All Apps and Add-ons

DB Connect 3.1.3 Issue: "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication."

abaumbusch
Explorer

I decided to post a new question as I have checked the previous questions and answers related to this error message on various versions of DB Connect, but alas, I am still stuck.

I am using DB Connect v.3.1.3 with Splunk 7.0.4 on Red Hat 7.5 to try and connect to a SQL Server 2014 sp2 CU13 database. The *nix box is a member of the same domain as the SQL Server box and I am using the "MS-SQL Server Using jTDS Driver With Windows Authentication" connection type and have the jtds-1.3.1.jar driver sitting in the right place with correct permissions for the splunk user. I keep getting the following error: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. I have searched the googles and tried out various permutations of the JDBC URL, modifications to the db_connections.conf file, permutations of the Identitiy (Win Auth toggle on/off, uname@domain vs domain/username, just uname with domain hard coded in JDBC URL, etc), but can't seem to make any headway.

Any help or ideas would be greatly appreciated!

skelly99
Explorer

Hi - for reference I did encounter this same error today on a DBConnect V3.1.4 / Splunk 7.2.3 environment. It turned out to be an incorrect password. I'm moving workload from a Splunk 6.5 / DBConnect v1 environment and was given details of the passwords that apparently had been used on the DBConnect v1 environment. In the end I used the technique in the question below on the V1 environment which showed the passwords I'd been given were actually incorrect. Using the correct password worked for me and I was then able to successfully connect to a MSSQL instance using the AD account and retrieve data.

https://answers.splunk.com/answers/495227/splunk-db-connect-how-can-i-recover-mssql-encrypte.html

Rob2520
Communicator

@abaumbusch in identities section enable windows authentication and provide domain name(just the domain name NOT domain/username)

0 Karma

abaumbusch
Explorer

Thanks, Rob. I have tried this without success.

0 Karma

Rob2520
Communicator

can you also try MS-SQL Server using MS Generic driver with windows authentication instead of jTDS driver and edit the JDBC URL with integratedSecurity=false(by default it's true). Make sure your domain name is correct. I think it's case sensitive. Let me know once you try.

0 Karma

abaumbusch
Explorer

I tried that change and received an Invalid User message. I believe this indicates that my user tried to authenticate as a SQL User instead of an AD account because the user name was not presented with the domain in the error message, and I had this happen before when experimenting with the JTDS driver. I have emailed the DBA to confirm which type of login came across. If I mistyped the password I will be very pleased. 😉

When trying to use that driver with integratedSecurity=true, I get a "This driver is not configured for integrated authentication." I assume this is normal behavior for this driver when DB Connect is on a Linux box based on the documentation for DB Connect. I'm so annoyed by this! The documentation makes it appear as if this should just work as long as you have followed the sparse instructions. I'm wondering if going with Kerberos is the proper thing to do (or just getting a sql server user) as I can't spend too much more time trying to get this to work.

0 Karma

abaumbusch
Explorer

Yeah, no luck with the change you suggested. User did came across as sql login after that change.

0 Karma

jwindley_splunk
Splunk Employee
Splunk Employee

I'm having the same problem. Were you able to fix it?

0 Karma

abaumbusch
Explorer

I was not. I ended up having to a use a SQL Login which the client was not happy about because they are "less secure." I may try Kerberos, but happy to just be able to connect for now. I did a good amount of research and it appears that It is not possible to use native Windows Authentication for JDBC connections to MSSQL from a JVM running on Linux.

https://stackoverflow.com/questions/37835929/connect-to-sql-server-with-windows-authentication-from-...

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...