Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Connecting to MSSQL with Kerberos and different user fails

See original GitHub issue

System information:

  • Operating system (distribution) and version: Windows 10
  • DBeaver version: 5.3.2.201901062110
  • Java version: 1.8.0_181 by Oracle Corporation (64bit)
  • Additional extensions: - no

Connection specification:

  • Database name and version: Microsoft SQL Server 11.00.6615
  • Driver name: Microsoft JDBC Driver 7.0 for SQL Server (7.0.0.0)
  • Do you use tunnels or proxies (SSH, SOCKS, etc)? - no

Describe the problem you’re observing:

It seems that it is not possible to connect to a MSSQL database with Kerberos and a different user than the one I’m currently logged in with in Windows. What I want to achieve is getting a valid TGT from the KDC for a specific user and connect with this ticket to the MSSQL database. All discussed solutions I could find specify that the username and password fields should be left empty when using Kerberos or to retrieve the TGT before starting DBeaver.

I have this scenario set up in a standalone Java application, so it’s generally possible to do and there are no errors in my krb5.conf or the way I specify the user name etc.

Steps to reproduce, if exist:

  • edit dbeaver.ini and set the following VM arguments:
-Djava.security.krb5.conf="C:\location\to\krb5.conf"
-Djavax.security.auth.useSubjectCredsOnly=false
  • start dbeaver and create a new connection with Microsoft Driver
  • enter host, port, database name, user name, password
  • edit driver properties and add/change the following properties
authenticationScheme=JavaKerberos
integratedSecurity=true
  • test connection

Include any warning/errors/backtraces from the logs

2019-01-14 14:47:25.896 - org.jkiss.dbeaver.model.exec.DBCConnectException: Login failed for user 'username@MY.DOMAIN'. ClientConnectionId:831c1166-da49-426f-ae55-16518c52eb57
org.jkiss.dbeaver.model.exec.DBCConnectException: Login failed for user 'username@MY.DOMAIN'. ClientConnectionId:831c1166-da49-426f-ae55-16518c52eb57
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:179)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:86)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.initializeMainContext(JDBCRemoteInstance.java:86)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCRemoteInstance.<init>(JDBCRemoteInstance.java:54)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeRemoteInstance(JDBCDataSource.java:105)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.<init>(JDBCDataSource.java:100)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.<init>(JDBCDataSource.java:89)
	at org.jkiss.dbeaver.ext.mssql.model.SQLServerDataSource.<init>(SQLServerDataSource.java:62)
	at org.jkiss.dbeaver.ext.mssql.SQLServerDataSourceProvider.openDataSource(SQLServerDataSourceProvider.java:129)
	at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:770)
	at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
	at org.jkiss.dbeaver.ui.dialogs.connection.ConnectionWizard$ConnectionTester.run(ConnectionWizard.java:231)
	at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:101)
	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user 'username@MY.DOMAIN'. ClientConnectionId:831c1166-da49-426f-ae55-16518c52eb57
	at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError(SQLServerException.java:254)
	at com.microsoft.sqlserver.jdbc.TDSTokenHandler.onEOF(tdsparser.java:258)
	at com.microsoft.sqlserver.jdbc.TDSParser.parse(tdsparser.java:104)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:4772)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:3581)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.access$000(SQLServerConnection.java:81)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:3541)
	at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7240)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:2869)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2395)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:2042)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:1889)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1120)
	at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:700)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.lambda$0(JDBCDataSource.java:148)
	at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:157)
	... 13 more

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:3
  • Comments:6 (1 by maintainers)

github_iconTop GitHub Comments

1reaction
Synaxiscommented, Jan 22, 2019

Alright i’ll try to to replicate it here

1reaction
jansohncommented, Jan 22, 2019

Of course this has been changed from the real user name and domain used in my company’s AD. But otherwise it is correct, yes.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Using Kerberos Configuration Manager for SQL Server
To connect to a remote SQL Server-based computer, enter the appropriate values for Server Name, Domain User Name, and Password. Note · To...
Read more >
SQL Server domain authentication problems | Deep Security
The inclusion of special characters causes the database connection to fail. To work around this issue: Change the SQL server password. Or. Use...
Read more >
sql server - Cannot connect to MSSQL using kerberos auth
We've set up our MSSQL instance to run using an AD service account and given that account access to the private key for...
Read more >
Questions About Kerberos and SQL Server That You Were ...
Another way to avoid using Kerberos in any situation is by using SQL Server logins or users instead of network accounts.
Read more >
Kerberos Configuration Manager for SQL Server error "unable ...
Running as admin didnt resolve my problem. I had to 'Run as a different user', then I logged in as my Active Directory...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

DBeaver 5.3.3 EE SSL error connecting to an AWS Aurora database

Next page

Syntax error (missing right parenthesis) on some match-recognize expression