Linux Java app fails connection with SQL Server on Windows server using integrated authentication

Cross, Don (Omaha) 1 Reputation point
2021-06-21T21:07:31.053+00:00

We have a java application running on a Linux server that needs to connect to a SQL Server database running on a windows server using integrated security, or any equivalent that doesn't require passing a user ID and Password.

Additionally, the database user is a Windows Active Directory service account.

The Linux server is configured to allow Active Directory sign-ons, but the Java application is running under a Linux service account.

We are using Microsoft's jdbc driver mssql-jdbc-9.2.1.jre8.jar.

The last connection string we tried was: 

jdbc:sqlserver://Wxxxxxx009.fdcctx.com:1443;DatabaseName=ucd;authenticationScheme=NTLM;integratedSecurity=true;domain=ourDomain.com

The response was: 

com.microsoft.sqlserver.jdbc.SQLServerException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. ClientConnectionId:7d196400-0328-421d-9f37-6eb0452ad3a6

What do we need to do to get a successful connection?

Would setting up the AD Service Account on Linux so we can sudo into it, allow us to run the application?

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,697 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. CathyJi-MSFT 21,086 Reputation points Microsoft Vendor
    2021-06-22T07:04:22.363+00:00

    Hi @Cross, Don (Omaha) ,

    Please using authenticationScheme=JavaKerberos replace authenticationScheme=NTLM in your connection string.

    According to MS document;

    The Microsoft JDBC Driver for SQL Server allows an application to use the authenticationScheme connection property to indicate that it wants to connect to a database using NTLM v2 Authentication.

    The following properties are also used for NTLM Authentication:

    •domain = domainName (optional)
    •user = userName
    •password = password
    •integratedSecurity = true

    Other than domain, the other properties are mandatory, the driver will throw an error if any are missing when the NTLM authenticationScheme property is used.

    This is a local connection or remote connection? If this is a remote connection, did the two servers under same domain?

    If the response is helpful, please click "Accept Answer" and upvote it, as this could help other community members looking for similar queries.

  2. Cross, Don (Omaha) 1 Reputation point
    2021-07-07T15:20:59.057+00:00

    Using the specified connection string, the application installer ran to successful completion, including connecting to the database and implementing the application schema.

    Our security team is greatly disconcerted since connections to Service Accounts aren't supposed to accept user name and password arguments.

    While the application installer ran successfully, the installed application fails to connect to the database. It doesn't seem to be able to support connections to databases that use Active Directory Service Accounts as users.

    The application vendor is researching the issue.

    0 comments