How to configure windows authentication for Microsoft JDBC in Linux. (We use Squirrel to do this test)
sudo yum install realmd krb5-workstation
sudo yum install sssd-tools
sudo yum install samba-common-tools
sudo vi /etc/sysconfig/network-scripts/ifcfg-ens33
Add below information into this file
PEERDNS=no
DNS1=**<AD domain controller IP address>**
sudo systemctl restart network
sudo vi /etc/resolv.conf
search MYTEST.COM
nameserver **<AD domain controller IP address>**
sudo vi /etc/hosts
192.168.232.128 Win2012AD
sudo vi /etc/hostname
sudo realm join MYTEST.COM -U 'bobcai@MYTEST.COM' -v
sudo vi /etc/krb5.conf
The following yellow highlight parts should be changed to your own domain name. Domain name should be “uppercase”
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_tkt_enctypes = aes256-cts
default_tgs_enctypes = aes256-cts
permitted_enctypes = aes256-cts
dns_lookup_realm = false
dns_lookup_kdc = yes
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt
default_realm = MYTEST.COM
default_ccache_name = KEYRING:persistent:%{uid}
default_realm = MYTEST.COM
[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
MYTEST.COM = {
kdc = Win2012AD.MYTEST.COM:88
admin_server = Win2012AD.MYTEST.COM:749
default_domain = MYTEST.COM
}
[domain_realm]
# .example.com = EXAMPLE.COM
I will use “bobcai” ticket to login SQL Server. So we need to run “kinit bobcai” to get bobcai’s TGT package.
[bobcai@centos7 Packages]$ kinit bobcai
Password for bobcai@MYTEST.COM:
[bobcai@centos7 Packages]$ klist
Ticket cache: KEYRING:persistent:1000:1000
Default principal: bobcai@MYTEST.COM
Valid starting Expires Service principal
03/03/2019 18:55:06 03/04/2019 04:55:06 krbtgt/MYTEST.COM@MYTEST.COM
renew until 03/10/2019 18:55:01
[bobcai@centos7 Packages]$
[bobcai@JDBCTEST ~]$ sudo su
[sudo] password for bobcai:
[root@JDBCTEST bobcai]# yum install java
http://www.squirrelsql.org/#installation
[bobcai@JDBCTEST ~]$ java -jar squirrel-sql-3.9.1-standard.jar
[bobcai@JDBCTEST ~]$ tar -zxf sqljdbc_6.0.8112.200_enu.tar.gz
Load sqljdbc42.jar in jre8 folder.
[bobcai@JDBCTEST ~]$ sudo vi /etc/profile
export KRB5CCNAME=/home/bobcai/krb5cc_bobcai
export JAVA_HOME=/usr/lib/jvm/jre-1.8.0
19. Create SQLJDBCDriver.conf file inside squirrel-sql-3.9.1 folder. Put below information into SQLJDBCDriver.conf file
SQLJDBCDriver {
com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
};
[bobcai@JDBCTEST squirrel-sql-3.9.1]$ vi squirrel-sql.bat
Add below parameters
-Djava.security.auth.login.config=SQLJDBCDriver.conf -Djava.security.krb5.conf=/etc/krb5.conf
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.