You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<Token>**THIS TOPIC APPLIES TO:**SQL Server on WindowsSQL Server on LinuxAzure SQL DatabaseAzure SQL Data WarehouseParallel Data Warehouse </Token>
1
+
<Token>**THIS TOPIC APPLIES TO:**SQL Server on WindowsSQL Server on LinuxAzure SQL DatabaseAzure SQL Data WarehouseParallel Data Warehouse </Token>
In this quick start tutorial, you use Docker to pull and run the SQL Server 2017 RC2 container image, [mssql-server-linux](https://hub.docker.com/r/microsoft/mssql-server-linux/). Then connect with **sqlcmd** to create your first database and run queries.
In this quick start tutorial, you first install SQL Server 2017 RC2 on Red Hat Enterprise Linux (RHEL) 7.3. Then connect with **sqlcmd** to create your first database and run queries.
In this quick start tutorial, you first install SQL Server 2017 RC2 on SUSE Linux Enterprise Server (SLES) v12 SP2. Then connect with **sqlcmd** to create your first database and run queries.
In this quick start tutorial, you first install SQL Server 2017 RC2 on Ubuntu 16.04. Then connect with **sqlcmd** to create your first database and run queries.
This sample Bash script installs SQL Server 2017 RC2 on Red Hat Enterprise Linux (RHEL) without interactive input. It provides examples of installing the database engine, the SQL Server command-line tools, SQL Server Agent, and performs post-install steps. You can optionally install full-text search and create an administrative user.
This sample Bash script installs SQL Server 2017 RC2 on SUSE Linux Enterprise Server (SLES) v12 SP2 without interactive input. It provides examples of installing the database engine, the SQL Server command-line tools, SQL Server Agent, and performs post-install steps. You can optionally install full-text search and create an administrative user.
This sample Bash script installs SQL Server 2017 RC2 on Ubuntu 16.04 without interactive input. It provides examples of installing the database engine, the SQL Server command-line tools, SQL Server Agent, and performs post-install steps. You can optionally install full-text search and create an administrative user.
This document explains how to configure [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] on Linux to support Active Directory (AD) authentication, also known as integrated authentication. AD Authentication enables domain-joined clients on either Windows or Linux to authenticate to [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] using their domain credentials and the Kerberos protocol.
18
+
This document explains how to configure [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] on Linux to support Active Directory (AD) authentication, also known as integrated authentication. AD Authentication enables domain-joined clients on either Windows or Linux to authenticate to [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] using their domain credentials and the Kerberos protocol.
19
19
20
-
AD Authentication has the following advantages over [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] Authentication:
20
+
AD Authentication has the following advantages over [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] Authentication:
21
21
22
22
* Users authenticate via single sign-on, without being prompted for a password.
23
-
* By creating logins for AD groups, you can manage access and permissions in [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] using AD group memberships.
24
-
* Each user has a single identity across your organization, so you don’t have to keep track of which [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] logins correspond to which people.
23
+
* By creating logins for AD groups, you can manage access and permissions in [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] using AD group memberships.
24
+
* Each user has a single identity across your organization, so you don’t have to keep track of which [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] logins correspond to which people.
25
25
* AD enables you to enforce a centralized password policy across your organization.
26
26
27
27
## Prerequisites
28
28
29
29
Before you configure AD Authentication, you need to:
30
30
31
31
* Set up an AD Domain Controller (Windows) on your network
*[Red Hat Enterprise Linux](quickstart-install-connect-red-hat.md)
34
34
*[SUSE Linux Enterprise Server](quickstart-install-connect-suse.md)
35
35
*[Ubuntu](quickstart-install-connect-ubuntu.md)
36
36
37
37
> [!IMPORTANT]
38
38
> At this time, the only authentication method supported for database mirroring endpoint is CERTIFICATE. WINDOWS authentication method will be enabled in a future release.
39
39
40
-
## Step 1: Join [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] host to AD domain
40
+
## Step 1: Join [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] host to AD domain
41
41
42
-
Numerous tools exist to help you join the [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] host machine to your AD domain. This walkthrough uses **[realmd](https://www.freedesktop.org/software/realmd/docs/guide-active-directory-join.html)**, a popular open source package. If you haven't already, install both the realmd and Kerberos client packages on the [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] host machine using your Linux distribution's package manager:
42
+
Numerous tools exist to help you join the [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] host machine to your AD domain. This walkthrough uses **[realmd](https://www.freedesktop.org/software/realmd/docs/guide-active-directory-join.html)**, a popular open source package. If you haven't already, install both the realmd and Kerberos client packages on the [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] host machine using your Linux distribution's package manager:
43
43
44
44
```bash
45
45
# RHEL
@@ -57,13 +57,13 @@ If the Kerberos client package installation prompts you for a realm name, enter
57
57
> [!NOTE]
58
58
> This walkthrough uses "contoso.com" and "CONTOSO.COM" as example domain and realm names, respectively. You should replace these with your own values. These commands are case-sensitive, so make sure you use uppercase wherever it is used in this walkthrough.
59
59
60
-
Run the following command to verify that the [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] host machine is configured to use the AD domain controller for as a DNS nameserver:
60
+
Run the following command to verify that the [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] host machine is configured to use the AD domain controller for as a DNS nameserver:
61
61
62
62
```bash
63
63
sudo realm discover contoso.com -v
64
64
```
65
65
66
-
If your domain is not found, you need to configure your [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] host machine to use your AD domain controller's IP address as a DNS nameserver. The specific steps to do this depend on your network device configuration, domain configuration, and Linux distribution. Here are some example approaches.
66
+
If your domain is not found, you need to configure your [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] host machine to use your AD domain controller's IP address as a DNS nameserver. The specific steps to do this depend on your network device configuration, domain configuration, and Linux distribution. Here are some example approaches.
For more information, see the Red Hat documentation for [Discovering and Joining Identity Domains](https://access.redhat.com/documentation/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/realmd-domain.html).
158
158
159
-
## Step 2: Create AD user for [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] and set SPN
159
+
## Step 2: Create AD user for [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] and set SPN
160
160
161
161
> [!NOTE]
162
162
> In the next steps we will use your [fully qualified domain name](https://en.wikipedia.org/wiki/Fully_qualified_domain_name). If you are on **Azure**, you will have to **[create one](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/portal-create-fqdn)** before you proceed.
> It is a security best practice to have a dedicated AD account for SQL Server, so that SQL Server's credentials aren't shared with other services using the same account. However, you can reuse an existing AD account if you prefer, if you know the account's password (required to generate a keytab file in the next step).
174
174
175
-
Now set the ServicePrincipalName (SPN) for this account using the `setspn.exe` tool. The SPN must be formatted exactly as specified in the following example: You can find the fully qualified domain name of the [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] host machine by running `hostname --all-fqdns` on the [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] host, and the TCP port should be 1433 unless you have configured [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] to use a different port number.
175
+
Now set the ServicePrincipalName (SPN) for this account using the `setspn.exe` tool. The SPN must be formatted exactly as specified in the following example: You can find the fully qualified domain name of the [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] host machine by running `hostname --all-fqdns` on the [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] host, and the TCP port should be 1433 unless you have configured [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] to use a different port number.
176
176
177
177
```PowerShell
178
178
setspn -A MSSQLSvc/**<fully qualified domain name of host machine>**:**<tcp port>** mssql
@@ -185,9 +185,9 @@ setspn -A MSSQLSvc/**<fully qualified domain name of host machine>**:**<tcp port
185
185
186
186
For more information, see [Register a Service Principal Name for Kerberos Connections](../database-engine/configure-windows/register-a-service-principal-name-for-kerberos-connections.md).
187
187
188
-
## Step 3: Configure [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] service keytab
188
+
## Step 3: Configure [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] service keytab
189
189
190
-
First, check the Key Version Number (kvno) for the AD account created in the previous step. Usually it will be 2, but it could be another integer if you changed the account's password multiple times. On the [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] host machine, run the following:
190
+
First, check the Key Version Number (kvno) for the AD account created in the previous step. Usually it will be 2, but it could be another integer if you changed the account's password multiple times. On the [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] host machine, run the following:
191
191
192
192
```bash
193
193
kinit user@CONTOSO.COM
@@ -212,14 +212,14 @@ quit
212
212
> [!NOTE]
213
213
> The ktutil tool does not validate the password, so make sure you enter it correctly.
214
214
215
-
Anyone with access to this `keytab` file can impersonate [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] on the domain, so make sure you restrict access to the file such that only the `mssql` account has read access:
215
+
Anyone with access to this `keytab` file can impersonate [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] on the domain, so make sure you restrict access to the file such that only the `mssql` account has read access:
Connect to [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] and create a new, AD-based login:
231
+
Connect to [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] and create a new, AD-based login:
232
232
233
233
```sql
234
234
CREATE LOGIN [CONTOSO\user] FROM WINDOWS;
@@ -240,9 +240,9 @@ Verify that the login is now listed in the [sys.server_principals](../relational
240
240
SELECT name FROMsys.server_principals;
241
241
```
242
242
243
-
## Step 5: Connect to [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] using AD Authentication
243
+
## Step 5: Connect to [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] using AD Authentication
244
244
245
-
Log in to a client machine using your domain credentials. Now you can connect to [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] without reentering your password, by using AD Authentication. If you create a login for an AD group, any AD user who is a member of that group can connect in the same way.
245
+
Log in to a client machine using your domain credentials. Now you can connect to [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] without reentering your password, by using AD Authentication. If you create a login for an AD group, any AD user who is a member of that group can connect in the same way.
246
246
247
247
The specific connection string parameter for clients to use AD Authentication depends on which driver you are using. A few examples are below.
248
248
@@ -264,7 +264,7 @@ sqlcmd -S mssql.contoso.com
264
264
265
265
### Example 2: SSMS on a domain-joined Windows client
266
266
267
-
Log in to a domain-joined Windows client using your domain credentials. Make sure [!INCLUDE[ssmanstudiofull-md](../../docs/includes/ssmanstudiofull-md.md)] is installed, then connect to your [!INCLUDE[ssNoVersion](../../docs/includes/ssnoversion-md.md)] instance by specifying **Windows Authentication** in the **Connect to Server** dialog.
267
+
Log in to a domain-joined Windows client using your domain credentials. Make sure [!INCLUDE[ssmanstudiofull-md](../includes/ssmanstudiofull-md.md)] is installed, then connect to your [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] instance by specifying **Windows Authentication** in the **Connect to Server** dialog.
This document explains how to create a three-node availability group cluster for SQL Server on Red Hat Enterprise Linux. For high availability, an availability group on Linux requires three nodes - see [High availability and data protection for availability group configurations](sql-server-linux-availability-group-ha.md). The clustering layer is based on Red Hat Enterprise Linux (RHEL) [HA add-on](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/High_Availability_Add-On_Overview/Red_Hat_Enterprise_Linux-6-High_Availability_Add-On_Overview-en-US.pdf) built on top of [Pacemaker](http://clusterlabs.org/).
0 commit comments