sql-server-linux-active-directory-auth-overview.md

title	titleSuffix	description	author	ms.author	ms.reviewer	ms.date	ms.service	ms.subservice	ms.topic	ms.custom	helpviewer_keywords
Active Directory authentication for SQL Server on Linux	SQL Server	This article provides an overview of Active Directory Authentication for SQL Server on Linux.	amitkh-msft	amitkh	vanto, randolphwest	07/15/2024	sql	linux	conceptual	linux-related-content	Linux, AAD authentication

Active Directory authentication for SQL Server on Linux

[!INCLUDE SQL Server - Linux]

This article provides an overview of Active Directory authentication for [!INCLUDE ssNoVersion] on Linux. Active Directory authentication is also known as Integrated authentication in [!INCLUDE ssNoVersion].

Active Directory authentication overview

Active Directory authentication enables domain-joined clients on either Windows or Linux to authenticate to [!INCLUDE ssNoVersion] using their domain credentials and the Kerberos protocol.

Active Directory Authentication has the following advantages over [!INCLUDE ssNoVersion] Authentication:

• Users authenticate via single sign-on, without being prompted for a password.
• By creating logins for Active Directory groups, you can manage access and permissions in [!INCLUDE ssNoVersion] using Active Directory group memberships.
• Each user has a single identity across your organization, so you don't have to keep track of which [!INCLUDE ssNoVersion] logins correspond to which people.
• Active Directory enables you to enforce a centralized password policy across your organization.

Configuration steps

In order to use Active Directory authentication, you must have an Active Directory Domain Controller (Windows) on your network.

The details for how to configure Active Directory authentication are provided in the tutorial, Tutorial: Use Active Directory authentication with SQL Server on Linux. The following list provides a summary with a link to each section in the tutorial:

1. Join SQL Server on a Linux host to an Active Directory domain.
2. Create an Active Directory user for SQL Server and set the Service Principal Name.
3. Configure the SQL Server service keytab.
4. Secure the keytab file.
5. Configure SQL Server to use the keytab file for Kerberos authentication.
6. Create Active Directory-based SQL Server logins in Transact-SQL.
7. Connect to SQL Server using Active Directory authentication.

Known issues

• At this time, the only authentication method supported for database mirroring endpoint is CERTIFICATE. WINDOWS authentication method will be enabled in a future release.

• SQL Server on Linux doesn't support NTLM protocol for remote connections. Local connection might work using NTLM.

Related content

• Tutorial: Use Active Directory authentication with SQL Server on Linux
• Understand Active Directory authentication for SQL Server on Linux and containers
• Troubleshoot Active Directory authentication for SQL Server on Linux and containers