sqlcmd
https://learn.microsoft.com/zh-cn/sql/tools/sqlcmd/sqlcmd-connect-database-engine?view=sql-server-ver16
sqlcmd -S指定的數據庫連接字符串必須有對應的有效的SPN信息,否則會報錯SSPI Provider: Server not found in Kerberos database.
正常連接
1、tcp:hostname,port
/opt/mssql-tools18/bin/sqlcmd -S tcp:dbdev1,1433 -N true -C -Q "select top 1 name from sys.databases"
/opt/mssql-tools18/bin/sqlcmd -S tcp:stagingdb1,63061 -N true -C -Q "select top 1 name from sys.databases"
2、hostname
/opt/mssql-tools18/bin/sqlcmd -S dbdev1 -N true -C -Q "select top 1 name from sys.databases"
3、hostname\instance
/opt/mssql-tools18/bin/sqlcmd -S "stagingdb1\db62lm" -N true -C -Q "select top 1 name from sys.databases"
4、hostname,port
/opt/mssql-tools18/bin/sqlcmd -S dbdev1,1433 -N true -C -Q "select top 1 name from sys.databases"
/opt/mssql-tools18/bin/sqlcmd -S stagingdb1,63061 -N true -C -Q "select top 1 name from sys.databases"
無法正常連接,這是因為SPN里面的信息只有服務器dbdev1或stagingdb1的名稱,而沒有ip的名稱
1、tcp:ip,port
/opt/mssql-tools18/bin/sqlcmd -S tcp:172.22.137.251,1433 -N true -C -Q "select top 1 name from sys.databases"
/opt/mssql-tools18/bin/sqlcmd -S tcp:10.0.2.195,63061 -N true -C -Q "select top 1 name from sys.databases"
報錯
SSPI Provider: Server not found in Kerberos database.
Cannot generate SSPI context.
2、ip
/opt/mssql-tools18/bin/sqlcmd -S 172.22.137.251 -N true -C -Q "select top 1 name from sys.databases"
報錯
SSPI Provider: Server not found in Kerberos database.
Cannot generate SSPI context.
3、ip\instance
/opt/mssql-tools18/bin/sqlcmd -S "10.0.2.195\db62lm" -N true -C -Q "select top 1 name from sys.databases"
報錯
SSPI Provider: Server not found in Kerberos database.
Cannot generate SSPI context.
4、ip,port
/opt/mssql-tools18/bin/sqlcmd -S 172.22.137.251,1433 -N true -C -Q "select top 1 name from sys.databases"
/opt/mssql-tools18/bin/sqlcmd -S 10.0.2.195,63061 -N true -C -Q "select top 1 name from sys.databases"
報錯
SSPI Provider: Server not found in Kerberos database.
Cannot generate SSPI context.
sqlcmd遇到過的問題,windows域賬號的kerberos ticket正常的情況下,windows域賬號認證sqlserver報錯
sqlcmd報錯
webprocess@paystaget1:~$ /opt/mssql-tools18/bin/sqlcmd -S 172.22.137.251,1433 -N true -C -Q "select top 1 name from sys.databases"
Sqlcmd:Error: Microsoft ODBc priver 18 for SQLLServor: SSPI Provider: No Credentials were supplied,or the Credentials were unavailable or inaccessible. No Kerberos credentials available(defaul cache: File:/tmp/krb5cc_946009658)
Sqlcmd: Error: Microsoft ODBc Driver 18 for SQLServer:Can not generate SSPI context
分析
1、該域賬號的kerberos ticket
root@paystaget1:~# klist /opt/apache-tomcat-9.0.62/conf/krb5cc_genticket
Ticket cache: FILE:/opt/apache-tomcat-9.0.62/conf/krb5cc_genticket
Default principal: webprocess@DAI.NETDAI.COMValid starting Expires Service principal
04/17/25 16:00:03 04/18/25 02:00:03 krbtgt/DAI.NETDAI.COM@DAI.NETDAI.COMrenew until 04/18/25 16:00:03
2、域賬號不會直接使用kerberos ticket文件,而是根據該域賬號對應的uid,默認使用/tmp/krb5cc_uid
root@paystaget1:~# chown webprocess.webprocess /tmp/krb5cc_946009658
報錯chown:invalid user: `webprocess.webprocess`
3、自此發現這種域賬號webprocess,只有uid是webprocess但是沒有gid是webprocess,所以chown時無法使用webprocess.webprocess這樣的方式寫死域用戶和域用戶組
root@paystaget1:~# id webprocess
uid=946009658(webprocess) gid=946000513(domain users) groups=946000513(domain users),946040890(sophosuser),946063848(alkgo user),946071842(sso quiver)
解決方法
root@paystaget1:~# cp /opt/apache-tomcat-9.0.62/conf/krb5cc_genticket /tmp/krb5cc_946009658
root@paystaget1:~# chown webprocess /tmp/krb5cc_946009658
root@paystaget1:~# klist /tmp/krb5cc_946009658
webprocess@paystaget1:/root$ /opt/mssql-tools18/bin/sqlcmd -S tcp:dbdev1,1433 -N true -C -Q "select top 1 name from sys.databases"
name
--------------------------------------------------------------------------------------------------------------------------------
master(1 rows affected)
工程優化)
)
)
)
接口的詳細指南)
