Skip to main content

Connecting to SQL Server with jTDS using Windows Authentication

UPDATE:  At one point the tip in this article to set the USENTLV2 flag to true was accurate, but it appears it is no longer necessary, at least as far as DBeaver's use of the driver is concerned.  If it solves an authentication problem, then great.  The expectation is that, an update in one of the packages that make this sort of connection possible has resolved the issue that at one time made this flag necessary.


Connecting to Microsoft SQL Server using jTDS with a username and password that's managed by the database manager is pretty straightforward.  It may become a little more problematic however, when trying to use Windows authentication when connecting from a Windows machine.

  1. Do not supply a username and password.
  2. Set the USENTLMV2 property to true.

NOTE:  Step 1 assumes a connection being made from a Windows machine.  If the connection is being made from something else, user credentials may actually be necessary.

If the connection is being set up using DBeaver, the USENTLMV2 property is set on the Advanced tab of the connection properties dialog.

If connecting is made using a connection string, the format is as follows.

jdbc:jtds:<server_type>://<server>[:<port>][/<database>][;<property>=<value>[;...]]

An example might be:

jdbc:jtds:sqlserver://dbserver.domain.tld:1433/ApplicationDB;USENTLMV2=true
Labels:

Comments

  1. UnknownJuly 16, 2015 at 9:50 AM

    I use DBeaver on Linux to connect to an MS SQL Server and your post almost solved my problem. On Linux you have to set DOMAIN, USER and PASSWORD in addition to USENTLMV2=true. Now it works :)

    Thanks!

    ReplyDelete
    Replies
    1. Scott OrsburnJuly 16, 2015 at 2:28 PM

      Excellent! I'm glad that you got it working. It's true that this tip takes a bias towards Windows environments.

      Delete
  2. RajeJanuary 19, 2017 at 6:08 AM

    Hi,
    I am trying to connect MS SQL from Unix machine through JAVA code but its not working as DB us authiencation is based on windows active directory login, please guide me how to connect it

    ReplyDelete
    Replies
    1. UnknownJune 2, 2017 at 10:27 AM

      are you able to connect now? if yes please suggest me how to connect

      Delete
  3. Scott OrsburnJanuary 19, 2017 at 10:13 AM

    I have not used this in a Unix and Java environment, so it's difficult for me to determine. I'd imagine however, that Windows Authentication won't work with this setup.

    Unless I miss my guess, there are APIs in Windows that allow authentication without explicitly passing credentials.

    In an earlier comment, Sebastian Stammler indicated that he had success by specifying the domain, user, and password. It seems likely that this is because Windows Authentication has no meaning on non-Windows systems.

    I hope you can get it working.

    ReplyDelete
  4. UnknownJune 2, 2017 at 10:26 AM

    hi,
    I am not able to connect from UNIX to Remote SQL server database.jdbc:jtds:sqlserver://testserver.domainname:1433/MYDBNAME;instance=test;USENTLMV2=true"

    please suggest me ... what i am doing wrong

    ReplyDelete
    Replies
    1. Scott OrsburnJune 2, 2017 at 11:01 AM

      The first comment indicated some success by setting the DOMAIN, USER, and PASSWORD properties in addition to the USENTLMV2 setting. However, this sort of defeats the point of Windows authentication since it's supposed to pull the credentials from the system itself.

      It's not surprising that it doesn't work on non-Windows systems, but I haven't done any research to see if jTDS is smart enough to pull Unix user credentials and pass them along to the database.

      I have used DBeaver with the jTDS driver on Ubuntu to connect to SQL Server, but it's like Sebastian said, you need to provide all three bits (domain, user, password, and the usentlmv2).

      Delete

Post a Comment

Popular posts from this blog

Skype Now Supports Emergency Calls In the US

With the latest round of updates to Skype , it was noticed today that the instant messaging and VoIP phone service now supports emergency calling in the United States. The release notes for the most recent update to the Android version of Skype indicated that the service now allows calls to be made to US emergency calling systems via 911.  Telephony services like Skype, Google Voice , and Vonage typically don't offer this emergency calling ability without some sort of intermediate step like deferring to the phone's default dialer, as is the case with Voice, or setting up a physical address location ahead of time which is how Vonage handles it. The indication is that Skype will handle the 911 calls natively, but when verifying with an account that does not have a Skype phone number assigned to it, it was found that the instructions in the FAQ explaining how to turn on emergency calling are not accurate. Emergency calling support in Skype for the United States Interestingly, th...
Post a Comment
Read more

Allow Windows authentication using SQL Server driver with DBeaver

DBeaver will allow Microsoft Windows single sign on access when connecting to Microsoft SQL Server using the SQL Server driver (rather than jTDS ).  From the driver properties settings, set the integratedSecurity flag to true . Open the Connection configuration panel and choose the Driver properties section. Set the integratedSecurity flag to true . A subtle, but important step is to not provide username and password credentials to the connection.
7 comments
Read more

Chrome Itself Logs Into Google When Logged Into Company's Services

Google has taken the liberty of logging Chrome into the user's account whenever logged in to any Google service. Some time ago, Google introduced the ability to have its browser, Chrome, log into the user's Google account whenever the user authenticated for any Google service.  That is, log in to Google Docs, for example, and the browser would be logged in as well. The pitch was that this relationship between being logged in to a service and the browser also being logged in, can help mitigate confusion when a user logs out of a Google service but fails to realize the browser is still logged in.  The mystery can be eliminated if the browser keeps the two in the same state automatically. There is the added benefit that the browser would be better able to synchronize the user experience across each browser that was also logged into the user's account. For example, Chrome on a mobile device could have access to the history from Chrome on a laptop. The idea is not nove...
Post a Comment
Read more