mssql docker with Active Directory authentication & sssd

[ArminRadmueller]

Hi @amvin87
I have installed mssql in a docker and configured it with active directory using the following documentation:
https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-containers-ad-auth-adutil-tutorial?view=sql-server-ver15
https://www.youtube.com/watch?v=A0mn9928N48

I have noticed that the following volumes need to be mounted, otherwise AD authentication does not work.

--volume=/etc/sssd/:/etc/sssd/:ro
--volume=/var/lib/sss/pipes/:/var/lib/sss/pipes/:rw

also "disablesssd = true" in the mssql.conf file does not seem to bring any changes or rather must be "false" in my case.

I use the image "mcr.microsoft.com/mssql/server:2019-CU12-ubuntu-20.04" and as Docker host Debian 11.

Could this be a bug?

P.S.: I have also read the issue nr. #165 but have not found a solution for myself.

[amvin87-zz]

Hi Armin, This does not look right. Krb5.conf, mssql.conf with details of keytab and the aduser and the keytab user is good enough for AD auth to work. Where you deploying SQL Server containers on a host running in cloud? if that is the case you need to ensure that you deploy SQL Server containers with the correct dns server and add host entries using the ---add-host commands as shown here:

sudo docker run -e "ACCEPT_EULA=Y" -e "SA_PASSWORD=P@ssw0rd" -p 5433:1433 --name sql1
-v /container/sql1:/var/opt/mssql/
-v /container/sql1/krb5.conf:/etc/krb5.conf
--dns-search contoso.com
--dns 10.0.0.4
--add-host adVM.contoso.com:10.0.0.4
--add-host contoso.com:10.0.0.4
--add-host contoso:10.0.0.4
-d mcr.microsoft.com/mssql/server:2019-latest

[ArminRadmueller]

Hi @amvin87
the SQL Server container runs onpremise on a Debian 11 VM and I followed your instructions in the documentation exactly...

I run the container with:

docker run \
       -e 'SA_PASSWORD=P@ssw0rd' \
       -e 'ACCEPT_EULA=Y' \
       -e 'TZ=Europe/Rome' \
       -e 'MSSQL_PID=Standard' \
       -e 'MSSQL_AGENT_ENABLED=True' \
       -p 1433:1433 \
       --name sql-mgmt-bz01 \
       -h sql-mgmt-bz01.CONTOSO.COM \
       --restart always \
       -v /opt/mssql/backup/CONTOSO:/var/opt/mssql/backup \
       -v /opt/mssql/data/CONTOSO/database:/var/opt/mssql/data \
       -v /opt/mssql/data/CONTOSO/logs:/var/opt/mssql/log \
       -v /opt/mssql/data/CONTOSO/secrets:/var/opt/mssql/secrets \
       -v /opt/mssql/data/CONTOSO/krb5.conf:/etc/krb5.conf \
       -v /opt/mssql/data/CONTOSO/mssql.conf:/var/opt/mssql/mssql.conf \
       -d mcr.microsoft.com/mssql/server:2019-CU12-ubuntu-20.04

krb5.conf:

[libdefaults]
default_realm = CONTOSO.COM
udp_preference_limit = 0

[realms]
 CONTOSO.COM = {
     kdc = srvdc01.contoso.com
     admin_server = srvdc01.contoso.com
     default_domain = CONTOSO.COM
 }

[domain_realm]
 .contoso.com = CONTOSO.COM
 contoso.com = CONTOSO.COM
 .CONTOSO = CONTOSO.COM
 CONTOSO = CONTOSO.COM

mssql.conf

[network]
privilegedadaccount = svc-sql-mgmt
kerberoskeytabfile = /var/opt/mssql/secrets/domain-key

[ArminRadmueller]

can anyone help me or does anyone have the same problem?

[amvin87-zz]

for futher troubleshooting could you open a support ticket with Microsoft support to investigate this further.