All we need is an easy explanation of the problem, so here it is.
I have a Windows machine that should connect to an MSSQL instance with an ODBC driver using "windows integrated authentication".
Now according to the specifications of the login message the server is using SSPI for that. And if I understood the sspi documentation correctly, then SSPI could be use by Kerberos, NTLM or some other authentication protocol.
Now let’s say that I want to enforce ODBC to user Kerberos, is it possible to do that by configuring either one of the following components?
- SQL Server
- Active Directory
- ODBC driver
(Hope that my question makes sense? I am really new to the world of Windows authentication and protocols and really confused by all the docs..)
How to solve :
I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.
SQL Server will always prefer Kerberos over NTLM, however, NTLM is used as a fallback by SQL Server to ensure connectivity. You cannot disable NTLM authentication at the SQL level, this can only be done at the domain level, however, if you have Kebreros authentication properly configured then SQL Server will use that over NTLM.
See this article for information on properly configuring Kerberos in SQL Server:
Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂