the connection information. enter image description here · 3.- Go...
Read more >
How to Configure Windows Authentication for SQL Server on ...
In this post, I'll demonstrate how to configure windows authentication for SQL Server on Linux, especially for RHEL\CentOS distribution. In another world ...
Read more >
Configure SQL Server on Linux to Use Windows Authentication
In order to use Active Directory Authentication for an SQL Server running on Linux we must configure the Linux server network and join...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Failure to select column named "end", keyword is not ignored.

Next page

Feature Request: Adding UUID (Ordered) display transformer for binary data in table