From Windows using SQL Server Management Studio (SSMS), I can only connect to a SQL Server on a different domain as follows:
C:\> runas /netonly /user:differentDomainName\aUserName "C:\Program Files (x86 )\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe -S anIpAddress"
How can I accomplish this connection via JDBC? I've tried using the following connection string with Microsoft's sqljdbc 4.2 driver:
jdbc:sqlserver://anIpAddress:1433;database=MAIN;user=differentDomainName\\aUserName;password=pass
I receive the following error:
com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user 'differentDomainName\aUserName'
This is the same error that I receive if I start SSMS without using runas and typed differentDomainName\aUserName for Login name in the "Connect to Server" dialog box of SSMS 2012.
Additional Information: The JDBC connection will be established within a application running on Linux. So, running the application using runas is not an option unfortunately.
Another attempt: I've also tried to use jTDS 1.3.1 with the following connection string:
jdbc:jtds:sqlserver://anIpAddress:1433;databaseName=MAIN;domain=differentDomainName;user=aUserName;password=pass
since aUserName is set up only for Windows authentication. Unfortunately, this produces the following exception:
o.a.tomcat.jdbc.pool.ConnectionPool : Unable to create initial connections of pool. Followed by java.sql.SQLException: I/O Error: DB server closed connection.
Permission information: I'm unable to modify anything on the SQL Server machine including any configuration within SQL Server. The "aUserName" account maps to a SQL Server read only Windows authentication only user.
1 Answers
Answers 1
When you connect with MS JDBC driver, you don't specify the password for the user (at least not in the connection string you provided). If your intention was to use integrated security, you should indicate this in the connection string, but then you process has to be authenticated already for differentDomainName\aUserName
Integrated security & JDBC: https://msdn.microsoft.com/en-us/library/ms378428%28v=sql.110%29.aspx?f=255&MSPPError=-2147217396#Connectingintegrated
Since your plan is to access SQL server from linux, I doubt that you could make integrated security work for that scenario, so you should plan to provide the password in the connection string. I'm not sure if you can provide username/password for a domain user in the connection string (I think you can), but if you switch to a user with SQL server auth, it will certainly work. This should be a fallback option, as SQL server auth is less secure.
0 comments:
Post a Comment