Microsoft SQL Server Active Directory Authentication on Linux Machine
In this article, we will look into the process of connecting to an SQL Server running on Linux using a Kerberos-based identity provider. In this example, we’ll use Active Directory as a Kerberos identity provider, but this will work with other Kerberos identity providers like Red Hats Identity Manager or Centrify too.
Follow the below steps for the MS SQL Server Active Directory Authentication on Linux machine:
Step 1: First we’ll SSH into a SQL server running on rhel and we can see that here we have a SQL server running locally.
Step 2: Now we’ll run the below command to check that the command-line options include a -E parameter which allows you to connect using a trusted connection or using a Kerberos based identity in order to be able to connect to the server as opposed to using a SQL login and password.
Step 3: Now we’re going to run the below command to get a ticket-granting token for the Active Directory user. In this particular case, the user we are logged in as has an Active Directory ID that’s been created and this particular server is also a domain-joined to an Active Directory domain.
Step 4: So now that we’ve done a kinit, we now have a ticket-granting token here locally for this user and we can run the following command to connect to the local server.
sqlcmd -E -S localhost
And you can see that we’re able to connect here. We can run some queries like below
And we can see that we’re running here on Red Hat Enterprise Linux.
Now let’s take a look at the same kind of thing from the Windows side. So on the Windows side, we may want to connect to this SQL server running on rhel from a Windows machine using this tool called SQL Server Management Studio, which is the most commonly used tool on the Windows side.
So here we can just use Windows authentication. We are logging in as the Active Directory identity that we just used on the Linux side and connecting to the same server and you can see that that just works.
Just like that it just connects using the -E parameter from Windows to Linux, using Active Directory as an identity provider to negotiate the connection between the two and authenticate this user to the server.