Add support for Kerberos/Active Directory/"windows" authentication

[EdiDD]

How to use windows authentication? Will assigning linux host to windows domain be enough for container to work with domain user authentication ? What can i do to achieve this ? I have windows server 2012 as active directory domain controller and debian 9 for docker.

[wsaeed]

Here is my scenario, need some help configuring AD authentication for SQL Server

Host Machine: Windows - Domain Joined SQL Server: SQL 2019 image running on Ubuntu container

How do I enable AD authentication for SQL Server?

[akazakov]

@wsaeed you need a few things

1. Correct krb5.conf file inside the container. To verify that it is correct check that using kinit, you should be able to get tickets.
2. create a sql user in AD. Make a key tab and put it into container. Set principal name and path to the key tab in your mssql.conf. I recommend using “no sssd” option, because it is much simpler and has less moving parts. (See mssql Linux docs how to do that)
3. Create a SPN in AD associated with the sql user. You should be able to get a ticket for the mssqlsvc, you can check that using kvno tool. You will need a stable dns address, so either a load balancer or you always run it on the same host, because spn is pointing to a specific host name.

This is it.