linuxredhatsql-server-2017windows-authentication
We are using Red Hat IDM to authenticate AD users to SQL Server. Users can login successfully to SQL Server with SSMS and SQL CMD with AD Authentication. But running some elevated commands from SSMS or SQL CMD can run only once in session and it kick out AD authenticated users from SQL Server with the following error:
Error 15404 ‘Could not obtain information about Windows NT group/user '%ls', error code 0x80090304'
Let's try a few things:
Option 1: First on the source SQL server (trying to connect to your Linux SQL Server) check to make sure named pipes (and TCP/IP) is enabled on the source SQL Server via SQL Server Configuration Manager (if the source SQL Server (SSMS) runs on Windows). I have two client protocols to enable on Windows both 32bit and 64bit:
Option 2: Try changing SQL Server to mixed mode and try logging in with a SQL account (but I'm assuming you've done this already).
Option 3: Just saw these various changes some people tried. Some of these changes look quite odd but worked for some people:
Option 4: Open ports 1433 and 1434 on Linux (might need to do this on source AND target servers):
http://stevestedman.com/2016/11/allow-port-1433-ubuntu-linux-sql-server/
Option 5: (You may have said this a different way), but connect via SSMS using the target SQL Server's IP address.
Option 6: Use the fully qualified SQL Server name (FQDN) to connect to the target SQL Server. (i.e. the way you'd connect to SQL Server on Azure).
Option 7: Try using tcp:servername,1433 within SQL Server Management Studio to connect to the target Linux SQL Server
Normally when you receive an error message with the Error: 18456, ... it will contain additional information somewhere.
In the case of the SSMS Login, the error message will be displayed together with a couple of icons. One of them is page with a white cross on red background. If you click on that icon you will be presented with the detailed error message, which could look a bit like this:
The detailed error message will contain additional information:
Server Name: .
Error Number: 18456
Severity: 14
State: 1
Line Number: 65536
Additionally you can find the full error message in the ERRORLOG of your SQL Server instance. The entry will look similar to the following:
2018-08-10 15:37:56.10 Logon Error: 18456, Severity: 14, State: 5.
2018-08-10 15:37:56.10 Logon Login failed for user 'bigger'. Reason: Could not find a login matching the name provided. [CLIENT: <local machine>]
With the state number you can then go and check Aaron Bertrand's Blog's article:
If you can edit additional information into your question, then we might be able to find the root cause together.
Best Answer
I had similar experience. I believe this was due to a limitation in IDM. There is currently a bugzilla filed for this issue. I believe Red Hat is working on addressing this issue.