Unable to connect from DBeaver on Mac to SQL Server that uses Active Directory authentication #13386
-
System information:
Connection specification:
Describe the problem you're observing:Working remotely, I wish to connect DBeaver on a Mac to SQL Server that uses an Active Directory service to authenticate and authorize users. I've tried multiple approaches to connect and authenticate, including those recommended in issue 3647 and issue 9751. Nevertheless, I am unable to authenticate. Here's one error I've received. Steps to reproduce, if exist:Based on the configuration, these seem to be the settings needed:
Using them reproduces my error. Curiously, the username string in the error message is usually empty, but not always (like above). I wonder if DBeaver is failing to use it. What settings should be used to connect with my configuration? |
Beta Was this translation helpful? Give feedback.
Replies: 14 comments 2 replies
-
@artgoldberg did you try to connect using e.g. SMSS? |
Beta Was this translation helpful? Give feedback.
-
Thanks @uslss . I'm using a Mac and "SSMS is available only as a 32-bit application for Windows". I started trying to use Azure Data Studio, but it doesn't support Active Directory - Password authentication. However, the document you reference provides a hint. While it's terribly written, it seems to suggest that the name of the user granted rights to access a SQL Server database must exactly match the User Principal Name (UPN) for the user in the Active Directory server used to authenticate the user. Is this correct? Please let me know, as that would be important information if it is true, and Googling does not answer the question. Thanks |
Beta Was this translation helpful? Give feedback.
-
Hello @uslss . Thanks |
Beta Was this translation helpful? Give feedback.
-
Hello @artgoldberg |
Beta Was this translation helpful? Give feedback.
-
Thanks @LonwoLonwo No, I've not tried an Azure database. But I have no problem using SQL Server Authentication to access SQL Server, so I do not need to try that. The key challenge here is to get Active Directory authentication working. What do you think Serge @serge-rider ? Thanks |
Beta Was this translation helpful? Give feedback.
-
Thanks @LonwoLonwo , I've tried #4990 and it didn't work. However, colleagues of mine enabled connection from DBeaver on Mac to SQL Server by using Kerberos to access the Active Directory authentication. It's complicated. I can provide details if you like. |
Beta Was this translation helpful? Give feedback.
-
Yes @artgoldberg |
Beta Was this translation helpful? Give feedback.
-
What I did is to set up the Kerberos configuration in /etc/krb5.conf on the Mac for the AD realm(s) aka domain(s). Then, it's just a matter of setting the properties correctly: databaseName=master Another alternative, if you want true SSO, is to run |
Beta Was this translation helpful? Give feedback.
-
Thanks @jnahmias , that's great! |
Beta Was this translation helpful? Give feedback.
-
I am having similar issues for MFA, is there a way to connect properly to Synapse DWH? |
Beta Was this translation helpful? Give feedback.
-
hey guys , i can even see the configuration settings in #13386 (comment). all I see is |
Beta Was this translation helpful? Give feedback.
What I did is to set up the Kerberos configuration in /etc/krb5.conf on the Mac for the AD realm(s) aka domain(s). Then, it's just a matter of setting the properties correctly:
databaseName=master
authenticationScheme=JavaKerberos
encrypt=true
integratedSecurity=true
serverName=mssqlserver.example.org
trustStoreType=KeychainStore
userName=me@EXAMPLE.ORG
password=REDACTED
Another alternative, if you want true SSO, is to run
kinit me@EXAMPLE.ORG
first. Then you can leave off theuserName
andpassword
properties.