7

I need to connect to High Availability (HA) / Desaster Recovery (DR), also known as HADR, enabled SQL server 2012 using AD account from Java on Linux.

  • integratedSecurity is not an option since it runs on Linux
  • I can not use the jTDS JDBC driver since it does not support HADR cluster (no support for multiSubnetFailover=true)

jTDS actually works with username, password and domain connection string parameters, but times out 25% of the time.

So it seems I'm stuck with MS SQL JDBC driver but I can't make it work with just the username/password credentials, as I'm trying to solve this without Kerberos.

It must be possible to do it (in theory), since jTDS can actually do it!

I found that driver version 6.0 has property authentication=ActiveDirectoryPassword so it looked very promising, but a SQL connection string like

jdbc:sqlserver://server:port;database=DB;authentication=ActiveDirectoryPassword;username=name;password=PASSWORD

even trying with DOMAIN\username for username or user property, isn't working.

The docs says its for

using an Azure AD principal name and password

but it would just make my life so much easier.

The error I get is

Login failed for user ''

and shows empty user, but stepping through the decompiled code I can see the username and password values are being loaded into variables.

Any solution for this? I take any AD username/password connection to HADR SQL server 2012 that is pure JAVA.

U880D
  • 8,601
  • 6
  • 24
  • 40
Hurda
  • 4,647
  • 8
  • 35
  • 49
  • I'm curious to know if you found a solution, I believe this may be impossible until jTDS supports HADR. – Jon Freedman Mar 28 '17 at 14:47
  • It seem impossible, what jTDS is using is LDAP auth that MS SQL driver does not support that. Since MS SQL is now open source someone could potentially implement that – Hurda Mar 29 '17 at 13:40
  • 1
    There is a 10 year old [connect case](https://connect.microsoft.com/SQLServer/feedback/details/275681/sql-jdbc-integrated-security-with-domain-account-from-linux) open which might prompt M$ to do something if it gets enough comments/votes. – Jon Freedman Apr 07 '17 at 13:54
  • 1
    There is also [an issue](https://github.com/Microsoft/mssql-jdbc/issues/696) posted at the official mssql-jdbc repository on GitHub. – Gord Thompson May 30 '18 at 09:07
  • When I've had this issue it had to do with the user not being assigned to the correct role or having insufficient permission to connect to the specified DB. – Kidiskidvogingogin Oct 09 '18 at 12:27
  • @Kidiskidvogingogin are you suggesting that is possible? Note that I'm not talking about SQL server accounts, but AD accounts. – Hurda Oct 10 '18 at 21:22

0 Answers0