Connect To SQL Server With Windows Authentication From A Linux Machine Through JDBC

Well, eventually I answer my own question: This is not possible to use Windows authentication from a linux machine using the Microsoft JDBC driver. This is possible using the jTDS JDBC driver using the following connection string:

jdbc:jtds:sqlserver://host:port;databaseName=dbname;domain=domainName;useNTLMv2=true;

Thank you all for all the comments


TL;DR

It is not possible to use native Windows Authentication for JDBC connections to MSSQL from a JVM running on Linux.


This MSDN article explains the authentiation methods with JDBC on Linux, potential errors, and available options:

https://blogs.msdn.microsoft.com/psssql/2015/01/09/jdbc-this-driver-is-not-configured-for-integrated-authentication/

...in the JDBC 4.0 driver, you can use the authenticationScheme connection property to indicate how you want to use Kerberos to connect to SQL. There are two settings here.

  • NativeAuthentication (default) – This uses the sqljdbc_auth.dll and is specific to the Windows platform. This was the only option prior to the JDBC 4.0 driver.

  • JavaKerberos – Makes use of the Java API’s to invoke kerberos and does not rely on the Windows Platform. This is java specific and not bound to the underlying operating system, so this can be used on both Windows and Linux platforms.

...

The following document outlines how to use Kerberos with the JDBC Driver and walks through what is needed to get JavaKerberos working properly.

Using Kerberos Integrated Authentication to Connect to SQL Server http://msdn.microsoft.com/en-us/library/gg558122%28v=sql.110%29.aspx


For those who are using DBeaver the way to connect to the SQL Server Database is:

In order to connect to the SQL Server from Linux Debian using DBeaver

1.- Select SQL Server jTDS driver

enter image description here

2.- Enter the connection information

enter image description here

3.- Go to Driver Properties tab and add the domain, user, password

enter image description here

enter image description here

Just as a note, in some post I found that they needed to change the property USENTLMV2 to TRUE but it worked for me either by putting the USERTLNMV2 in true or false.

A problem that I found was that when I was trying to connect to the database using my user and password the next error was thrown:

Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

enter image description here

This error was thrown because of my user was about to expire. I tried with another AD user and it could connect.


I know this is kind of an older topic but in case Google sends people here:

There are two main JDBC drivers for SQL Server. One is from Microsoft and the other from jTDS. jTDS can, amazingly, connect using Windows auth (NTLM) from other platforms, including Linux, as described here: http://jtds.sourceforge.net/faq.html#windowsAuth. It can, of course, also use SQL-authenticated logins. SQL-authenticated logins are no harder to use from any OS than any other, so don't forget about those an option.

The version provided by Microsoft is the one from which @mjn provided a quote from the documentation. It is able to connect using Windows authentication by specifying integratedSecurity=true, authenticationScheme=javaKerberos, and authentication=NotSpecified.

It is tricky to get this working even if you don't go out of your way to find more confusion, so always keep in mind which driver you are using - and tell us in these posts so that you can get more specific help.


This JDBC URL is validated to work with latest Microsoft SQL Server JDBC driver:

jdbc:sqlserver://[server]:[port];database=[db\;trustServerCertificate=true;integratedSecurity=true;user=[user without domain];password=[pw];authenticationScheme=NTLM;domain=[domain];authentication=NotSpecified

Example:

jdbc:sqlserver://mysql.myorg.com:1433;database=mydb;trustServerCertificate=true;integratedSecurity=true;user=myuser;password=mypwd;authenticationScheme=NTLM;domain=ad.myorg.com;authentication=NotSpecified