Connecting to SQL with user authenticated by Active Directory

[yatesco]

Hi, this is almost certainly a "I'm not using the wrong syntax", but I can't get this working.

I have:

• an Active Domain Controller with a 'bobby' User
• a machine in the domain with MSSQL installed and only Windows Authentication
• MSSQL has tcpip enabled and restarted
• MSSQL machine has port 1433 open for all networks
• the domain user is added to MSSQL and can successfully login (running Management Studio as bobby)

I can't, however, get Tiberius to authenticate from a macOS machine using the ADO string functionality. It works fine for SQL authenticated users on other MSSQL installations, just not this combination, which fails with Server(TokenError { code: 18456, state: 1, class: 14, message: "Login failed for user 'bobby'.", server: "SQL2022", procedure: "", line: 1 }). NOTE: it's communicating with the server as it has resolved the hostname (there is no DNS set up for this).

I've tried randomly typing things such as the following, but all to no avail:

async fn hard_coded() {
    let names = [
        "MYDOMAIN\\bobby",
        "MYDOMAIN/bobby",
        "bobby",
    ];

    for name in names {
        let s = format!("server=1.2.3.4,1433;database=abc;UID={name};PWD=MyPassword;TrustServerCertificate=true;IntegratedSecurity=true;");
        println!("hardcoded: {}", s);
        let config = Config::from_ado_string(&s).unwrap();
        let tcp = TcpStream::connect(config.get_addr()).await.unwrap();
        tcp.set_nodelay(true).unwrap();
        let r = Client::connect(config, tcp.compat_write()).await;
        println!("{} worked: {}", name, r.is_ok());
        r.unwrap();
    }
}

Tiberius is defined in Cargo.toml as: tiberius = { version = "0.12", default-features = false, features = ["chrono", "tokio", "rustls"] }

Any help is gratefully appreciated.

[yatesco]

Progress.

Building this on windows with winauth works with the PWD included (but still fails on macOS).

If I take the PWD out of the string (which I should) then It fails on windows with The login is from an untrusted domain and cannot be used with Integrated authentication. This seems to be a red herring, so down the "why is Microsoft stuff so painful to work with!" rabbit hole.

[yatesco]

So progress - removing the username works, and uses the currently logged in user. So, with SQL Server configured just for Windows Server:

• username and password works
• no username works
• just a username doesn't work

Lesson: don't believe people who tell you that just a username will work ;-)