3

From Windows using SQL Server Management Studio (SSMS), I can only connect to a SQL Server on a different domain as follows:

C:\> runas /netonly /user:differentDomainName\aUserName "C:\Program Files (x86 )\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe -S anIpAddress"

How can I accomplish this connection via JDBC? I've tried using the following connection string with Microsoft's sqljdbc 4.2 driver:

jdbc:sqlserver://anIpAddress:1433;database=MAIN;user=differentDomainName\\aUserName;password=pass

I receive the following error:

com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user 'differentDomainName\aUserName'

This is the same error that I receive if I start SSMS without using runas and typed differentDomainName\aUserName for Login name in the "Connect to Server" dialog box of SSMS 2012.

Additional Information: The JDBC connection will be established within a application running on Linux. So, running the application using runas is not an option unfortunately.

Another attempt: I've also tried to use jTDS 1.3.1 with the following connection string:

jdbc:jtds:sqlserver://anIpAddress:1433;databaseName=MAIN;domain=differentDomainName;user=aUserName;password=pass

since aUserName is set up only for Windows authentication. Unfortunately, this produces the following exception:

o.a.tomcat.jdbc.pool.ConnectionPool : Unable to create initial connections of pool. Followed by java.sql.SQLException: I/O Error: DB server closed connection.

Permission information: I'm unable to modify anything on the SQL Server machine including any configuration within SQL Server. The "aUserName" account maps to a SQL Server read only Windows authentication only user.

James
  • 2,876
  • 18
  • 72
  • 116
  • A while ago I did something similar with jTDS for [this answer](http://stackoverflow.com/a/26465897/2144390). Perhaps it might give you some ideas for other things to try. – Gord Thompson Apr 01 '16 at 00:43
  • Thanks. I'm unable to modify anything on the SQL Server machine including any configuration within SQL Server. The user is set up as a read only user. I tried using the code snippet you provided (replacing with IP address, username and password for my environment) and still receive the same SQL exception noted in the OP. – James Apr 01 '16 at 15:34
  • Please refer to this [SO post](http://stackoverflow.com/questions/14945075/receiving-sqlexception-login-failed-for-user-connecting-to-sql-server-2008) describing windows authentication as well as needed .jar/.dll files. Also, consider passing username and password as arguments (not in connection string):`DriverManager.getConnection(connectionStr, user, password)`. – Parfait Apr 02 '16 at 23:46
  • @Parfait - Thanks but please note in OP that the solution offered in the post your referencing will not work for two reasons 1) The application needs to run in Linux. 2) Even if the application was running in Windows (it isn't though), the application needs to DB authenticate with a different user than that of the user running the application. – James Apr 04 '16 at 14:40
  • Maybe you can use the Kerberos authentication in the Microsoft SQL Server JDBC driver? – Mark Rotteveel Apr 06 '16 at 11:40
  • I have tried to use Kerberos authentication using this https://msdn.microsoft.com/en-us/library/gg558122(v=sql.110).aspx#Anchor_5. I can't seem to get that to work. That link mentions running a query. When I try it, I receive an error`The user does not have permission to perform this action.` I had another user with more permission run it and received `auth_scheme` as NTLM. Can you provide further details (as an answer) on how to use it & if you know whether my user can use it based on running that query? – James Apr 08 '16 at 16:52

1 Answers1

0

When you connect with MS JDBC driver, you don't specify the password for the user (at least not in the connection string you provided). If your intention was to use integrated security, you should indicate this in the connection string, but then you process has to be authenticated already for differentDomainName\aUserName

Integrated security & JDBC: https://msdn.microsoft.com/en-us/library/ms378428%28v=sql.110%29.aspx?f=255&MSPPError=-2147217396#Connectingintegrated

Since your plan is to access SQL server from linux, I doubt that you could make integrated security work for that scenario, so you should plan to provide the password in the connection string. I'm not sure if you can provide username/password for a domain user in the connection string (I think you can), but if you switch to a user with SQL server auth, it will certainly work. This should be a fallback option, as SQL server auth is less secure.

Alon Catz
  • 2,417
  • 1
  • 19
  • 23
  • You're correct in that I'm trying to authenticate from Linux. Therefore, I don't want to use integrated security. I will need to provide a password as you suggested. I did that with jTDS and also with the MS driver but as a param. I've updated the OP to indicate that. I know that SQL server authentication would work, but I don't have that option. – James Apr 04 '16 at 14:49