Unable to connect to SQL Server from RHEL Server 7.4 using Kerberos
what did you get from
klist -k
executed as root? If there is nothing to see, then your server is not joined to the active directory. Otherwise you see your host entries for the kerberos system.
Normally, RHEL 7 Systems are configured with sssd as the central authentication service. Please check if sssd is installed and running:
systemctl status sssd
If not, you can try to join again with
net ads join
Otherwise, configure your sssd to join your active directory domain with
realm join
You can get more Information about this here:
Regards, Björn
chad
Developer since birth, Coder by heart. [email protected] http://www.richardinterior.com https://www.linkedin.com/in/richardinterior/
Updated on September 18, 2022Comments
-
chad over 1 year
So I'm trying to connect to one of our SQL server from a RHEL Server 7.4 machine, I already installed kerberos, unixodbc and Microsoft ODBC for Linux.
The SQL Server I'm trying to connect to is inside Active Directory domain, I was able to authenticate through that using
kinit
but still gettingSSPI Provider: Server not found in Kerberos database.
error.This is my snippet from terminal:
[RH@localhost /]$ sudo kinit [email protected] [sudo] password for RH: Password for [email protected]: [RH@localhost /]$ sqlcmd -E -S MyServer Sqlcmd: Error: Microsoft ODBC Driver 13 for SQL Server : SSPI Provider: Server not found in Kerberos database. Sqlcmd: Error: Microsoft ODBC Driver 13 for SQL Server : Cannot generate SSPI context.
This is my
/etc/krb5.conf
:[libdefaults] dns_lookup_realm = false ticket_lifetime = 24h forwardable = yes default_realm = ADS.LOCAL.COM default_ccache_name = KEYRING:persistent:%{uid} dns_lookup_kdc = true [domain_realm] .ads.local.com = ADS.LOCAL.COM
Thanks in advance!
-
chad over 6 yearsThanks for the answer! Do you think there would be a security flaw or issue when I join a Linux server to a Windows AD?
-
TuxOne over 6 yearsNo, this is common practice. If you set on standard software from the main distributions, this will work without more security issues than on windows systems ;-)