| title | Active Directory authentication for SQL Server on Linux | |
|---|---|---|
| titleSuffix | SQL Server | |
| description | This article provides an overview of Active Directory Authentication for SQL Server on Linux. | |
| author | amitkh-msft | |
| ms.author | amitkh | |
| ms.reviewer | vanto, randolphwest | |
| ms.date | 09/27/2022 | |
| ms.service | sql | |
| ms.subservice | linux | |
| ms.topic | conceptual | |
| helpviewer_keywords |
|
[!INCLUDE SQL Server - Linux]
This article provides an overview of Active Directory authentication for [!INCLUDEssNoVersion] on Linux. Active Directory authentication is also known as Integrated authentication in [!INCLUDEssNoVersion].
Active Directory authentication enables domain-joined clients on either Windows or Linux to authenticate to [!INCLUDEssNoVersion] using their domain credentials and the Kerberos protocol.
Active Directory Authentication has the following advantages over [!INCLUDEssNoVersion] Authentication:
- Users authenticate via single sign-on, without being prompted for a password.
- By creating logins for Active Directory groups, you can manage access and permissions in [!INCLUDEssNoVersion] using Active Directory group memberships.
- Each user has a single identity across your organization, so you don't have to keep track of which [!INCLUDEssNoVersion] logins correspond to which people.
- Active Directory enables you to enforce a centralized password policy across your organization.
In order to use Active Directory authentication, you must have an Active Directory Domain Controller (Windows) on your network.
The details for how to configure Active Directory authentication are provided in the tutorial, Tutorial: Use Active Directory authentication with SQL Server on Linux. The following list provides a summary with a link to each section in the tutorial:
- Join a SQL Server host to an Active Directory domain.
- Create an Active Directory user for SQL Server and set the Service Principal Name.
- Configure the SQL Server service keytab.
- Secure the keytab file.
- Configure SQL Server to use the keytab file for Kerberos authentication.
- Create Active Directory-based SQL Server logins in Transact-SQL.
- Connect to SQL Server using Active Directory authentication.
- At this time, the only authentication method supported for database mirroring endpoint is
CERTIFICATE.WINDOWSauthentication method will be enabled in a future release. - SQL Server on Linux does not support NTLM protocol for remote connections. Local connection may work using NTLM.