Is it possible to connect to SQL Server using Windows authentication/integrated security from a Mac? I am using the type 4 JDBC driver provided by Microsoft. The front end (a form application) is coded in Java. Everything works perfectly on Windows but one person in the office uses a Mac.
Is this possible? FYI, I have never used Macs so I am very much the novice with them. I have searched all over the Internet but have not found a solution.
Thank you in advance.
This information is hard to come by in my experience. All of my searches turned up wrong (outdated) information since Microsoft changed the rules and added the authenticationScheme parameter. In the interest of helping the next person, here is an example of a connection string that works:
jdbc:jtds:sqlserver://123.123.123;instance=server1;databaseName=students;integratedSecurity=true;authenticationScheme=JavaKerberos
Also in driver properties set "Domain". Do not include the domain in any user name setting.
This was tested using Squirrel SQL (Java) with jtds on Mac OSX. Hopefully the previous sentence has the search terms someone might use who needs to know this information.
Using Kerberos Integrated Authentication to Connect to SQL Server
Beginning in Microsoft JDBC Driver 4.0 for SQL Server, an application
can use the authenticationScheme connection property to indicate that
it wants to connect to a database using type 4 Kerberos integrated
authentication.
The jTDS JDBC driver for SQL Server supports Windows authentication simply using the domain property as described in the FAQ.
domain
Specifies the Windows domain to authenticate in. If present and the user name and
password are provided, jTDS uses Windows (NTLM)
authentication instead of the usual SQL Server authentication (i.e.
the user and password provided are the domain user and password). This
allows non-Windows clients to log in to servers which are only
configured to accept Windows authentication.
If the domain parameter is present but no user name and password are provided, jTDS uses its native Single-Sign-On library and logs in
with the logged Windows user's credentials (for this to work one would
obviously need to be on Windows, logged into a domain, and also have
the SSO library installed -- consult README.SSO in the distribution on
how to do this).
I use jTDS on a mac (10.9).
Using this driver you need to specify the username and password like always, the only difference is that you need to specify domain=WHATEVERTHENTDOMAIN in the connection string (or connection properties if you rather).
So a sample connection string is:
jdbc:jtds:sqlserver://db_server:1433/DB_NAME;domain=NT_DOMAIN_NAME
The jTDS driver then uses NTLM to login to the specified domain with the username and password.
This is an old post but may be relevant for some people. See this other SO post that describes how to connect to a SQL Server with Windows Authentication from a Linux machine through JDBC. This will work on mac as well.
jTDS is inferior to Microsoft's JDBC driver (in particular, it cannot figure out the types of parameters in a prepared statement)
Yes, you can authenticate to MS SQL Server using Active Directory authentication, as Active Directory is just Kerberos + LDAP, which are open source and implemented on Mac
Kerberos config /etc/krb5.conf :
[libdefaults]
default_realm = YOUR_REALM.NET
[realms]
YOUR_REALM.NET = {
kdc = host.your-domain.net
}
I needed to use the fully qualified domain name of the KDC, not just the domain name
JDBC Connection String:
jdbc:sqlserver://$host;database=$db;integratedSecurity=true;authenticationScheme=JavaKerberos
If $host does not have an SPN of MSSQLSrv/$host, add serverSp=$SPN to the JDBC connection string
It is not correct to say that one driver can determine the data types and another driver can't. Any driver has to look at the implied type based on the arguments passed. Both jTDS and Microsoft's driver do this. This is a limitation of the protocol - the database cannot tell the driver which type is correct, because in many queries it can't know what you intend.
In each version, jTDS and Microsoft's driver each have different issues and different advantages. The "best" choice depends on exactly which version of each you look at, and exactly what your needs are. I've had to switch back and forth as different versions come out - Microsoft breaking in a certain way, then later adding something I wanted.
The following connection string worked for me
jdbc:jtds:sqlserver://server_name:port_name;useLOBs=false;databaseName=db_name;useNTLMv2=true;domain=domain_name;
I'm using jTDS 1.3.2 and SQuirreL SQL Client.
Related
I installed Java on my Windows 10 machine and downloaded Metabase.jar, and ran it.
Now I could access metabase at localhost:3000
But I'm unable to setup my SQL Server Database as Data reference.
I'm either getting:
Couldn't connect to the database. Please check the connection details.
or
Timed out after 5000 milliseconds.
Anyone who has done Metabase - SQL Server connection successfully?
Currently, as of Metabase version 0.30.x the answer depends on if you can use a user configured directly on SQL Server or not:
The easier option to setup is with a user configured directly on SQL Server. Then config is just Name: (anything), Host: (full name), Database Name, Username, Password as you would expect. (I believe you should NOT fill in the Windows domain).
On Windows only you can also use native integrated authentication with sqljdbc_auth.dll, just specify integratedSecurity=true connection property (and optionally authenticationScheme=NativeAuthentication). I found if I dropped the x64 sqljdbc_auth.dll in my <java path>\jre\bin folder it was picked up. Metabase config as in the screenshot below, apart from dropping authenticationScheme=JavaKerberos
The cross platform authenticationScheme=JavaKerberos option to use Windows Authentication with a domain user is still doable, but harder. It's these steps:
Create a krb.conf and verify login works with <Java path>\bin\kinit.exe [user]. Here's a template edited to match the Metabase database setup in the screenshot below.
Start the Metabase.jar file with parameters to load the krb.conf. It works for me with java -Djava.security.krb5.conf=c:/<path>/kerberos/krb.conf -jar metabase.jar.
Now configure the database settings in Metabase according to the screenshot below
Moment of truth! ...
Optional: Still not working? Maybe your SQL Server isn't configured for Kerberos? Maybe you need SPN setup? Maybe you need to specify a java.security.auth.login.config (I have not experienced any of that myself, only thing I can offer is you scroll to the bottom of this post and dive in then edit your question with where you got to and what config you have)
Metabase SQL Server setup using Kerberos:
For background, current (August 2018) very long :| sum up with lots of links of how to connect to SQL Server is here in a Metabase discussion topic Note: In v0.30.0 an issue with dynamic port handling (particularly for people using named instances) was fixed.
Related: A neat StackOverflow answer on Kerberos on a Mac
If you are connecting to a "Named Instance" ({SERVER_NAME}/{INSTANCE_NAME}) instead of "Default Instance" ({SERVER_NAME}), your server may be configured to use Dynamic Port.
A quick dirty fix is you can find the current port with below scripts and then use it on Metabase connection parameters. But this port most probably will change when service restart occurs.
SELECT DISTINCT
local_tcp_port
FROM sys.dm_exec_connections
WHERE local_tcp_port IS NOT NULL
or
USE master
GO
Xp_readerrorlog
(look for "Server is listening on ..." line)
A Cleaner way is setting port for your instance by "SQL Server Configuration Manager" - "SQL Server Network Configuration" - "TCP/IP" - Right Click properties - "TCP Dynamic Ports" (There should be 0 and it should be deleted) and "TCP Port" (New default port should be set here). And also "SQL Server Browser" service should run. A more detailed explanation is here
I am currently investigating how to make a connection to a SQL Server database from my Java EE web application using Windows Authentication instead of SQL Server authentication. I am running this app off of Tomcat 6.0, and am utilizing the Microsoft JDBC driver. My connection properties file looks as follows:
dbDriver = com.microsoft.sqlserver.jdbc.SQLServerDriver
dbUser = user
dbPass = password
dbServer = localhost:1433;databaseName=testDb
dbUrl = jdbc:sqlserver://localhost:1433
I have zero problems with connecting to a SQL Server database in this fashion when using SQL Server authentication.
Is there any way I can retrieve the credentials of the user's Windows Authentication and use that authentication for SQL Server?
UPDATE: I know in ASP.net there is a way to set up Windows Authentication for access to the webapp, which is exactly what I am looking for, except I want to pass that token off to SQL Server for access to the database.
I do not think one can push the user credentials from the browser to the database (and does it makes sense ? I think not)
But if you want to use the credentials of the user running Tomcat to connect to SQL Server then you can use Microsoft's JDBC Driver.
Just build your JDBC URL like this:
jdbc:sqlserver://localhost;integratedSecurity=true;
And copy the appropriate DLL to Tomcat's bin directory (sqljdbc_auth.dll provided with the driver)
MSDN > Connecting to SQL Server with the JDBC Driver > Building the Connection URL
look at
http://jtds.sourceforge.net/faq.html#driverImplementation
What is the URL format used by jTDS?
The URL format for jTDS is:
jdbc:jtds:<server_type>://<server>[:<port>][/<database>][;<property>=<value>[;...]]
...
domain
Specifies the Windows domain to authenticate in. If present and the user name and password are provided, jTDS uses Windows (NTLM) authentication instead of the usual SQL Server authentication (i.e. the user and password provided are the domain user and password). This allows non-Windows clients to log in to servers which are only configured to accept Windows authentication.
If the domain parameter is present but no user name and password are provided, jTDS uses its native Single-Sign-On library and logs in with the logged Windows user's credentials (for this to work one would obviously need to be on Windows, logged into a domain, and also have the SSO library installed -- consult README.SSO in the distribution on how to do this).
This actually works for me:
Per the README.SSO that comes with the jtdsd distribution:
In order for Single Sign On to work, jTDS must be able to load the native SPPI library ntlmauth.dll. Place this DLL anywhere in the system path (defined by the PATH system variable) and you're all set.
I placed it in my jre/bin folder
I configured a port dedicated the sql server instance (2302) to alleviate the need for an instance name - just something I do. lportal is my database name.
jdbc.default.url=jdbc:jtds:sqlserver://192.168.0.147:2302/lportal;useNTLMv2=true;domain=mydomain.local
Unless you have some really compelling reason not to, I suggest ditching the MS JDBC driver.
Instead, use the jtds jdbc driver. Read the README.SSO file in the jtds distribution on how to configure for single-sign-on (native authentication) and where to put the native DLL to ensure it can be loaded by the JVM.
I was having issue with connecting to MS SQL 2005 using Windows Authentication. I was able to solve the issue with help from this and other forums. Here is what I did:
Install the JTDS driver
Do not use the "domain= " property in the jdbc:jtds:://[:][/][;=[;...]] string
Install the ntlmauth.dll in c:\windows\system32 directory (registration of the dll was not required) on the web server machine.
Change the logon identity for the Apache Tomcat service to a domain User with access to the SQL database server (it was not necessary for the user to have access to the dbo.master).
My environment:
Windows XP clinet hosting Apache Tomcat 6 with MS SQL 2005 backend on Windows 2003
I need to connect to High Availability (HA) / Desaster Recovery (DR), also known as HADR, enabled SQL server 2012 using AD account from Java on Linux.
integratedSecurity is not an option since it runs on Linux
I can not use the jTDS JDBC driver since it does not support HADR cluster (no support for multiSubnetFailover=true)
jTDS actually works with username, password and domain connection string parameters, but times out 25% of the time.
So it seems I'm stuck with MS SQL JDBC driver but I can't make it work with just the username/password credentials, as I'm trying to solve this without Kerberos.
It must be possible to do it (in theory), since jTDS can actually do it!
I found that driver version 6.0 has property authentication=ActiveDirectoryPassword so it looked very promising, but a SQL connection string like
jdbc:sqlserver://server:port;database=DB;authentication=ActiveDirectoryPassword;username=name;password=PASSWORD
even trying with DOMAIN\username for username or user property, isn't working.
The docs says its for
using an Azure AD principal name and password
but it would just make my life so much easier.
The error I get is
Login failed for user ''
and shows empty user, but stepping through the decompiled code I can see the username and password values are being loaded into variables.
Any solution for this? I take any AD username/password connection to HADR SQL server 2012 that is pure JAVA.
Hey I am having trouble connecting to an SQL Server with Java code that is running on Linux.
If I set integratedSecurity=true, then the java code fails with the following error:
WARNING: Failed to load the sqljdbc_auth.dll cause : no sqljdbc_auth in java.library.path
com.microsoft.sqlserver.jdbc.SQLServerException: This driver is not configured for integrated authentication. ClientConnectionId:b030b480-453d-4007-8151-a552150f74cd
which makes sense as there will be no sqljdbc.dll file on Linux.
But if I set integratedSecurity=false, then I get the following error:
com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user 'IT_DEV_USER'.
So does anyone know how I can connect to SQL Server with integratedSecurity set to false? (Note that I cant even connect when the Java code is running on Windows when integratedSecurity is set to false.)
If not, is there any way I can get integratedSecurity working on Linux?
If you want to use integrated security and using JDBC Driver 4.0 or greater then you add the following in your jdbc connection string.
integratedSecurity=true;authenticationScheme=JavaKerberos
More information: http://blogs.msdn.com/b/psssql/archive/2015/01/09/jdbc-this-driver-is-not-configured-for-integrated-authentication.aspx
Adding authenticationScheme=JavaKerberos works for me in Linux, but make sure to remove integratedSecurity=true since you are not using Windows.
You can't use integratedSecurity feature from Linux system, as it tied to windows system and uses your windows authentication. However, if you enable both SQL Server and Windows Authentication mode on your SQL Server, then you can create a login, map to corresponding database and use it in java from Linux.
To enable SQL Server authentication:
Right click on your server in management studio
Properties
Security
Server authentication -> SQL Server and Windows Authentication mode
If you dont want Integrated Security connection, then set that parameter to false and instead provide user and password in the connURL as below:
String connectionUrl = "jdbc:sqlserver://localhost:port;databaseName=DB_NAME;integratedSecurity=false;user=login_user;password=login_pwd;";
this is the error I get when I'm trying to connect to my local postgresql db:
Cannot connect to database [default]
this is the database configuration. I'm convinced that there is not typo (fat finger error):
db.default.url="postgres://localhost:5432/myproject/"
db.default.user="postgres"
db.default.pass="mypassword"
db.default.driver="org.postgresql.Driver"
db.default.initSQL="SELECT 1"
where is the problem? with pgAdmin I can connect easily
p.s.
I'm using ubuntu. I've noticed that in order to change to postgres user
I must use "su", otherwise it fails changing the current user.
is that has something to do with play! failure to connect my db?
thanks
There might be two things wrong or at least dubious in your setup.
First: The postgres:... URL syntax is not a plain JDBC URL. This format is not understood by the PostgreSQL JDBC driver. See this answer to a similar problem.
Second: You are trying to use the PostgreSQL superuser account for Play. The superuser account should be used only for administrative work, but not "normal" work. Especially not for work which includes public access to the DB via some webfrontend. Any SQL-Injection attack gives the attacker the golden key to your database - including the nuke to wreck your complete DB cluster at once or install any backdoor into you DB server.
So I recommand, that you create a new user which you configure in your Play! settings.
That said: The default password for the postgres user is not set on Ubuntu. This setup allows login to the DB user only from the same OS user. How you can fix this is explained in this answer.
If these two tips don't help: The error you quoted is very vague. There must be more detailed error logs somewhere. Please find them and attach them to your question with the "edit" button.
This is not an answer directly to your question, but I had the same error message and came here via Google. Using Scala Play 2.3, I had
db.default.driver=org.postgresql.Driver
db.default.url="jdbc:postgresql://127.0.0.1:5432/noob_development"
db.default.logStatements=true
which needed to be
db.default.driver="org.postgresql.Driver"
db.default.url="jdbc:postgresql://127.0.0.1:5432/noob_development"
db.default.logStatements=true
I accidentally left the quotes around the driver name out. Now it works perfectly.
here is my conf, it works:
db.default.url="jdbc:postgresql://127.0.0.1:5432/dbname"
db.default.driver="org.postgresql.Driver"
just add the jdbc: before postgresql in db.default.url.