MicrosoftMicrosoft
MicrosoftThank you for all your comments and apologize for the late reply, but please find my replies below
IlsaL As you rightly mentioned and also documented here: Configure Active Directory authentication with SQL Server on Linux-based containers using adutil - SQL Server | Microsoft Docs you need to add --add-host options for the container if the host cannot connect to the domain and container needs to connect to domain to be able to join and hence --add-host is necessary, you would normally do it when deploying on public cloud environments like Azure or on kubernetes platforms where the host is not joined to the domain but container needs to be able to talk to the domain.
I am working on documentation for troubleshooting configuration of AD authentication and will include SQL PAL logging for kerberos as described in this blog by Bob and Dylan : SQL Server on Linux: Kerberos Troubleshooting, Hints and Tips and Hard Code Debugging – SQL Server According to Bob (bobsql.com)
Aaron2210 adutil is not a replacement for any tool, the idea for the creation of this tool was to make it easy for SQL Server users/dbas to create keytabs, SPNs without the need to jump between windows and Linux machines. Starting SQL CU 14 adutil is now integrated with mssql-conf tool so you can now rotate keytabs as well using mssql-conf options ( documentation coming soon hopefully in couple of weeks) meanwhile please look at the mssql-conf help options to see the various parameters.
As mentioned adutil is a completely supported tool and you can open ticket with Microsoft support for issues with adutil when using it for SQL Server more information is available here: Introduction to adutil - Active Directory Utility - SQL Server | Microsoft Docs