Hi there… I was wondering, I am adding datasources to Grafana, and I can see in the documentation that there is clearly no support for MSSQL authentication, and instead there is only support for local SQL Server accounts.
But to be thorough here are my two questions:
Is there any support for MSSQL authentication?
Are there plans to add support for MSSQL authentication in the future?
Just to be clear, we are using a non-windows version of Grafana, and it seems that Windows Authentication is only supported on Grafana instances running on Windows platforms.
I haven’t checked the Grafana documentation but we have been using AD accounts to connect to SQLServer without issue for some time (at least grafana 9.x).
We are running containerized Grafana on Linux and there is no need to do anything with Kerberos at the container level or the host level.
Interesting. This is exactly what we would like to achieve. We have SQL Server on WIndows Servers and Grafana is running in OpenShift Pods (Kuberenetes). I would like to connect via an AD account to the SQL Server, but somehow I get following errors:
in Grafana: mssql: login error: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
in SQL Server: SSPI handshake failed with error code 0x80090302, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. The function requested is not supported [CLIENT: 10.140.xx.xx]
Does anyone have an idea what the issue could be? The domain seems to be the same…
Thanks for your reply.
When i run the query the auth_scheme is KERBEROS. I do not have a lot of experience with kerberos. Do i have to configure something in Grafana?
I will talk with my dba and our openshift guy tomorrow and try to debug it with them.
Yes exactely. This is how we would like to use it as well. we have predfiend AD Service User for grafana which can access certain databases. I have exactly the same setting as you. But as stated before i recieve following error:
mssql: login error: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
I will post again as soon as i have followed up with my dba.
Are you sure that you have correct username/password? MSSQL may show this silly error also when you have incorrect credentials based on my personal experience.
Try this. Can the grafana service be run using that ad user in openshift?
Otherwise with kerberos, you cant have one service running as someone trying to log in as someone else, something called double hopping I guess or delegation. Here is a must read
For me its working like this as well. but as soon is i try to provision the datasource, i get “mssql: login error: Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.”