Skip to main content

Connecting to SQL Server with jTDS using Windows Authentication

UPDATE:  At one point the tip in this article to set the USENTLV2 flag to true was accurate, but it appears it is no longer necessary, at least as far as DBeaver's use of the driver is concerned.  If it solves an authentication problem, then great.  The expectation is that, an update in one of the packages that make this sort of connection possible has resolved the issue that at one time made this flag necessary.


Connecting to Microsoft SQL Server using jTDS with a username and password that's managed by the database manager is pretty straightforward.  It may become a little more problematic however, when trying to use Windows authentication when connecting from a Windows machine.

  1. Do not supply a username and password.
  2. Set the USENTLMV2 property to true.

NOTE:  Step 1 assumes a connection being made from a Windows machine.  If the connection is being made from something else, user credentials may actually be necessary.

If the connection is being set up using DBeaver, the USENTLMV2 property is set on the Advanced tab of the connection properties dialog.

If connecting is made using a connection string, the format is as follows.

jdbc:jtds:<server_type>://<server>[:<port>][/<database>][;<property>=<value>[;...]]

An example might be:

jdbc:jtds:sqlserver://dbserver.domain.tld:1433/ApplicationDB;USENTLMV2=true
Labels:

Comments

  1. UnknownJuly 16, 2015 at 9:50 AM

    I use DBeaver on Linux to connect to an MS SQL Server and your post almost solved my problem. On Linux you have to set DOMAIN, USER and PASSWORD in addition to USENTLMV2=true. Now it works :)

    Thanks!

    ReplyDelete
    Replies
    1. Scott OrsburnJuly 16, 2015 at 2:28 PM

      Excellent! I'm glad that you got it working. It's true that this tip takes a bias towards Windows environments.

      Delete
  2. RajeJanuary 19, 2017 at 6:08 AM

    Hi,
    I am trying to connect MS SQL from Unix machine through JAVA code but its not working as DB us authiencation is based on windows active directory login, please guide me how to connect it

    ReplyDelete
    Replies
    1. UnknownJune 2, 2017 at 10:27 AM

      are you able to connect now? if yes please suggest me how to connect

      Delete
  3. Scott OrsburnJanuary 19, 2017 at 10:13 AM

    I have not used this in a Unix and Java environment, so it's difficult for me to determine. I'd imagine however, that Windows Authentication won't work with this setup.

    Unless I miss my guess, there are APIs in Windows that allow authentication without explicitly passing credentials.

    In an earlier comment, Sebastian Stammler indicated that he had success by specifying the domain, user, and password. It seems likely that this is because Windows Authentication has no meaning on non-Windows systems.

    I hope you can get it working.

    ReplyDelete
  4. UnknownJune 2, 2017 at 10:26 AM

    hi,
    I am not able to connect from UNIX to Remote SQL server database.jdbc:jtds:sqlserver://testserver.domainname:1433/MYDBNAME;instance=test;USENTLMV2=true"

    please suggest me ... what i am doing wrong

    ReplyDelete
    Replies
    1. Scott OrsburnJune 2, 2017 at 11:01 AM

      The first comment indicated some success by setting the DOMAIN, USER, and PASSWORD properties in addition to the USENTLMV2 setting. However, this sort of defeats the point of Windows authentication since it's supposed to pull the credentials from the system itself.

      It's not surprising that it doesn't work on non-Windows systems, but I haven't done any research to see if jTDS is smart enough to pull Unix user credentials and pass them along to the database.

      I have used DBeaver with the jTDS driver on Ubuntu to connect to SQL Server, but it's like Sebastian said, you need to provide all three bits (domain, user, password, and the usentlmv2).

      Delete

Post a Comment

Popular posts from this blog

Skype Now Supports Emergency Calls In the US

With the latest round of updates to Skype , it was noticed today that the instant messaging and VoIP phone service now supports emergency calling in the United States. The release notes for the most recent update to the Android version of Skype indicated that the service now allows calls to be made to US emergency calling systems via 911.  Telephony services like Skype, Google Voice , and Vonage typically don't offer this emergency calling ability without some sort of intermediate step like deferring to the phone's default dialer, as is the case with Voice, or setting up a physical address location ahead of time which is how Vonage handles it. The indication is that Skype will handle the 911 calls natively, but when verifying with an account that does not have a Skype phone number assigned to it, it was found that the instructions in the FAQ explaining how to turn on emergency calling are not accurate. Emergency calling support in Skype for the United States Interestingly, th...
Post a Comment
Read more

Allow Windows authentication using SQL Server driver with DBeaver

DBeaver will allow Microsoft Windows single sign on access when connecting to Microsoft SQL Server using the SQL Server driver (rather than jTDS ).  From the driver properties settings, set the integratedSecurity flag to true . Open the Connection configuration panel and choose the Driver properties section. Set the integratedSecurity flag to true . A subtle, but important step is to not provide username and password credentials to the connection.
7 comments
Read more

Edit CUPS Configuration File To Re-assign Network Address

The printers.conf file can be edited to change the network address a printer uses.  This can be useful to fix situations in which the printer in question has a new IP address, but the local system is trying to use the previous address. Shutdown the CUPS server Change the network address Restart the CUPS server sudo systemctl stop cups sudo nano /etc/cups/printers.conf sudo systemctl start cups NOTE The editor used in the example is nano for the sake of those who may be less comfortable in the command-line.  With nano, once the change has been made, use Control + O to save the changes, and then Control + X to quit the editor. Ideally, this process would not be necessary.  Instead, once a printer is added, it will always be reachable at the address it was assigned when it was added to the system.  In practice, things like power outages, or breaks in network connectivity, may be enough for the DHCP server to issue a new IP address. A tip when making the address cha...
Post a Comment
Read more