在 Linux 上使用 python 和“Windows Credentials”连接到 MS SQL Server

发布于 2024-07-13 08:48:43 字数 676 浏览 7 评论 0原文

有没有办法使用 Windows 域凭据在 Linux 上使用 python 连接到 MS SQL Server 数据库?

我可以使用 Windows 凭据从我的 Windows 机器上完美连接,但尝试使用 pyodbs + freetds + unixodbc 从 linux python 执行相同操作

>>import pyodbc
>>conn = pyodbc.connect("DRIVER={FreeTDS};SERVER=servername;UID=username;PWD=password;DATABASE=dbname")

会导致此错误:

class 'pyodbc.Error'>: ('28000', '[28000] [unixODBC][FreeTDS][SQL Server]Login incorrect. (20014) (SQLDriverConnectW)')

我确信密码写入正确,但我已经尝试了很多用户名的不同组合:

DOMAIN\username
DOMAIN\\username

甚至

UID=username;DOMAIN=domain

无济于事。 有任何想法吗?

Is there any way to connect to an MS SQL Server database with python on linux using Windows Domain Credentials?

I can connect perfectly fine from my windows machine using Windows Credentials, but attempting to do the same from a linux python with pyodbs + freetds + unixodbc

>>import pyodbc
>>conn = pyodbc.connect("DRIVER={FreeTDS};SERVER=servername;UID=username;PWD=password;DATABASE=dbname")

results in this error:

class 'pyodbc.Error'>: ('28000', '[28000] [unixODBC][FreeTDS][SQL Server]Login incorrect. (20014) (SQLDriverConnectW)')

I'm sure the password is written correctly, but I've tried many different combinations of username:

DOMAIN\username
DOMAIN\\username

or even

UID=username;DOMAIN=domain

to no avail. Any ideas?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

冬天的雪花 2024-07-20 08:48:43

至少截至 2013 年 3 月,这似乎可以在 FreeTDS 中开箱即用。 为了更好地衡量,我指定了 TDS 协议版本 - 不确定这是否会产生差异:

connStr = "DRIVER={{FreeTDS}};SERVER={0};PORT=1433;TDS_Version=7.2;UID={1}\\{2};PWD={3}".format(hostname, active_directory_domain, username, password)

Microsoft 的 Linux 官方驱动程序似乎也支持集成身份验证:http://msdn .microsoft.com/en-us/library/hh568450.aspx。 我不确定它实际上可以在多少个 Linux 发行版上运行,或者有多少源代码可用。 他们在下载页面<明确提到了 RHEL 5 和 6 以及一些依赖项< /a>.

As of at least March 2013, this seems to work out of the box with FreeTDS. I specified the TDS protocol version for good measure--not sure if that makes the difference:

connStr = "DRIVER={{FreeTDS}};SERVER={0};PORT=1433;TDS_Version=7.2;UID={1}\\{2};PWD={3}".format(hostname, active_directory_domain, username, password)

Integrated authentication also appears to be supported in Microsoft's official driver for linux: http://msdn.microsoft.com/en-us/library/hh568450.aspx . I'm not sure how many Linux distributions it actually works on or how much of the source is available. They explicitly mention RHEL 5 and 6 and some dependencies on the download page.

红尘作伴 2024-07-20 08:48:43

正如其中一条评论所指出的,这个答案现在已经相当陈旧了。 我经常使用 GSSAPI 从 Linux 到 SQL Server 2008 R2 进行身份验证,但主要是使用 EasySoft ODBC 管理器和(商业)EasySoft ODBC SQL Server 驱动程序。

2009 年初,我和一位同事设法连接到一个来自 Solaris 10 的 SQL Server 2005 实例,使用 GSSAPI(Kerberos 凭据),使用 DBB::Perl 通过 FreeTDS 构建链接到特定版本的 MIT kerberos 库。 诀窍是——这有点难以置信,但我已经通过查看 FreeTDS 源代码验证了这一点——指定一个零长度用户名。 如果 user_name 字符串的长度为 0,则 FreeTDS 代码将尝试使用 GSSAPI(如果已编译该支持)。 我无法通过 Python 和 pyodbc 执行此操作,因为我无法找到让 ODBC 传递零长度用户名的方法。

在perl代码中..有很多机会破坏wrt配置文件,例如.freetds.conf等。我似乎记得主体必须是大写的,但我的笔记似乎不同意这一点。

$serverprincipal = 'MSSQLSvc/foo.bar.yourdomain.com:[email protected]';
$dbh = DBI->connect("dbi:Sybase:server=THESERVERNAME;kerberos=$serverprincipal", '', '');

您必须知道如何使用 setspn 实用程序才能使 SQL Server 服务器使用适当的安全主体名称。

我对 kerberos 方面没有任何了解,因为我们的环境是由一位彻头彻尾的 Kerberos 专家建立的,并且有一些奇特的东西,比如在运行 SQL Server 的 AD 域和运行 SQL Server 的 Kerberos 域之间建立相互信任。我的客户端正在运行。

有一些代码 http://code.google.com/p /libsqljdbc-auth/ 执行从 Linux 到 SQL Server 的 GSSAPI 身份验证,但它仅限于 Java。 该补丁适用于内置 GSSAPI 的最新版本的 Java。

作者(似乎很了解他的东西)也为 jTDS 项目贡献了一个类似的补丁, 让他们一起工作。 我发现 pyodbc 到 unixODBC 到 FreeTDS odbc 到 TDS 的集成很难跟踪/调试。 Perl 的东西因为它是 CT-Lib 之上的一个非常薄的包装,所以更容易使用。

As pointed out in one of the comments, this answer is quite stale by now. I regularly and routinely use GSSAPI to authenticate from Linux to SQL Server 2008 R2 but mostly with the EasySoft ODBC manager and the (commercial) EasySoft ODBC SQL Server driver.

In early 2009, a colleague and I managed to connect to a SQL Server 2005 instance from Solaris 10 using GSSAPI (Kerberos credentials) using DBB::Perl over a FreeTDS build linked against a particular version of the MIT kerberos libraries. The trick was -- and this is a little bit difficult to believe but I have verified it by looking through the FreeTDS source code -- to specify a zero-length user_name. If the length of the user_name string is 0 then the FreeTDS code will attempt to use GSSAPI (if that support has been compiled in). I have not been able to do this via Python and pyodbc as I could not figure out a way of getting ODBC to pass down a zero-length user_name.

Here in the perl code .. there are multiple opportunities for breakage wrt configuration files such as .freetds.conf etc. I seem to recall that the principal had to be in uppercase but my notes seem to be in disagreement with that.

$serverprincipal = 'MSSQLSvc/foo.bar.yourdomain.com:[email protected]';
$dbh = DBI->connect("dbi:Sybase:server=THESERVERNAME;kerberos=$serverprincipal", '', '');

You will have to know how to use the setspn utility in order to get the SQL Server server to use the appropriate security principal name.

I do not have any knowledge of the kerberos side of things because our environment was set up by an out and out Kerberos guru and has fancy stuff like mutual trust set up between the AD domain that the SQL Server is running in and the Kerberos domain that my client was running in.

There is some code http://code.google.com/p/libsqljdbc-auth/ which does GSSAPI authentication from Linux to SQL Server but it is Java only. The author (who seems to know his stuff) also has contributed a similar patch to the jTDS project which works with more recent versions of Java that have GSSAPI built in.

So the pieces are all there, it is just a big tangled mess trying to get them all to work together. I found the pyodbc to unixODBC to FreeTDS odbc to TDS integration pretty hard to trace/debug. The perl stuff because it was a pretty thin wrapper on top to CT-Lib was much easier to get going.

萌面超妹 2024-07-20 08:48:43

可能有点太晚了,无法帮助您 - 但我遇到了同样的问题。 在撰写本文时,最新版本的 pyodbc 允许我使用 Windows 凭据登录。 只需将连接字符串中的 UID 字段留空,如下所示:

cnxn = pyodbc.connect('DRIVER={SQL Server};SERVER=myserverinstance;DATABASE=mydatabase;UID=;PWD=mypassword')

现在,当您登录时,这是使用现有的 Windows 凭据...不确定如何指定任何 arb Windows 域凭据...

Probably a bit too late to help you out - but I encountered the same issue. At the time of writing, the latest version of pyodbc allows me to login with windows credentials. Just leave the UID field blank in your connection string like so:

cnxn = pyodbc.connect('DRIVER={SQL Server};SERVER=myserverinstance;DATABASE=mydatabase;UID=;PWD=mypassword')

Now this is using your existing windows credentials when you're logged on... not sure how to specify any arb windows domain credentials...

我不是你的备胎 2024-07-20 08:48:43

我已经有一段时间没有这样做了,但我记得整个 unixodbc + FreeTDS + pyodbc 的事情有点棘手。 不过,这是可以做到的,而且一旦设置好,就不那么难了。

该网站提供了非常好的说明:
http://www.pauldeden。 com/2008/12/how-to-setup-pyodbc-to-connect-to-mssql.html(Web Archive 上的存档副本)

另外,根据我的经验,pyodbc 在 64 位 Linux 计算机上编译/运行时存在问题。 因此我们最终使用了 ceODBC。 ceODBC 不像 pyodbc 那样稳定(在 python prorgram 中运行时遇到的意外错误比 pyodbc 更多),但它很容易在 Linux 64 位上启动和运行。

I haven't done it in a while, but I remember the whole unixodbc + FreeTDS + pyodbc thing being a little tricky. However, it can be done, and once setup it's not that hard.

This website provides very good instructions:
http://www.pauldeden.com/2008/12/how-to-setup-pyodbc-to-connect-to-mssql.html (archived copy on Web Archive)

Also, in my experience pyodbc had issues compiling/running on 64 bit Linux machines. Because of that we eventually used ceODBC. ceODBC isn't quite as stable as pyodbc (encountered more unexpected bugs than in pyodbc when running in python prorgram), but it is very easy to get up and running on Linux 64 bit.

只为守护你 2024-07-20 08:48:43

我不相信您能够通过这种方式登录 Windows 域帐户。 您需要直接在 sql 中设置用户才能以这种方式传递凭据。

I don't believe you'll be able to log in to a windows domain account in this way. You need to set up a user in sql directly for this manner of passing credentials.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文