SQL Server 2025 Preview: Now Supporting Ubuntu 24.04 and TLS 1.3
We are excited to introduce two key enhancements in the SQL Server 2025 Release Candidate 0 (RC0) for Linux: Ubuntu 24.04 and the addition of Transport Layer Security (TLS) 1.3 support. These updates enable developers, database administrators, and IT professionals to leverage the latest open-source technologies and security protocols, strengthening their data platforms. Ubuntu 24.04 Support in SQL Server 2025 RC0 SQL Server 2025 Preview now supports Ubuntu 24.04. This enables seamless deployment in Dev/Test environments using the Enterprise Evaluation Edition, which is valid for 180 days. Note: Production workloads on Ubuntu 24.04 are not yet supported; for production, use SQL Server 2022 on Ubuntu 22.04 or RHEL 9. How to Deploy SQL Server 2025 RC0 on Ubuntu 24.04 Getting started is easy! You can follow our Quickstart: Install SQL Server and create a database on Ubuntu to walks through everything—from prepping your system to installing and configuring SQL Server on Ubuntu. In this demo, I'll show you how to deploy SQL Server 2025 RC0 on Ubuntu 24.04 running inside WSL2. I've already set up Ubuntu 24.04 on WSL2 and Docker Desktop to manage containers. With just two commands, I was able to launch SQL Server 2025 RC0 in a container. I then connected to it using SQL Server Management Studio (SSMS), where you can see the version information displayed, confirming a successful deployment. lsb_release -a docker pull mcr.microsoft.com/mssql/server:2025-RC0-ubuntu-24.04 docker run -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=<password>" \ -e "MSSQL_AGENT_ENABLED=true" \ -p 14333:1433 --name sql2025preview --hostname sql2025preview \ -d mcr.microsoft.com/mssql/server:2025-RC0-ubuntu-24.04 Here is the snippet of SQL Server ERRORLOG This shows the initial startup messages and confirms the SQL Server version running inside the container. TLS 1.3 Support in SQL Server 2025 RC0 Starting in SQL Server 2025 Preview (RC0), TLS 1.3 is enabled by default. To enable and validate TLS 1.3 for your SQL Server instance, follow the Learn guide: Encrypt Connections to SQL Server on Linux - SQL Server | Microsoft Learn Conclusion The addition of Ubuntu 24.04 and TLS 1.3 support in SQL Server 2025 Preview marks a significant step forward in providing modern, secure, and flexible data platform options. We encourage you to try out these new capabilities and share your feedback as we continue to improve SQL Server for the Linux ecosystem. We recommend you use any of the following options that suits you the best. 1) Send us an email with your feedback to sqlpreviewpackage@microsoft.com. 2) Another option would be to submit your comments directly on Azure Ideas (Use the SQL Server on Linux Group on the left side of the page) 3) Alternatively, you can open issues related to the preview packages Issues · microsoft/mssql-docker (github.com) on GitHub. We hope you give SQL Server 2025 preview on Ubuntu 24.04 a try and let us know what you think!SQL Server on Linux Now Supports cgroup v2
Hello, Linux + SQL Server Fans! If you’re running SQL Server on Linux, here’s some great news - cgroup v2 is now supported in SQL Server 2025 preview and SQL Server 2022 CU 20. This enhancement brings more precise and reliable resource management, especially for containerized deployments in environments like Docker, Kubernetes, and OpenShift. Why cgroup v2 Matters In Linux, control groups (cgroups) are a kernel feature that allows you to allocate, prioritize, and limit system resources such as CPU and memory. With cgroup v2, these capabilities are more unified and robust, offering better enforcement and visibility compared to the older version. To know more please visit: Control Group v2 — The Linux Kernel documentation. How to Check Your cgroup Version Run this command: stat -fc %T /sys/fs/cgroup/ If it returns cgroup2fs, you're using cgroup v2. If it returns cgroup, you're on cgroup v1. How to switch to cgroup v2: The simplest path is choosing a distribution that supports cgroup v2 out of the box. To switch manually: Add to GRUB config: systemd.unified_cgroup_hierarchy=1 Run: sudo update-grub SQL Server and Cgroupv2: Before this update, users running SQL Server containers on Kubernetes clusters (e.g., Azure Kubernetes Service version 1.25 and above) reported that SQL Server did not respect memory limits set via container specs. This led to issues like Out of Memory (OOM) errors, even when limits were properly configured. Here is an example: - For a standard D4ds_v5 machine that has 4 CPUs and 16 GB of RAM as shown in below screenshot If you check the SQL Server errorlog before SQL Server 2022 CU 20: You would observe that SQL Server can see 80% (12792 MB) of the overall memory (16 GB) available on the worker node of the Kubernetes cluster, even though you have configured the 3 Gi memory limit. You ask why just 80% then learn more about the memory.memorylimit, which by default is configured to 80% of the physical memory, to prevent out of memory (OOM) errors. For details please refer: Configure SQL Server Settings on Linux - SQL Server | Microsoft Learn. Below is the errorlog snippet and the container configuration: “Microsoft SQL Server 2022 (RTM-CU19) (KB5054531) - 16.0.4195.2 (X64) Apr 18 2025 13:42:14 Copyright (C) 2022 Microsoft Corporation Developer Edition (64-bit) on Linux (Ubuntu 22.04.5 LTS) <X64> .... .... Detected 12792 MB of RAM, 12313 MB of available memory, 12313 MB of available page file. This is an informational message; no user action is required” - This was despite the container being configured with a 3Gi memory limit: kubectl get pod mssql-0 -n cgrouptest -o jsonpath="{.status.qosClass}`n{.spec.containers[*].resources.limits.memory}" Guaranteed 3Gi Even though users limited the memory for SQL Server containers to 3 GB, SQL Server was still able to see the entire physical memory on the host and tried using that ending up in OOM crashes. But, With the release of SQL Server 2025 preview and SQL Server 2022 CU 20, the memory limits are now correctly enforced. Here's what the error log looks like with cgroup v2 support: “Microsoft SQL Server 2022 (RTM-CU20) (KB5059390) - 16.0.4205.1 (X64) Jun 13 2025 13:38:45 Copyright (C) 2022 Microsoft Corporation Developer Edition (64-bit) on Linux (Ubuntu 22.04.5 LTS) <X64> .. .. Detected 2458 MB of RAM, 1932 MB of available memory, 1932 MB of available page file. This is an informational message; no user action is required” The limits are same as previous case with memory limited to 3 GB as shown below, SQL Server ends up with 80% of 3 GB as the limit that is 2458 MB as printed in the errorlog. Below is the container configuration with a 3Gi memory limit: kubectl get pod mssql-latest-0 -n cgrouptest -o jsonpath="{.status.qosClass}`n{.spec.containers[*].resources.limits.memory}" Guaranteed 3Gi Learn More SQL Server on Linux Overview SQL Server 2025 Release Notes Deploy a SQL Server Linux container to kubernetes Deploy SQL Server on OpenShift or Kubernetes Understanding Cgroup v2on Kubernetes Understanding Cgroups on RHEL Wrapping Up With the introduction of cgroup v2 support in SQL Server 2025 and SQL Server 2022 CU 20, Linux-based deployments gain a powerful tool for smarter resource management. Whether you're running SQL Server in containers or on bare metal, cgroup v2’s unified hierarchy, simplified configuration, and real-time pressure metrics offer a more predictable and efficient way to enforce Quality of Service. From isolating workloads in Kubernetes to dynamically tuning performance under contention, this enhancement empowers DBAs and platform engineers to deliver consistent service levels across diverse environments. As SQL Server continues to evolve on Linux, embracing cgroup v2 is a strategic step toward building resilient, high-performance data platforms. Thanks, Engineering: Andrew Carter (Lead), Nicolas Blais-Miko Product Manager: Attinder Pal Singh and Amit Khandelwal
Managed Identity support for Azure Key Vault in SQL Server running on Linux
We are happy to announce that, you can now use Managed Identity to authenticate to Azure Key Vault from SQL Server running on Azure VM (Linux) available from SQL Server 2022 CU18 onwards. This blog will walk you through the process of using a user-assigned managed identity to access Azure Key Vault and configure Transparent Data Encryption(TDE) for a SQL database. Managed Identity: Microsoft Entra ID, formerly Azure Active Directory, provides an automatically managed identity to authenticate to any Azure service that supports Microsoft Entra authentication, such as Azure Key Vault, without exposing credentials in the code. Refer Managed identities for Azure resources - Managed identities for Azure resources | Microsoft Learn for more details. VM Setup and Prerequisites: Before diving into the setup, it's essential to ensure that your Azure Linux VM has SQL Server installed and that the VM has identities assigned with the necessary key vault permissions. Set up SQL Server running on Azure Linux VM. Refer SQL Server on RHEL VM in Azure: RHEL: Install SQL Server on Linux - SQL Server | Microsoft Learn, SQL Server on SLES VM in Azure: SUSE: Install SQL Server on Linux - SQL Server | Microsoft Learn, SQL Server on Ubuntu VM in Azure: Ubuntu: Install SQL Server on Linux - SQL Server | Microsoft Learn for more details. Create user-assigned Managed Identity. Refer https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal for more details. Go to Azure Linux VM resource in the Azure portal and click on Identity tab under security blade. Go to the User assigned tab in the right side panel and click on Add. Select the user-assigned managed identity and click on Add. Create a Key Vault and Keys. Refer Integrate Key Vault with SQL Server on Windows VMs in Azure (Resource Manager) - SQL Server on Azure VMs | Microsoft Learn for more details. Assign Key Vault Crypto Service Encryption User role to the user-assigned managed identity to perform wrap and unwrap operations. Go to the key vault resource that you created, and select the Access control (IAM)setting. Select Add> Add role assignment. Search for Key Vault Crypto Service Encryption User and select the role. Select Next. In the Members tab, select Managed identity option and click on Select members option, and then search for the user-assigned managed identity that you created in Step 3. Select the managed identity and then click on Select button. Setting the primary identity on Azure Linux VM To set the managed identity as the primary identity for Azure Linux VM, you can use the mssql-conf tool packaged with SQL Server. Here are the steps: Use the mssql-conf tool to manually set the primary identity. Run the following commands: sudo /opt/mssql/bin/mssql-conf set network.aadmsiclientid <client id of the managed identity> sudo /opt/mssql/bin/mssql-conf set network.aadprimarytenant <tenant id> 3. Restart the SQL Server: sudo systemctl restart mssql-server Enable TDE using EKM and managed identity: Refer Managed Identity Support for Extensible Key Management (EKM) with Azure Key Vault (AKV) - SQL Server on Azure VMs | Microsoft Learn for configuration steps for Azure Windows VM. These steps remain same for SQL Server running on an Azure Linux VM. 1.Enable EKM in SQL Server running on the Azure VM. 2.Create credential and encrypt the database. When using the CREATE CREDENTIAL command in this context, you only need to provide the 'Managed Identity' in the IDENTITY argument. Unlike earlier scenarios, you do not need to include a SECRET argument. This simplifies the process and enhances security by not requiring a secret to be passed. Conclusion: Using managed identity to access Azure Key Vault in SQL Server running on an Azure Linux VM boosts security, streamlines key management, and supports compliance. With data protection being paramount, Azure Key Vault’s integration along with managed identity offers a robust solution. Stay tuned for more insights on SQL Server on Linux! Official Documentation: Managed Identity Support for Extensible Key Management (EKM) with Azure Key Vault (AKV) - SQL Server on Azure VMs | Microsoft Learn Extensible Key Management using Azure Key Vault - SQL Server Setup Steps for Extensible Key Management Using the Azure Key Vault Azure Key Vault Integration for SQL Server on Azure VMsEnabling Azure Key Vault for SQL Server on Linux
Enhancing Security with EKM using Azure Key Vault in SQL Server on Linux: We’re excited to announce that Extensible Key Management (EKM) using Azure Key Vault in SQL Server on Linux is now generally available from SQL Server 2022 CU12 onwards, which allows you to manage encryption keys outside of SQL Server using Azure Key Vaults. In this blog post, we’ll explore how to leverage Azure Key Vault as an EKM provider for SQL Server on Linux. Azure Key Vault: The Bridge to Enhanced Security is a cloud-based service that securely stores keys, secrets, and certificates. By integrating Azure Key Vault with SQL Server, you can benefit from its scalability, high performance, and high availability. Refer Set up Transparent Data Encryption (TDE) Extensible Key Management with Azure Key Vault - SQL Server | Microsoft Learn for more details. Setting Up EKM with Azure Key Vault Here’s a streamlined version of the setup process for EKM with Azure Key Vault on SQL Server for Linux: Initialize a Microsoft Entra service principal. Establish an Azure Key Vault. Set up SQL Server for EKM and register the SQL Server Connector. Finalize SQL Server configuration. The full guide for setting up AKV with SQL Server on Linux is available here Set up Transparent Data Encryption (TDE) Extensible Key Management with Azure Key Vault - SQL Server | Microsoft Learn . For SQL on Linux, omit steps 3 and 4 and proceed directly to step 5. I’ve included screenshots below for your quick reference that covers the SQL Server configuration to use AKV. Run the below commands to enable EKM in SQL Server and register the SQL Server Connector as EKM provider. Please note: SQL Server requires manual rotation of the TDE certificate or asymmetric key, as it doesn’t rotate them automatically. Regular key rotation is essential for maintaining security and effective key management. Conclusion Using Azure Key Vault for EKM with SQL Server on Linux boosts security, streamlines key management, and supports compliance. With data protection being paramount, Azure Key Vault’s integration offers a robust solution. Stay tuned for more insights on SQL Server on Linux! :old_key:️:locked: Official Documentation: Extensible Key Management using Azure Key Vault - SQL Server Setup Steps for Extensible Key Management Using the Azure Key Vault Azure Key Vault Integration for SQL Server on Azure VMsDecoding Your SQL Server on Linux Deployment Options
This blog post dives deep into the deployment-related aspects, aiming to clarify these choices. To provide a clear visual guide based on my experience working with customers, I've put together a flowchart (as seen in Figure 1) that helps navigate the decision-making process based on your specific scenario. Please see the attachment "Decoding SQL Linux options" to access the hyperlinks as shown in figure 1. Let's imagine you're a Data Engineer, a developer, or even a DBA looking to deploy SQL Server on Linux to support applications running natively on Linux or within Kubernetes environments. The Familiar Path: Traditional Package-Based Deployments If you prefer and value operational familiarity and find it straightforward to deploy, manage, automate, and troubleshoot SQL Server when installed traditionally on a virtual or physical machine. Or, maybe your organization has specific security and compliance requirements that favour traditional deployments. Or, you might have complex, non-containerized workloads where a traditional setup is the current preference. If any of these resonates with you, then the "traditional virtual machine or physical machine based" deployment route is likely your starting point. Once you've decided on this approach, the next step is to talk to your system administrators to understand the available and preferred Linux distributions within your environment. SQL Server installation are fully supported for production workloads for the following three choices: SQL Server on Red Hat Enterprise Linux (RHEL) SQL Server on SUSE Linux Enterprise Server (SLES) SQL Server on Ubuntu Each of these options, represented as leaf nodes in the flowchart, comes with specific instructions for adding the necessary repositories based on the major version of the distribution. Following this, you can deploy the SQL Server packages and configure them according to your needs. For specific configuration requirements, such as enabling trace flags or setting environment variables for SQL Server, you can leverage the mssql-conf utility. You can find a comprehensive list of mssql-conf options in the official documentation: Configure SQL Server Settings on Linux - SQL Server | Microsoft Learn. Additionally, you may have a question: Can I install SQL Server for production workload on other distribution that are not listed in this flow chart or here: Release notes for SQL Server 2022 on Linux - SQL Server | Microsoft Learn, the answer is yes you may, but it comes with limited support and not recommended to run production workload. For details, refer: Support policy for SQL Server - SQL Server | Microsoft Learn Embracing Agility and Scale: Containerized Deployments of SQL Server Now, let's shift our focus to the world of containers. If your priority is faster deployments, scalability, and deploying more than one SQL Server instance on a single machine then containerization is a compelling option. Containers offer a lightweight and portable way to package SQL Server and its dependencies, ensuring consistency across different environments. As the flowchart illustrates, when you opt for a containerized deployment, you have choices regarding the orchestration platform: Kubernetes/OpenShift Based Clusters: For production-grade workloads demanding high availability, scalability, and robust orchestration, deploying SQL Server containers on Kubernetes (or OpenShift, a Kubernetes distribution) is a powerful solution. Kubernetes provides the framework for managing container lifecycles, scaling, networking, and storage in a flexible manner. This approach is particularly well-suited for modern, cloud-native applications. If you choose to deploy SQL containers on a Kubernetes/Openshift based clusters, then you have two ways to deploy the containers: Manual Deployment via YAML manifests or Helm Charts: This provides fine-grained control over the deployment configuration. You define the desired state and version of your SQL Server containers using YAML files or leverage Helm charts for templating and packaging your Kubernetes applications. This as name suggests is more of a manual deployment. Operator-Based Deployment on k8s clusters: Operators are Kubernetes extensions that automate the management and lifecycle of stateful applications like SQL Server. We have our partner DH2i who have developed an operator that helps deploy SQL Server and Highly available always on availability group on DxEnterprise clustering stack, refer to the “Operator based deployment on k8s cluster with Always On availability group” leaf node for details. Azure Arc enabled data service: Using Azure Arc it is possible to run the Azure data services on-premises and in public cloud using Kubernetes and the infrastructure of your choice. You can refer to the “Azure Arc for SQL MI” leaf node to help you deploy an evergreen SQL Server, that has cloud like elasticity on-premises and has other benefits like self-service provisioning, unified management. Standalone Host: If you have a Windows-based machine and want to deploy SQL Server Linux container images or SQL Server Linux packages without installing a virtual machine on top of your Windows client/server, you can leverage the Windows Subsystem for Linux (WSL). This allows you to install SQL Server Linux packages or SQL Server container images directly on Windows. Note that this setup is only supported for development purposes only and is not intended for production environments or workloads. For detailed instructions, please refer to WSL 2: Install SQL Server on Windows Subsystem for Linux - SQL Server | Microsoft Learn. If you're using a standalone Linux host and want to deploy containerized SQL Server without setting up a full Kubernetes cluster, you can run SQL Server containers directly using a container runtime like Docker. You can choose the container image based on your Linux distribution: Use RHEL-based containers on Red Hat Enterprise Linux hosts, SLES-based containers on SUSE Linux Enterprise Server hosts Or, Ubuntu-based containers on Ubuntu hosts These options are fully supported for production workloads and are a great choice for quick deployment without a container orchestration engine like Kubernetes. Many customers use this method for production, development, testing, or smaller-scale deployments where the overhead of a Kubernetes cluster might not be necessary. While you'll be responsible for manual orchestration and scaling in this scenario, it still offers the benefits of container isolation and simplified deployment. Making the Right Choice for Your Needs Ultimately, the decision between traditional package-based deployments and containerized deployments hinges on your specific requirements, existing infrastructure, team expertise, and the nature of your workloads. Choose traditional packages when familiarity, strict compliance needs, or non-containerized complex workloads are paramount. Embrace containers when agility, scalability, rapid deployment, and efficient resource utilization are key drivers. Kubernetes further enhances these benefits for production environments, while standalone container deployments offer a lighter-weight alternative for certain use cases. By understanding these different deployment avenues, you can confidently choose the path that best aligns with your goals for running SQL Server on Linux. Let me know your thoughts and if you find this useful.SQL Server Containers and SQL Server on Linux Now Available on Windows via WSL!
We're kicking off 2025 with exciting news! We are thrilled to announce that developers can now easily get started with SQL Server container images and SQL Server on Linux installations directly on their Windows machines using Windows Subsystem for Linux (WSL). This new capability is designed to streamline your development process, making it more efficient and versatile. Why Use SQL Server on WSL? With WSL, you can run a Linux environment directly on Windows without the overhead of a traditional virtual machine. This means you can now develop and test your SQL Server applications in a Linux environment, right from your Windows desktop. Here are some key benefits: Seamless Integration: Easily switch between Windows and Linux environments. Development Focused: Ideal for development and testing purposes. Giving Developers access to the power of both Windows and Linux at the same time on a Windows machine. For detailed instructions on installation and getting started with WSL, please refer Install WSL | Microsoft Learn. Important Note: This setup is intended for development and testing purposes only and is not supported for production environments. There are two ways to get started with SQL Server on WSL: Install SQL Server as a systemd service: This allows you to manage it using systemctl commands. Deploy SQL Server containers in WSL: You can also deploy SQL Server containers, with the option for persistent storage if needed. For more information, please refer to the tutorial on WSL 2: Install SQL Server on Windows Subsystem for Linux - SQL Server on Microsoft Learn. Getting Started Install WSL: If you haven't already, install WSL on your Windows machine. You can follow the official Microsoft documentation for a step-by-step guide. Choose your Linux distribution: We recommend running SQL Server in WSL environments on one of the Supported platforms as documented, for the version of SQL Server you intend to run. Set Up SQL Server Containers: Pull the latest SQL Server container images from the Docker Hub and set them up in your WSL environment. (and/or) Install SQL Server on Linux: Alternatively, you can install SQL Server directly on your Linux distribution within WSL. Thanks, Andrew Carter (lead), Eric Julien from the Engineering team, Rafid Lafta from CSS and Randolph West for the Technical documentation.Secure SQL Server on RHEL with SELinux
SQL Server 2022 marked a significant milestone by enabling you to run SQL Server on RHEL 9 as a confined application. Our commitment to prioritizing security mechanisms ensures that enforcing security policies on Linux systems is more straightforward than ever. In this blog post, we'll explore how you can effectively integrate SQL Server deployments with SELinux and provide you with valuable resources. For detailed information, please visit our official documentation: Get Started With SQL Server on SELinux - SQL Server | Microsoft Learn. What is SELinux (Security-Enhanced Linux)? SELinux is a robust security architecture for Linux systems that defines access controls for applications, processes, and files. It provides Mandatory Access Control (MAC) through security policies, which are sets of rules that dictate what can or cannot be accessed. This gives administrators greater control over who can access the system. For details, I recommend the following articles: What is SELinux (Security-Enhanced Linux). SELinux Architecture as seen in Red Hat Systems SQL Server and SELinux To enforce SELinux-based security policies for SQL Server 2022 and higher versions, you need to install the supported mssql-server-selinux package as documented here, which includes customized SELinux-specific rules that enable you to run SQL Server as a confined application. Here are the prerequisites: Ensure SELinux is enabled and in enforcing mode on the RHEL system. You can check this using the command sestatus, and the output should look like this: For further information on enabling SELinux please follow the official documentation Changing SELinux states and modes | Red Hat Product Documentation. Install the mssql-server-selinux package, which installs SQL Server and enables the custom SELinux policy that confines the SQL Server processes. It resets the selinuxuser_execmod Boolean, and the SQL Server service is configured to the mssql_server_t domain (type). To learn more about the different types defined in the 'mssql-server-selinux' package for SQL Server and how you can customize the data path or log path for SQL Server when running as a confined application, please refer to the official documentation: Get Started With SQL Server on SELinux - SQL Server | Microsoft Learn. Thanks, Andrew Carter (Lead), Pierre-Louis Caron-Auger and Eric Julien from the Engineering team and our partners from Red Hat Engineering.Announcing the Availability of adutil for RHEL 9 and Ubuntu 22.04 !
We’re thrilled to share that adutil, the Active Directory Utility for SQL Server, is now officially supported on RHEL 9 and Ubuntu 22.04. If you’ve been waiting for this, your patience has paid off! Let’s dive into the details. What Is adutil? adutil is a powerful tool that simplifies Active Directory integration with SQL Server on Linux-based deployments. It enables seamless authentication, user management, and keytab configuration. Whether you’re running SQL Server on RHEL 9 or Ubuntu 22.04, you can now harness the full capabilities of adutil. Getting Started Join Your Host Machine to the Domain: Before diving into adutil, ensure that your host machine is part of the domain. Follow the steps outlined in our article: Join SQL Server on Linux to Active Directory - SQL Server | Microsoft Learn. Installing adutil on RHEL 9: Execute the following commands to add the RHEL 9 Prod repository and install adutil: sudo curl -o /etc/yum.repos.d/msprod.repo https://packages.microsoft.com/config/rhel/9/prod.repo ## Now you are ready to install adutil using the command: sudo ACCEPT_EULA=Y yum install -y adutil ## you can check the adutil version using the command and ensure the version is 1.1.138 adutil --version Installing adutil on Ubuntu 22.04: Follow these steps to add the repository and install adutil: ## add the repo and required package signature curl https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc curl https://packages.microsoft.com/config/ubuntu/22.04/prod.list | sudo tee /etc/apt/sources.list.d/msprod.list ## now update the repo and install adutil sudo apt-get update sudo ACCEPT_EULA=Y apt-get install -y adutil Explore adutil’s Features Account Creation: Easily create and manage user accounts tied to Active Directory. Keytab Configuration: Set up keytabs for secure authentication. User Management: Handle user permissions and access. For detailed guidance, refer to our comprehensive article: Introduction to adutil - Active Directory Utility - SQL Server | Microsoft Learn. Updated on 22nd November 2024: Streamlining User Account Security with Adutil: AES 128/256-bit Encryption Now Supported With the release of Adutil version 1.1.143 and later, you can now easily create and modify user accounts to enable or disable AES 128/256-bit encryptions for kerberos. This update, available starting from version 1.1.143, includes built-in support for Kerberos AES 128-bit and AES 256-bit encryption by default. A few samples to help you get started. ## You can see the -D parameter to diable the AES 128/256 encryption for the account, by default when you use the adutil create command it creates with these options set for the account $ adutil user create --help create - Creates a new AD user account Usage: create [name] Positional Variables: name Name of the user account to create Flags: --version Displays the program version string. -h --help Displays help with available flag, subcommand, and positional value parameters. -n --name Name of the user account to create --distname Distinguished name of the account -o --ouname Organizational Unit of the account (takes precedence over distinguished name) --upn OPTIONAL: User principal name for the created account --desc OPTIONAL: Description for the account being created --password OPTIONAL: Password for the user being created -D --disableaessupport OPTIONAL: Disable AES 128 and 256 support -d --debug Display additional debugging information when making LDAP/Kerberos calls. --accept-eula Accepts the current EULA for adutil. This has no effect if the EULA has already been accepted. If --ouname and --distname are omitted, the value set by `adutil config set ou` will be used ## Similarly you see the -E and -D command to enable and disable the AES account options respectively when using the adutil user modify command: $ adutil user modify --help modify - Modify an existing AD user account Usage: modify [name] Positional Variables: name Name of the user account to modify Flags: --version Displays the program version string. -h --help Displays help with available flag, subcommand, and positional value parameters. -n --name Name of the user account to modify --distname Distinguished name of the account -o --ouname Organizational Unit of the account (takes precedence over distinguished name) -E --enableaessupport OPTIONAL: Enable AES 128 and 256 support -D --disableaessupport OPTIONAL: Disable AES 128 and 256 support -d --debug Display additional debugging information when making LDAP/Kerberos calls. --accept-eula Accepts the current EULA for adutil. This has no effect if the EULA has already been accepted. If --ouname and --distname are omitted, the value set by `adutil config set ou` will be used ## When you use the adutil user create command as shown below the user is created with the AES 128/256 encryptions set for the account $adutil user create --name testuser --distname CN=testuser,CN=Users,DC=CONTOSO,DC=COM ## If you intend to create a user without this properties set then use the -D option as shown below $adutil user create --name AESdisableduser --distname CN=AESdisableduser ,CN=Users,DC=CONTOSO,DC=COM -D ## if you wish to modify the kerberos AES encryption for an account here is a sample for the same: $ adutil user modify --name testuser --distname CN=testuser,CN=Users,DC=CONTOSO,DC=COM -D Successfully disabled AES encryption for ('testuser', 'CONTOSO.COM') ## you could also enable the kerberos AES encryption for an account as shown below: $ adutil user modify --name aesdisableduser --distname CN=aesdisableduser,CN=Users,DC=CONTOSO,DC=COM -E Successfully enabled AES encryption for ('aesdisableduser', 'CONTOSO.COM') You can now use Adutil to modify existing user accounts to enable or disable these encryption options. This new feature eliminates the need for manually enabling these settings in Active Directory, as detailed in step #2 of this document Fun Fact: Ansible and adutil Did you know that Ansible can simplify your SQL Server deployment? The Ansible-based SQL Server collection leverages adutil behind the scenes to enable AD authentication for SQL Server on Linux. Explore more in the Red Hat Hybrid Cloud Console documentation: Automation Hub - microsoft.sql | Ansible Automation Platform (redhat.com) and our official documentation: Quickstart: Deploy SQL Server on Linux using an Ansible playbook - SQL Server | Microsoft Learn Get ready to enhance your SQL Server experience with adutil on RHEL 9 and Ubuntu 22.04! Thanks, Engineering Lead: Vaibhao Tatte Engineering Team: Dwaipayan Barman, Parameswara Reddy BodeddulaSQL Server 2022 for RHEL 9 and Ubuntu 22.04 is now Generally Available (GA)
We are happy to announce that Starting CU 10 release for SQL Server 2022 , SQL Server 2022 on RHEL 9 and Ubuntu 22.04 is now generally available (GA), meaning you can run production workload on SQL Server 2022 deployed on Red Hat Enterprise Linux (RHEL) 9 and Ubuntu 22.04. For SQL Server 2022 on RHEL 9, the SELinux integration that enables you to run SQL Server 2022 on RHEL 9 as confined application is also now generally available. If you've had the preview packages installed previously, we recommend that you please uninstall the preview bits and upgrade to SQL Server 2022 GA packages available at the following repos, for steps on how to update repos refer the Configure repositories for installing and upgrading SQL Server on Linux - SQL Server | Microsoft Learn documentation. For RHEL 9 use the repo: https://packages.microsoft.com/config/rhel/9/ For Ubuntu 22.04 use the repo: https://packages.microsoft.com/config/ubuntu/22.04/ For further details on getting started with the installation of SQL Server 2022 on RHEL 9 refer: RHEL: Install SQL Server on Linux - SQL Server | Microsoft Learn & for SQL Server on Ubuntu 22.04 refer: Ubuntu: Install SQL Server on Linux - SQL Server | Microsoft Learn SQL Server 2022 container images on RHEL 9 & Ubuntu 22.04 also generally available: SQL Server 2022 on RHEL 9 and Ubuntu 22.04 are also available as container images and generally available (GA). It is easy for you to get started. Like always, you can use both podman and/or docker tool. To pull and run the production ready SQL Server 2022 images on RHEL 9 use the tag: 2022-CU10-rhel-9.1 #Pull the image podman pull mcr.microsoft.com/mssql/rhel/server:2022-CU10-rhel-9.1 #Run a container using the above image podman run -e 'ACCEPT_EULA=Y' -e 'MSSQL_SA_PASSWORD=<YourP@ssword>' -e 'MSSQL_PID=Developer' -h sql22rhel9 --name sql22rhel9 -p 1433:1433 -d mcr.microsoft.com/mssql/rhel/server:2022-CU10-rhel-9.1 To pull and run the production ready SQL Server 2022 images on Ubuntu 22.04 use the tag: 2022-CU10-ubuntu-22.04 #Pull the image docker pull mcr.microsoft.com/mssql/server:2022-CU10-ubuntu-22.04 #Run a container use the above image docker run -e 'ACCEPT_EULA=Y' -e 'MSSQL_SA_PASSWORD=<YourP@ssword>' -e 'MSSQL_PID=Developer' -h sql22ubu2204 --name sql22ubu2204 -p 1433:1433 -d mcr.microsoft.com/mssql/server:2022-CU10-ubuntu-22.04
