January 20, 2021 at 12:50 am
Currently, while installing SQL server we use a local linux account to run the SQL service. But is there a way to change the user to be domain account just like in windows for security purposes? I didnt see any documentation related to service account other than using "mssql" as local user to run the service.
Please let me know if you have any ideas or solutions for this problem.
January 20, 2021 at 7:56 pm
My opinion (I do not have SQL Server on Linux installed), I see no reason why you wouldn't be able to do that.
My expectation as to why it isn't well documented is that Linux, out of the box, doesn't do AD authentication. So you'd need to install something to handle AD authentication on the server first, and after that you could adjust the service to start using that account. You would also need to ensure permissions on the account were set up correctly.
So I think the first step would be to get AD authentication working on the server (PAM I think can handle this, but it has been AGES since I tried setting that up), and once that is working, it would just be a matter of changing who the service runs as.
If you are comfortable in Linux to install and setup PAM to get AD authentication working, changing the SQL Server service should be pretty easy. If you are not that comfortable in Linux, I would leave things alone while they are working. Troubleshooting problems in Linux is not the same as in Windows and you would have more hurdles to jump as you went and a LOT more logs to read through.
The above is all just my opinion on what you should do.
As with all advice you find on a random internet forum - you shouldn't blindly follow it. Always test on a test server to see if there is negative side effects before making changes to live!
I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.
January 21, 2021 at 5:43 am
This was removed by the editor as SPAM
January 22, 2021 at 5:29 am
Thanks for the replies.
I was able to do the AD authentication and add AD domain accounts to SQL logins. But I am not able to change the SQL server service account to run as Domain user. It is still using local linux account. This is where I am stuck. Any more thoughts?
February 3, 2021 at 10:07 am
This was removed by the editor as SPAM
Viewing 5 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply