我正在尝试从Ubuntu 20.04客户端连接到位于windows服务器2012R2上的MS SQL Server 2014。
Realm加入和Kinit都很好。
# sudo realm discover org.internal --install=/
org.internal
type: kerberos
realm-name: ORG.INTERNAL
domain-name: org.internal
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
login-formats: %U@org.internal
login-policy: allow-realm-logins
# kinit -V user@ORG.INTERNAL
Using default cache: /tmp/krb5cc_0
Using principal: user@ORG.INTERNAL
Password for user@ORG.INTERNAL:
Authenticated to Kerberos v5
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: user@ORG.INTERNAL
Valid starting Expires Service principal
12/17/21 10:49:31 12/17/21 20:49:31 krbtgt/ORG.INTERNAL@ORG.INTERNAL
renew until 12/24/21 10:49:24
12/17/21 10:51:21 12/17/21 20:49:31 MSSQLSvc/ws2012r2:1433@ORG.INTERNAL
renew until 12/24/21 10:49:24
12/17/21 10:51:57 12/17/21 20:49:31 user@ORG.INTERNAL
renew until 12/24/21 10:49:24
12/17/21 10:52:30 12/17/21 20:49:31 MSSQLSvc/ws2012r2.org.internal:1433@ORG.INTERNAL
renew until 12/24/21 10:49:24
当我执行sqlcmd时,我得到了以下错误。注意,如果我指定用户名和密码(sql身份验证(,它将起作用。
# sqlcmd -S 20.12.34.567
Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : SSPI Provider: Server not found in Kerberos database.
Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Cannot generate SSPI context.
SPN is below
setspn -L user
Registered ServicePrincipalNames for CN=User ABC,CN=Users,DC=org,DC=internal:
MSSQLSvc/ws2012r2:1433
非常感谢您的帮助!
这里有一个问题,我确实生成了一个keytab文件。但是,告诉windows服务器2012r2上的SQL Server 2014使用keytab文件的命令是什么?
通过IP访问服务器将不允许基于DNS名称的SPN工作。IP地址为的SPN未注册。使用服务器的域名。