我正在尝试从 Ubuntu 20.04 客户端连接到位于 Windows Server 2012R2 上的 MS SQL Server 2014。
领域连接和 Kinit 都很好。
# sudo realm discover org.internal --install=/
org.internal
type: kerberos
realm-name: ORG.INTERNAL
domain-name: org.internal
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
login-formats: %U@org.internal
login-policy: allow-realm-logins
# kinit -V user@ORG.INTERNAL
Using default cache: /tmp/krb5cc_0
Using principal: user@ORG.INTERNAL
Password for user@ORG.INTERNAL:
Authenticated to Kerberos v5
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: user@ORG.INTERNAL
Valid starting Expires Service principal
12/17/21 10:49:31 12/17/21 20:49:31 krbtgt/ORG.INTERNAL@ORG.INTERNAL
renew until 12/24/21 10:49:24
12/17/21 10:51:21 12/17/21 20:49:31 MSSQLSvc/ws2012r2:1433@ORG.INTERNAL
renew until 12/24/21 10:49:24
12/17/21 10:51:57 12/17/21 20:49:31 user@ORG.INTERNAL
renew until 12/24/21 10:49:24
12/17/21 10:52:30 12/17/21 20:49:31 MSSQLSvc/ws2012r2.org.internal:1433@ORG.INTERNAL
renew until 12/24/21 10:49:24
# sqlcmd -S 20.12.34.567
Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : SSPI Provider: Server not found in Kerberos database.
Sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Cannot generate SSPI context.
SPN is below
setspn -L user
Registered ServicePrincipalNames for CN=User ABC,CN=Users,DC=org,DC=internal:
MSSQLSvc/ws2012r2:1433
这里有一个问题,我确实生成了一个 keytab 文件。但是,告诉 Windows Server 2012r2 上的 SQL Server 2014 使用 keytab 文件的命令是什么?
最佳答案
通过 IP 访问服务器将不允许基于 DNS 名称的 SPN 工作。带有 IP 地址的 SPN 未注册。使用服务器的域名。
关于sql-server - SSPI 提供程序 : Server not found in Kerberos database,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/70395938/