Merge pull request #7073 from MicrosoftDocs/release-sql2017

rothja · web-flow · commit 16341e5a2306 · 2018-08-31T16:04:57.000-04:00
Publish changes for release-sql2017 CU10
diff --git a/docs/linux/sql-server-linux-active-directory-auth-overview.md b/docs/linux/sql-server-linux-active-directory-auth-overview.md
@@ -47,7 +47,6 @@ The details for how to configure AD authentication are provided in the tutorial,
 ## Known issues
 
 - At this time, the only authentication method supported for database mirroring endpoint is CERTIFICATE. WINDOWS authentication method will be enabled in a future release.
-- Third-party AD tools like Centrify, Powerbroker, and Vintela are not supported.
 
 ## Next Steps
 
diff --git a/docs/linux/sql-server-linux-active-directory-authentication.md b/docs/linux/sql-server-linux-active-directory-authentication.md
@@ -29,6 +29,10 @@ This tutorial consists of the following tasks:
 > * Create AD-based logins in Transact-SQL
 > * Connect to [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] using AD Authentication
 
+> [!NOTE]
+>
+> If you wish to configure [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] on Linux to use a third-party AD provider, please see [Use third-party Active Directory providers with SQL Server on Linux](./sql-server-linux-active-directory-third-party-providers.md).
+
 ## Prerequisites
 
 Before you configure AD Authentication, you need to:
@@ -87,7 +91,7 @@ Use the following steps to join a [!INCLUDE[ssNoVersion](../includes/ssnoversion
 
       Now check that your `/etc/resolv.conf` file contains a line like the following example:  
 
-      ```Code
+      ```/etc/resolv.conf
       nameserver **<AD domain controller IP address>**
       ```
 
@@ -109,7 +113,28 @@ Use the following steps to join a [!INCLUDE[ssNoVersion](../includes/ssnoversion
 
      Now check that your `/etc/resolv.conf` file contains a line like the following example:  
 
-     ```Code
+     ```/etc/resolv.conf
+     nameserver **<AD domain controller IP address>**
+     ```
+
+   - **SLES**:
+
+     Edit the `/etc/sysconfig/network/config` file so that your AD domain controller IP will be used for DNS queries and the your AD domain is in the domain search list:
+
+     ```/etc/sysconfig/network/config
+     <...>
+     NETCONFIG_DNS_STATIC_SERVERS="**<AD domain controller IP address>**"
+     ```
+
+     After editing this file, restart the network service:
+
+     ```bash
+     sudo systemctl restart network
+     ```
+
+     Now check that your `/etc/resolv.conf` file contains a line like the following example:
+
+     ```/etc/resolv.conf
      nameserver **<AD domain controller IP address>**
      ```
 
@@ -301,19 +326,27 @@ The specific connection string parameter for clients to use AD Authentication de
    Make sure you've installed the [mssql-tools](sql-server-linux-setup-tools.md) package, then connect using `sqlcmd` without specifying any credentials:
 
    ```bash
-   sqlcmd -S mssql.contoso.com
+   sqlcmd -S mssql-host.contoso.com
    ```
 
 * SSMS on a domain-joined Windows client
 
-   Log in to a domain-joined Windows client using your domain credentials. Make sure [!INCLUDE[ssmanstudiofull-md](../includes/ssmanstudiofull-md.md)] is installed, then connect to your [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] instance by specifying **Windows Authentication** in the **Connect to Server** dialog.
+   Log in to a domain-joined Windows client using your domain credentials. Make sure [!INCLUDE[ssmanstudiofull-md](../includes/ssmanstudiofull-md.md)] is installed, then connect to your [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] instance (e.g. "mssql-host.contoso.com") by specifying **Windows Authentication** in the **Connect to Server** dialog.
 
 * AD Authentication using other client drivers
 
   * JDBC: [Using Kerberos Integrated Authentication to Connect SQL Server](https://docs.microsoft.com/sql/connect/jdbc/using-kerberos-integrated-authentication-to-connect-to-sql-server)
   * ODBC: [Using Integrated Authentication](https://docs.microsoft.com/sql/connect/odbc/linux/using-integrated-authentication)
   * ADO.NET: [Connection String Syntax](https://msdn.microsoft.com/library/system.data.sqlclient.sqlauthenticationmethod(v=vs.110).aspx)
- 
+
+## Performance Improvements
+If you notice that AD account lookups are taking a while, and you have checked you AD configuration is valid with the steps at [Use Active Directory Authentication with SQL Server on Linux through Third-Party AD Providers](sql-server-linux-active-directory-third-party-providers.md), you can add the lines below to `/var/opt/mssql/mssql.conf` to skip SSSD calls and directly use LDAP calls.
+
+```/var/opt/mssql/mssql.conf
+[network]
+disablesssd = true
+```
+
 ## Next steps
 
 In this tutorial, we walked through how to set up Active Directory authentication with SQL Server on Linux. You learned how to:
diff --git a/docs/linux/sql-server-linux-active-directory-third-party-providers.md b/docs/linux/sql-server-linux-active-directory-third-party-providers.md
@@ -0,0 +1,162 @@
+---
+title: Use third-party Active Directory providers with SQL Server on Linux | Microsoft Docs
+description: This tutorial provides the configuration steps for AD Authentication with third-party providers
+author: dylan-MSFT
+ms.date: 07/25/2018
+ms.author: dygray 
+manager: mikehab
+ms.topic: conceptual
+ms.prod: sql
+ms.component: ""
+ms.suite: "sql"
+ms.custom: "sql-linux"
+ms.technology: linux
+helpviewer_keywords: 
+  - "Linux, AD authentication"
+---
+# Use third-party Active Directory providers with SQL Server on Linux
+
+[!INCLUDE[appliesto-ss-xxxx-xxxx-xxx-md-linuxonly](../includes/appliesto-ss-xxxx-xxxx-xxx-md-linuxonly.md)]
+
+This article explains how to configure a [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] on Linux host machine with AD Authentication when using third-party AD providers, such as [PowerBroker Identity Services (PBIS)](https://www.beyondtrust.com/), [Vintela Authentication Services (VAS)](https://www.oneidentity.com/products/authentication-services/), and [Centrify](https://www.centrify.com/). This guide includes steps to check your AD configuration, and it is not intended to instruct on how to join a machine to a domain. For detailed instructions on joining a [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] host to a domain using REALM and SSSD, see [Use Active Directory authentication with SQL Server on Linux](sql-server-linux-active-directory-authentication.md).
+
+## Prerequisites
+
+Before you configure AD Authentication, you need to set up an AD Domain Controller (Windows) on your network and join your [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] on Linux host to an AD domain. You can use [PBIS](https://www.beyondtrust.com/), [VAS](https://www.oneidentity.com/products/authentication-services/), or [Centrify](https://www.centrify.com/).
+
+> [!NOTE]
+>
+>This tutorial uses "contoso.com" and "CONTOSO.COM" as example domain and realm names respectively. It also uses "DC1.CONTOSO.COM" as the example fully qualified domain name of the domain controller. You should replace these with your own values.
+
+## Check Connection to Domain Controller
+
+Check you can contact the domain controller with both the short and fully qualified name of the domain.
+
+   ```bash
+   ping contoso
+
+   ping contoso.com
+   ```
+
+   If either of these fails, update your domain search list.
+
+   - **Ubuntu**:
+
+     Edit the `/etc/network/interfaces` file so that your AD Domain is in the domain search list: 
+
+     ```/etc/network/interfaces
+     <...>
+     # The primary network interface
+     auto eth0
+     iface eth0 inet dhcp
+     dns-nameservers **<AD domain controller IP address>**
+     dns-search **<AD domain name>**
+     ```
+
+     > [!NOTE]
+     > The network interface (eth0) might differ for different machines. To find out which one you are using, run ifconfig and copy the interface that has an IP address and transmitted and received bytes.
+
+     After editing this file, restart the network service:
+
+     ```bash
+     sudo ifdown eth0 && sudo ifup eth0
+     ```
+
+     Now check that your `/etc/resolv.conf` file contains a line like the following example:  
+
+     ```/etc/resolv.conf
+     search contoso.com com  
+     nameserver **<AD domain controller IP address>**
+     ```
+
+   - **RHEL**:
+
+     Edit the `/etc/sysconfig/network-scripts/ifcfg-eth0` file (or other interface config file as appropriate) so that your AD Domain is in the domain search list:
+
+     ```/etc/sysconfig/network-scripts/ifcfg-eth0
+     <...>
+     PEERDNS=no
+     DNS1=**<AD domain controller IP address>**
+     DOMAIN="contoso.com com"
+     ```
+
+     After editing this file, restart the network service:
+
+     ```bash
+     sudo systemctl restart network
+     ```
+
+     Now check that your `/etc/resolv.conf` file contains a line like the following example:  
+
+     ```/etc/resolv.conf
+     search contoso.com com  
+     nameserver **<AD domain controller IP address>**
+     ```
+
+   If you still cannot ping the domain controller, find the fully qualified domain name (e.g. DC1.CONTOSO.COM) and IP address of the domain controller and add the following entry to `/etc/hosts`
+
+   ```/etc/hosts
+   **<IP address>** DC1.CONTOSO.COM CONTOSO.COM CONTOSO
+   ```
+
+   - **SLES**:
+
+     Edit the `/etc/sysconfig/network/config` file so that your AD domain controller IP will be used for DNS queries and your AD domain is in the domain search list:
+
+     ```/etc/sysconfig/network/config
+     <...>
+     NETCONFIG_DNS_STATIC_SEARCHLIST=""
+     NETCONFIG_DNS_STATIC_SERVERS="**<AD domain controller IP address>**"
+     ```
+
+     After editing this file, restart the network service:
+     ```bash
+     sudo systemctl restart network
+     ```
+
+     Now check that your `/etc/resolv.conf` file contains a line like the following example:
+
+     ```/etc/resolv.conf
+     search contoso.com com
+     nameserver **<AD domain controller IP address>**
+     ```
+
+## Check Reverse DNS is properly configured
+
+The following command should return the fully qualified domain name of the host running SQL Server (e.g. "SqlHost.contoso.com").
+
+   ```bash
+   host **<IP address of SQL Server host>**
+   # **<reversed IP address>**.in-addr.arpa domain name pointerSqlHost.contoso.com.
+   ```
+
+   If this does not return your host's FQDN or if the FQDN is incorrect, add a reverse DNS entry for your [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] on Linux host to your DNS server.
+
+## Check your KRB5 configuration is correct
+
+Check your `/etc/krb5.conf` is configured correctly. For most third-party AD providers, this is done automatically. However, check `/etc/krb5.conf` for the following values to prevent any future issues:
+
+   ```/etc/krb5.conf
+   [libdefaults]
+   default_realm = CONTOSO.COM
+
+   [realms]
+   CONTOSO.COM = {
+   }
+
+   [domain_realm]
+   contoso.com = CONTOSO.COM
+   .contoso.com = CONTOSO.COM
+   ```
+
+## Next steps
+
+In this article, we covered how to configure a [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] on Linux host machine with AD Authentication when using third-party AD providers. To finish configuring [!INCLUDE[ssNoVersion](../includes/ssnoversion-md.md)] on Linux to support AD accounts, follow the instructions at [Use Active Directory authentication with SQL Server on Linux](sql-server-linux-active-directory-authentication.md).
+
+> [!div class="nextstepaction"]
+> [Use Active Directory authentication with SQL Server on Linux](sql-server-linux-active-directory-authentication.md)
+
+> [!NOTE]
+>
+> You can skip the "Join SQL Server host to AD domain" section in [Use Active Directory authentication with SQL Server on Linux](sql-server-linux-active-directory-authentication.md)
+ as you have just done that in this tutorial.
diff --git a/docs/linux/sql-server-linux-release-notes.md b/docs/linux/sql-server-linux-release-notes.md
@@ -41,6 +41,7 @@ The following table lists the release history for SQL Server 2017.
 
 | Release               | Version       | Release date |
 |-----------------------|---------------|--------------|
+| [CU10](#CU10)         | 14.0.3037.1   | 2018-08-27   |
 | [CU9-GDR2](#CU9-GDR2) | 14.0.3035.2   | 2018-08-18   |
 | [GDR2](#GDR2)         | 14.0.2002.14  | 2018-08-18   |
 | [CU9](#CU9)           | 14.0.3030.27  | 2018-07-18   |
@@ -66,6 +67,20 @@ If you are updating existing SQL Server packages, run the appropriate update com
 - [Install SQL Server Integration Services](sql-server-linux-setup-ssis.md)
 - [Enable SQL Server Agent](sql-server-linux-setup-sql-agent.md)
 
+## <a id="CU10"></a> CU10 (August 2018)
+
+This is the Cumulative Update 10 (CU10) release of SQL Server 2017. The SQL Server engine version for this release is 14.0.3037.1. For information about the fixes and improvements in this release, see [https://support.microsoft.com/en-us/help/4342123](https://support.microsoft.com/en-us/help/4342123).
+
+### Package details
+
+For manual or offline package installations, you can download the RPM and Debian packages with the information in the following table:
+
+| Package | Package version | Downloads |
+|-----|-----|-----|
+| Red Hat RPM package | 14.0.3037.1-2 | [Engine RPM package](https://packages.microsoft.com/rhel/7/mssql-server-2017/mssql-server-14.0.3037.1-2.x86_64.rpm)</br>[High Availability RPM package](https://packages.microsoft.com/rhel/7/mssql-server-2017/mssql-server-ha-14.0.3037.1-2.x86_64.rpm)</br>[Full-text Search RPM package](https://packages.microsoft.com/rhel/7/mssql-server-2017/mssql-server-fts-14.0.3037.1-2.x86_64.rpm)</br>[SSIS package](https://packages.microsoft.com/rhel/7/mssql-server-2017/mssql-server-is-14.0.1000.169-1.x86_64.rpm) | 
+| SLES RPM package | 14.0.3037.1-2 | [mssql-server Engine RPM package](https://packages.microsoft.com/sles/12/mssql-server-2017/mssql-server-14.0.3037.1-2.x86_64.rpm)</br>[High Availability RPM package](https://packages.microsoft.com/sles/12/mssql-server-2017/mssql-server-ha-14.0.3037.1-2.x86_64.rpm)</br>[Full-text Search RPM package](https://packages.microsoft.com/sles/12/mssql-server-2017/mssql-server-fts-14.0.3037.1-2.x86_64.rpm) | 
+| Ubuntu 16.04 Debian package | 14.0.3037.1-2 | [Engine Debian package](https://packages.microsoft.com/ubuntu/16.04/mssql-server-2017/pool/main/m/mssql-server/mssql-server_14.0.3037.1-2_amd64.deb)</br>[High Availability Debian package](https://packages.microsoft.com/ubuntu/16.04/mssql-server-2017/pool/main/m/mssql-server-ha/mssql-server-ha_14.0.3037.1-2_amd64.deb)</br>[Full-text Search Debian package](https://packages.microsoft.com/ubuntu/16.04/mssql-server-2017/pool/main/m/mssql-server-fts/mssql-server-fts_14.0.3037.1-2_amd64.deb)<br/>[SSIS package](https://packages.microsoft.com/ubuntu/16.04/mssql-server-2017/pool/main/m/mssql-server-is/mssql-server-is_14.0.1000.169-1_amd64.deb) |
+
 ## <a id="CU9-GDR2"></a> CU9-GDR2 (August 2018)
 
 This is a security update that also includes the previously released CU (CU9) for SQL Server 2017. The SQL Server engine version for this release is 14.0.3035.2. For information about the fixes and improvements in this release, see [https://support.microsoft.com/en-us/help/4293805](https://support.microsoft.com/en-us/help/4293805).
diff --git a/docs/linux/toc.yml b/docs/linux/toc.yml
@@ -173,6 +173,8 @@
       href: sql-server-linux-active-directory-auth-overview.md
     - name: Encrypting connections
       href: sql-server-linux-encrypted-connections.md
+    - name: Third Party AD Auth
+      href: sql-server-linux-active-directory-third-party-providers.md
   - name: Performance
     items:
     - name: Best practices
