Apache nifi Nifi连接到sql server kerberos
我正在尝试配置从Apache nifi Nifi连接到sql server kerberos,apache-nifi,Apache Nifi,我正在尝试配置从Nifi到Sql Server的连接,该服务器的身份验证为Active Directory-Universal,支持MFA。我已经查看了internet,但在正确配置它时仍然存在问题 这就是我到目前为止所做的: -> I've created "Execute SQL" processor -> Database Connection pooling services -> New and in properties: 根据此模板的连接Url: jdbc:s
Nifi
到Sql Server
的连接,该服务器的身份验证为Active Directory-Universal,支持MFA
。我已经查看了internet,但在正确配置它时仍然存在问题
这就是我到目前为止所做的:
-> I've created "Execute SQL" processor
-> Database Connection pooling services
-> New and in properties:
根据此模板的连接Url:
jdbc:sqlserver://<myservername>;database=<mydatabase>;integratedSecurity=true;authenticationScheme=JavaKerberos;
database driver class name: com.microsoft.sqlserver.jdbc.SQLServerDriver
database driver location: \mypath\
database user: user@mydomain.com
password: mypassword
所以我喜欢这样:
在nifi
的\conf
文件夹中(不确定是否应在此处,因为未提及将这些文件放置在何处)
我创建了两个包含以下内容的文件:
krb5.ini:
[libdefaults]
default_realm = MYDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = true
[domain_realm]
.mydomain.com = MYDOMAIN.COM
[realms]
MYDOMAIN.COM = {
kdc = MYDOMAIN.COM
admin_server = MYDOMAIN.COM
master_kdc = MYDOMAIN.COM
default_domain= MYDOMAIN.COM
}
SQLJDBCDriver {
com.sun.security.auth.module.Krb5LoginModule required doNotPrompt=false
useTicketCache=false;
};
java.arg.17=-Djava.security.auth.login.config=C:\nifi\conf\jaas.conf
java.arg.18=-Djava.security.krb5.conf=C:\nifi\conf\krb5.ini
# kerberos #
nifi.kerberos.krb5.file=C:\nifi\conf\krb5.ini
# kerberos service principal #
nifi.kerberos.service.principal=nifi/user@mydomain.com
nifi.kerberos.service.keytab.location=
jaas.conf:
[libdefaults]
default_realm = MYDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = true
[domain_realm]
.mydomain.com = MYDOMAIN.COM
[realms]
MYDOMAIN.COM = {
kdc = MYDOMAIN.COM
admin_server = MYDOMAIN.COM
master_kdc = MYDOMAIN.COM
default_domain= MYDOMAIN.COM
}
SQLJDBCDriver {
com.sun.security.auth.module.Krb5LoginModule required doNotPrompt=false
useTicketCache=false;
};
java.arg.17=-Djava.security.auth.login.config=C:\nifi\conf\jaas.conf
java.arg.18=-Djava.security.krb5.conf=C:\nifi\conf\krb5.ini
# kerberos #
nifi.kerberos.krb5.file=C:\nifi\conf\krb5.ini
# kerberos service principal #
nifi.kerberos.service.principal=nifi/user@mydomain.com
nifi.kerberos.service.keytab.location=
然后在bootstrap.conf中我添加了两行:
[libdefaults]
default_realm = MYDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = true
[domain_realm]
.mydomain.com = MYDOMAIN.COM
[realms]
MYDOMAIN.COM = {
kdc = MYDOMAIN.COM
admin_server = MYDOMAIN.COM
master_kdc = MYDOMAIN.COM
default_domain= MYDOMAIN.COM
}
SQLJDBCDriver {
com.sun.security.auth.module.Krb5LoginModule required doNotPrompt=false
useTicketCache=false;
};
java.arg.17=-Djava.security.auth.login.config=C:\nifi\conf\jaas.conf
java.arg.18=-Djava.security.krb5.conf=C:\nifi\conf\krb5.ini
# kerberos #
nifi.kerberos.krb5.file=C:\nifi\conf\krb5.ini
# kerberos service principal #
nifi.kerberos.service.principal=nifi/user@mydomain.com
nifi.kerberos.service.keytab.location=
在nifi.properties文件中我做了:
[libdefaults]
default_realm = MYDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = true
[domain_realm]
.mydomain.com = MYDOMAIN.COM
[realms]
MYDOMAIN.COM = {
kdc = MYDOMAIN.COM
admin_server = MYDOMAIN.COM
master_kdc = MYDOMAIN.COM
default_domain= MYDOMAIN.COM
}
SQLJDBCDriver {
com.sun.security.auth.module.Krb5LoginModule required doNotPrompt=false
useTicketCache=false;
};
java.arg.17=-Djava.security.auth.login.config=C:\nifi\conf\jaas.conf
java.arg.18=-Djava.security.krb5.conf=C:\nifi\conf\krb5.ini
# kerberos #
nifi.kerberos.krb5.file=C:\nifi\conf\krb5.ini
# kerberos service principal #
nifi.kerberos.service.principal=nifi/user@mydomain.com
nifi.kerberos.service.keytab.location=
尽管如此,它还是一样,不起作用。有人能帮我找出问题所在吗?有人反馈吗?我也尝试了简单的url连接,根据microsoft doc,如果没有任何额外的krb5文件(如:jdbc:sqlserver://servername=myservername;databasename=somedatabase;integratedSecurity=true;authenticationScheme=JavaKerberos;用户名=myuser@wgatever.com;password=somepassword仍然存在,并发出类似这样的消息:确保sql server可访问并允许该端口上的tcp/ip连接。