Sqlpro for mssql failed to resolve host12/8/2023 In the example, is the privileged account (which matches the network.privilegedadaccount setting in mssql-conf), and the host name for SQL Server is listening on the default port 1433. The example uses two encryption types, but you can use just one or more depending on the encryption types supported in your environment. klist -kte /var/opt/mssql/secrets/mssql.keytabĪn example of a working keytab follows. If you don't type the passwords correctly when creating the SPNs and keytab entries, you'll encounter errors when attempting to sign in using Active Directory authentication. Make sure that you can list the contents of the keytab, and that you've added the correct SPNs, port, encryption type, and user account. ![]() For more information, see Use adutil to configure Active Directory authentication with SQL Server on Linux. The keytab must be accessible to the mssql user account. This change affects any other services using nf on the host.įor more information about reverse DNS, see What is reverse DNS?Ĭheck that you've created the keytab (key table) file, and that mssql-conf is configured to use the correct file with appropriate permissions. If you can't add PTR entries for all the IP addresses returned, you can also limit SQL Server to a subset of domain controllers. You might have to work with your domain administrator to get rDNS working. If that isn't the case, check the PTR (pointer) records that are created in Active Directory. This includes IPv4 and IPv6 addresses where applicable. Perform a reverse DNS (rDNS) lookup for each IP address listed in the previous results. If the IP addresses don't match, see Join SQL Server on a Linux host to an Active Directory domain to fix DNS lookups and communication with the DC. Run these commands from the SQL Server host machine. Obtain or renew the Kerberos TGT (ticket-granting ticket) using kinit: kinit the following command, making sure that the user under which you're running this command has access to the mssql.keytab: /opt/mssql/bin/mssql-conf validate-ad-config /var/opt/mssql/secrets/mssql.keytabįor more information about the validate-ad-config command, view the help using /opt/mssql/bin/mssql-conf validate-ad-config -help command.ĭNS lookups on the domain name and NetBIOS name should return the same IP address, which normally matches the IP address for the domain controller (DC). ![]() Validate current configurationīefore you begin troubleshooting, you must validate the current user, nf, Service Principal Name (SPN), and realm settings. It includes prerequisite checks and tips for a successful Active Directory configuration, and a list of common errors and troubleshooting steps. This article helps you troubleshoot Active Directory Domain Services authentication issues with SQL Server on Linux and containers.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |