Login/Register
Azure Data Studio does not recognize Kerberos Ticket in MacOS Monterey
Asked Answered
sql-serverauthenticationkerberosmacos-montereyazure-data-studio
P

1

7

I am attempting to connect to a Microsoft SQL Server database on a corporate network that is limited to Windows Authentication. I have configured Kerberos and Kerberos does successfully issue a ticket and I can verify that the ticket is valid in Ticket Viewer. But when I attempt to connect in Azure Data Studio, and select "Windows Authentication", I am given the message "Connection Failed due to Kerberos Error".

My krb5.conf is located at ~/etc/krb5.conf and I have followed configuration instructions here.

On a Windows machine connected to the network, when I run setspn -L DATABASENAME I show:

Registered ServicePrincipalNames for CN=DATABASENAME,OU=Servers,OU=Data Center,DC=companyname,DC=com:
        MSServerClusterMgmtAPI/DATABASENAME
        MSServerClusterMgmtAPI/DATABASENAME.companyname.com
        WSMAN/DATABASENAME
        WSMAN/DATABASENAME.companyname.com
        TERMSRV/DATABASENAME
        TERMSRV/DATABASENAME.companyname.com
        RestrictedKrbHost/DATABASENAME
        HOST/DATABASENAME
        RestrictedKrbHost/DATABASENAME.companyname.com
        HOST/DATABASENAME.companyname.com

When I run nslookup -type=srv _kerberos._tcp.companyname.com I show:

Server:  UnKnown
Address:  xx.x.x.163
Non-authoritative answer:
_kerberos._tcp.companyname.com SRV service location:
          priority       = 0
          weight         = 100
          port           = 88
          svr hostname   = dcname01.companyname.com
_kerberos._tcp.companyname.com SRV service location:
          priority       = 0
          weight         = 100
          port           = 88
          svr hostname   = dcname02.companyname.com
_kerberos._tcp.companyname.com SRV service location:
          priority       = 0
          weight         = 100
          port           = 88
          svr hostname   = dcname03.companyname.com
_kerberos._tcp.companyname.com SRV service location:
          priority       = 0
          weight         = 100
          port           = 88
          svr hostname   = dcname04.companyname.com
dcname01.comapnyname.com        internet address = xx.x.x.47
dcname02.companyname.com        internet address = xx.x.x.8
dcname03.companyname.com        internet address = xx.xx.x.11
dcname04.companyname.com        internet address = xx.xx.x.10

The way I have my krb5.conf file configured is:

[libdefaults]
 default_realm = COMPANYNAME.COM

[realms]
COMPANYNAME.COM = {
 kdc = dcname01.companyname.com
 kdc = dcname02.companyname.com
 kdc = dcname03.companyname.com
 kdc = dcname04.companyname.com
}

I have tried many different configurations for krb5.conf involving inclusion and omission of different k/v pairs in different formats but nothing I have tried has worked. I have also attempted to reinstall krb5 via homebrew.

I am using an Intel Mac on macOS 12.3.1.

What would be causing Azure Data Studio to not acknowledge my Kerberos Ticket?

Proustite answered 18/4, 2022 at 16:48 Comment(1)
Did you ever figure this one out? I'm suffering from the same problem.Lignite
V
-1

you need to add in host file server ip address and server full name (with domain for exmaple "sqlserver.yourdomain.com")

Valerlan answered 10/8, 2022 at 15:24 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.