First published on MSDN on Nov 26, 2018
In the past, SQL Server on Linux has required SSSD to be configured for AD Authentication to work. SSSD is a very powerful service which provides support AD authentication and integration. However, there are some third-party AD providers (such as Centrify, PBIS, and VAS) which provide additional value-added services (such as auditing) on top of basic AD authentication. These third-party AD providers do not configure SSSD when joining the AD domain.
There are many customers which depend on these third-party AD providers to provide single “trusted zone” for all users to access resources regardless of the host OS of said resources. In today’s hybrid environments which uses Windows server, Linux servers and Windows AD to provide authentication, ease of configuration and audit capability among others, are often highly preferred. Listening to the demand from such customers, SQL Server now supports AD authentication without SSSD.
Additionally, if your domain controller supports LDAPS, you can force all connections from SQL Server to the domain controllers to be over LDAPS. To check your client can contact the domain controller over ldaps, run the following bash command, “ldapsearch -H ldaps://contoso.com:3269”. To set SQL Server to only use LDAPS, run the following: