%3CLINGO-SUB%20id%3D%22lingo-sub-1600069%22%20slang%3D%22en-US%22%3ESQL%20Server%20managed%20by%20Red%20Hat%20Linux%20Identity%20Management%20may%20fail%20to%20execute%20high%20privileged%20command%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1600069%22%20slang%3D%22en-US%22%3E%3CP%3EFollowing%20article%20describe%20how%20to%20configure%20Active%20Directory%20authentication%20on%20SQL%20Server%20running%20in%20Red%20Hat%20operating%20system%20using%20Red%20Hat%20Enterprise%20Linux%20Identity%20Management%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETutorial%3A%20Configuring%20Red%20Hat%20Enterprise%20Linux%20to%20allow%20Active%20Directory%20users%20to%20login%20to%20Microsoft%20SQL%20Server%202019%20leveraging%20a%20trust-level%20setup%20between%20Red%20Hat%20Enterprise%20Linux%20Identity%20Management%20and%20Microsoft%20Active%20Directory.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Faccess.redhat.com%2Farticles%2F4094741%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faccess.redhat.com%2Farticles%2F4094741%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERecently%20we%20found%20on%20SQL%20Server%20managed%20by%20Red%20Hat%20Enterprise%20Linux%20Identity%20Management%2C%20if%20we%20execute%20a%20high%20privileged%20command%20like%20create%20user%20first%20time%20it%20succeeds%2C%20if%20we%20try%20to%20add%20the%20user%20second%20time%20it%20fails%20with%20following%20error.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1%26gt%3Bcreate%20login%20test102%20with%20password%3D'test102'%2Ccheck_policy%3Doff%3C%2FP%3E%0A%3CP%3E2%26gt%3Bgo%3C%2FP%3E%0A%3CP%3E1%26gt%3Bcreate%20login%20test103%20with%20password%3D'test103'%2Ccheck_policy%3Doff%3C%2FP%3E%0A%3CP%3E2%26gt%3Bgo%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Msg%2015404%2C%20Level%2016%2C%20State%2022%2C%20Server%20sql-idm%2C%20Line%201%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Could%20not%20obtain%20information%20about%20Windows%20NT%20group%2Fuser%20'acnet%5Csqladmin'%2C%20error%20code%200x80090304.%3C%2FP%3E%0A%3CP%3E1%26gt%3B%20quit%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3BRedhat%20has%20acknowledged%20the%20issue%20and%20a%20fix%20is%20released%20in%20Red%20Hat%208.2%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1600069%22%20slang%3D%22en-US%22%3E%3CP%3ESQL%20Server%20managed%20by%20Red%20Hat%20Linux%20Identity%20Management%20may%20fail%20to%20execute%20high%20privileged%20command%3C%2FP%3E%3C%2FLINGO-TEASER%3E

Following article describe how to configure Active Directory authentication on SQL Server running in Red Hat operating system using Red Hat Enterprise Linux Identity Management

 

Tutorial: Configuring Red Hat Enterprise Linux to allow Active Directory users to login to Microsoft SQL Server 2019 leveraging a trust-level setup between Red Hat Enterprise Linux Identity Management and Microsoft Active Directory.

https://access.redhat.com/articles/4094741

 

Recently we found on SQL Server managed by Red Hat Enterprise Linux Identity Management, if we execute a high privileged command like create user first time it succeeds, if we try to add the user second time it fails with following error.

 

1>create login test102 with password='test102',check_policy=off

2>go

1>create login test103 with password='test103',check_policy=off

2>go

               Msg 15404, Level 16, State 22, Server sql-idm, Line 1

               Could not obtain information about Windows NT group/user 'acnet\sqladmin', error code 0x80090304.

1> quit

 

 Redhat has acknowledged the issue and a fix is released in Red Hat 8.2