1

So I'm trying to connect to one of our SQL server from a RHEL Server 7.4 machine, I already installed kerberos, unixodbc and Microsoft ODBC for Linux.

The SQL Server I'm trying to connect to is inside Active Directory domain, I was able to authenticate through that using kinit but still getting SSPI Provider: Server not found in Kerberos database. error.

This is my snippet from terminal:

[RH@localhost /]$ sudo kinit rh@ADS.LOCAL.COM
[sudo] password for RH: 
Password for rh@ADS.LOCAL.COM: 
[RH@localhost /]$ sqlcmd -E -S MyServer
Sqlcmd: Error: Microsoft ODBC Driver 13 for SQL Server : SSPI Provider: Server not found in Kerberos database.
Sqlcmd: Error: Microsoft ODBC Driver 13 for SQL Server : Cannot generate SSPI context.

This is my /etc/krb5.conf:

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 forwardable = yes
 default_realm = ADS.LOCAL.COM
 default_ccache_name = KEYRING:persistent:%{uid}
 dns_lookup_kdc = true

[domain_realm]
 .ads.local.com = ADS.LOCAL.COM

Thanks in advance!

chad
  • 113
  • 1
  • 6

2 Answers2

3

what did you get from 

klist -k

executed as root? If there is nothing to see, then your server is not joined to the active directory. Otherwise you see your host entries for the kerberos system.

Normally, RHEL 7 Systems are configured with sssd as the central authentication service. Please check if sssd is installed and running: 

systemctl status sssd

If not, you can try to join again with 

net ads join

Otherwise, configure your sssd to join your active directory domain with

realm join

You can get more Information about this here:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/SSSD-AD

Regards, Björn

TuxOne
  • 46
  • 2
  • Thanks for the answer! Do you think there would be a security flaw or issue when I join a Linux server to a Windows AD? – chad Nov 15 '17 at 15:31
  • No, this is common practice. If you set on standard software from the main distributions, this will work without more security issues than on windows systems ;-) – TuxOne Nov 21 '17 at 13:21
0

I had the same issue but the solution in my case was having tried to use SQL Server IP rather than the FQDN. Using FQDN fixes this the same error message ("SSPI Provider: Server not found in Kerberos database"), or including: "ServerSPN = MSSQLSvc/:" in the ODBC DSN.

xgMz
  • 101
  • 2