title | titleSuffix | description | author | ms.author | ms.reviewer | ms.date | ms.service | ms.subservice | ms.topic | ms.custom | helpviewer_keywords | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Active Directory authentication for SQL Server on Linux |
SQL Server |
This article provides an overview of Active Directory Authentication for SQL Server on Linux. |
amitkh-msft |
amitkh |
vanto, randolphwest |
07/15/2024 |
sql |
linux |
conceptual |
|
|
[!INCLUDE SQL Server - Linux]
This article provides an overview of Active Directory authentication for [!INCLUDE ssNoVersion] on Linux. Active Directory authentication is also known as Integrated authentication in [!INCLUDE ssNoVersion].
Active Directory authentication enables domain-joined clients on either Windows or Linux to authenticate to [!INCLUDE ssNoVersion] using their domain credentials and the Kerberos protocol.
Active Directory Authentication has the following advantages over [!INCLUDE ssNoVersion] Authentication:
- Users authenticate via single sign-on, without being prompted for a password.
- By creating logins for Active Directory groups, you can manage access and permissions in [!INCLUDE ssNoVersion] using Active Directory group memberships.
- Each user has a single identity across your organization, so you don't have to keep track of which [!INCLUDE ssNoVersion] logins correspond to which people.
- Active Directory enables you to enforce a centralized password policy across your organization.
In order to use Active Directory authentication, you must have an Active Directory Domain Controller (Windows) on your network.
The details for how to configure Active Directory authentication are provided in the tutorial, Tutorial: Use Active Directory authentication with SQL Server on Linux. The following list provides a summary with a link to each section in the tutorial:
- Join SQL Server on a Linux host to an Active Directory domain.
- Create an Active Directory user for SQL Server and set the Service Principal Name.
- Configure the SQL Server service keytab.
- Secure the keytab file.
- Configure SQL Server to use the keytab file for Kerberos authentication.
- Create Active Directory-based SQL Server logins in Transact-SQL.
- Connect to SQL Server using Active Directory authentication.
-
At this time, the only authentication method supported for database mirroring endpoint is
CERTIFICATE
.WINDOWS
authentication method will be enabled in a future release. -
SQL Server on Linux doesn't support NTLM protocol for remote connections. Local connection might work using NTLM.