Azure Data Studio不认识Macos Monterey的Kerberos票
我正在尝试连接到仅限于Windows身份验证的公司网络上的Microsoft SQL Server数据库。我已经配置了Kerberos,Kerberos确实成功发行了票,我可以验证该票证是否在售票员中有效。但是,当我尝试在Azure Data Studio中连接并选择“ Windows身份验证”时,我获得了消息“由于Kerberos错误导致连接失败”。
我的krb5.conf位于〜/etc/krb5.conf,我遵循配置指令在这里。
在连接到网络的Windows计算机上,当我运行setspn -l databasename时,我显示:
Registered ServicePrincipalNames for CN=DATABASENAME,OU=Servers,OU=Data Center,DC=companyname,DC=com:
MSServerClusterMgmtAPI/DATABASENAME
MSServerClusterMgmtAPI/DATABASENAME.companyname.com
WSMAN/DATABASENAME
WSMAN/DATABASENAME.companyname.com
TERMSRV/DATABASENAME
TERMSRV/DATABASENAME.companyname.com
RestrictedKrbHost/DATABASENAME
HOST/DATABASENAME
RestrictedKrbHost/DATABASENAME.companyname.com
HOST/DATABASENAME.companyname.com
当我运行nslookup -type = srv _kerberos.__tcp.companyname.com我显示:
Server: UnKnown
Address: xx.x.x.163
Non-authoritative answer:
_kerberos._tcp.companyname.com SRV service location:
priority = 0
weight = 100
port = 88
svr hostname = dcname01.companyname.com
_kerberos._tcp.companyname.com SRV service location:
priority = 0
weight = 100
port = 88
svr hostname = dcname02.companyname.com
_kerberos._tcp.companyname.com SRV service location:
priority = 0
weight = 100
port = 88
svr hostname = dcname03.companyname.com
_kerberos._tcp.companyname.com SRV service location:
priority = 0
weight = 100
port = 88
svr hostname = dcname04.companyname.com
dcname01.comapnyname.com internet address = xx.x.x.47
dcname02.companyname.com internet address = xx.x.x.8
dcname03.companyname.com internet address = xx.xx.x.11
dcname04.companyname.com internet address = xx.xx.x.10
我配置了我的krb5.conf文件的方式是:
[libdefaults]
default_realm = COMPANYNAME.COM
[realms]
COMPANYNAME.COM = {
kdc = dcname01.companyname.com
kdc = dcname02.companyname.com
kdc = dcname03.companyname.com
kdc = dcname04.companyname.com
}
我尝试了许多不同的krb5.conf配置,涉及以不同格式包含和省略不同的k/v对,但我尝试过的任何事情都没有使用。我还试图通过Homebrew重新安装KRB5。
我正在MacOS 12.3.1上使用Intel Mac。
什么会导致Azure Data Studio不承认我的Kerberos门票?
I am attempting to connect to a Microsoft SQL Server database on a corporate network that is limited to Windows Authentication. I have configured Kerberos and Kerberos does successfully issue a ticket and I can verify that the ticket is valid in Ticket Viewer. But when I attempt to connect in Azure Data Studio, and select "Windows Authentication", I am given the message "Connection Failed due to Kerberos Error".
My krb5.conf is located at ~/etc/krb5.conf and I have followed configuration instructions here.
On a Windows machine connected to the network, when I run setspn -L DATABASENAME I show:
Registered ServicePrincipalNames for CN=DATABASENAME,OU=Servers,OU=Data Center,DC=companyname,DC=com:
MSServerClusterMgmtAPI/DATABASENAME
MSServerClusterMgmtAPI/DATABASENAME.companyname.com
WSMAN/DATABASENAME
WSMAN/DATABASENAME.companyname.com
TERMSRV/DATABASENAME
TERMSRV/DATABASENAME.companyname.com
RestrictedKrbHost/DATABASENAME
HOST/DATABASENAME
RestrictedKrbHost/DATABASENAME.companyname.com
HOST/DATABASENAME.companyname.com
When I run nslookup -type=srv _kerberos._tcp.companyname.com I show:
Server: UnKnown
Address: xx.x.x.163
Non-authoritative answer:
_kerberos._tcp.companyname.com SRV service location:
priority = 0
weight = 100
port = 88
svr hostname = dcname01.companyname.com
_kerberos._tcp.companyname.com SRV service location:
priority = 0
weight = 100
port = 88
svr hostname = dcname02.companyname.com
_kerberos._tcp.companyname.com SRV service location:
priority = 0
weight = 100
port = 88
svr hostname = dcname03.companyname.com
_kerberos._tcp.companyname.com SRV service location:
priority = 0
weight = 100
port = 88
svr hostname = dcname04.companyname.com
dcname01.comapnyname.com internet address = xx.x.x.47
dcname02.companyname.com internet address = xx.x.x.8
dcname03.companyname.com internet address = xx.xx.x.11
dcname04.companyname.com internet address = xx.xx.x.10
The way I have my krb5.conf file configured is:
[libdefaults]
default_realm = COMPANYNAME.COM
[realms]
COMPANYNAME.COM = {
kdc = dcname01.companyname.com
kdc = dcname02.companyname.com
kdc = dcname03.companyname.com
kdc = dcname04.companyname.com
}
I have tried many different configurations for krb5.conf involving inclusion and omission of different k/v pairs in different formats but nothing I have tried has worked. I have also attempted to reinstall krb5 via homebrew.
I am using an Intel Mac on macOS 12.3.1.
What would be causing Azure Data Studio to not acknowledge my Kerberos Ticket?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要添加主机文件服务器IP地址和服务器的全名(带有exmaple的域“ sqlserver.yourdomain.com”)
you need to add in host file server ip address and server full name (with domain for exmaple "sqlserver.yourdomain.com")