I have Debian instance with ODBC Driver 18, and I'm trying to connect to windows-based SQL instance. For this I get credential cache using credentials fetcher. klist shows that cache is present on my debian machine:
Ticket cache: FILE:/var/credentials-fetcher/krbdir/{uid}/gmsa-test/krb5cc
Default principal: [email protected]
Valid starting Expires Service principal
10/02/23 11:00:00 10/02/23 21:00:00 krbtgt/[email protected]
I'm using gMSA gmsa-test, and my machine name (it's not on domain) is also gmsa-test. I filled out file odbc.ini:
[MyDB]
Driver = ODBC Driver 18 for SQL Server
Server = tcp:intdb.contoso.com
Port = 1433
Trusted_Connection = Yes
Now, when I try to access the database using integrated authentication, I expect to see authorization using the existing cache, but instead I get an error:
sqlcmd -E -S MyDB
Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : Login timeout expired.
Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : TCP Provider: Error code 0x2AFA.
Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : A network-related or instance-specific error has occured while establishing a connection to MyDB. Server is not found or not accessible. Check if instance name is correct and if SQL server is configured to allow remote connections.
This looks incredible as server intdb.contoso.com successfully pings and telnets to port 1433.
Any ideas what this could mean?
When Trusted_Connection is set to Yes, it means that the connection will be made using Windows Integrated Security, which includes Kerberos or NTLM authentication. However, if the SQL Server is configured to require encrypted connections (SSL), and the client doesn't have the necessary certificate to establish a secure connection, the connection could fail.