How to use windows authentication with SQL server docker container

21.8k views Asked by At

I have gone through all the examples I could find online for building docker container based applications. I would want to run two services running in two docker containers:

  1. A windows container running ASP.NET
  2. A windows container running SQL Server

Easy job and many examples. However, in all examples you need to use SQL authentication and to provide a hard-coded SA password as an environment variable when running the SQL server container. You also need to hard code the SA password into the connection string in the ASP.Net code (or also provide it in some other manner in a configuration file, etc.)

Bottom line in all examples the password is hard-coded somewhere.

In most applications we develop now, we actually use windows authentication instead or use a grouped managed service account instead. But as far as I know, you cannot add a windows container to a domain, thus the SQL server is not part of the windows domain so I don't see a way to use windows authentication here.

So does any one have an alternative to hard-coding passwords this way ?

3

There are 3 answers

0
rameshpa On

Windows authentication is automatically enabled in Windocks SQL Server containers. See here for more details. The SQL Server containers created in Windocks are SQL Server named instances created automatically from the default SQL Service that is already installed on the Windows Server (2012 R2 or 2016). Any Windows accounts in the default instance are automatically enabled in the container instances.

1
G. Gomes On

I'm dealing exactly with the same problem. Here is the most complete procedure that I found. The trick is to use gMSA.

But, as JanneRantala says at the end, I'm having the same problem when trying to add a new User in the Database :

Msg 15401, Level 16, State 1, Line 3 Windows NT user or group 'YOUR_DOMAIN\gmsa$' not found. Check the name again.

7
Gregory Suvalian On

Here is walkthrough how to make it work. Windows Containers Walkthrough

This will not work though if your SQL is also running in container since SQL server itself have to part of Active Directory to be able to utilize GMSA accounts.