in

SharePoint Blogs

The Best Place for SharePoint-related Blogs

SharePoint Products and Technologies - Pointing to Share the Knowledge - Luis Du Solier G.

SharePoint and Kerberos...

What about Kerberos in SharePoint 2007...

From Steve Carvajal's Blog, some links to Martin Kearn's Blog (Microsoft UK Consultant).

Configuring Kerberos for SharePoint 2007: Part 1 - Base Configuration for SharePoint

Configuring Kerberos for SharePoint 2007: Part 2 - Excel Services and SQL Analysis Services 

 

More tips:

All of your accounts must have SPN's, something like this:

Use the Setspn.exe tool to add an SPN for the domain account. To do so, type the following line at the command prompt, and then press ENTER:

setspn -A HTTP/[ServerName].Microsoft.com microsoft\SRV_OSS_DEV_Farm

setspn -A HTTP/[ServerName].Microsoft.com microsoft\SRV_OSS_DEV_App001

setspn -A HTTP/[ServerName] microsoft\SRV_OSS_DEV_App001

setspn -A HTTP/[ServerName].Microsoft.com microsoft\SRV_OSS_DEV__SSPROC

setspn -A HTTP/[ServerName] microsoft\SRV_OSS_DEV__SSPROC

setspn -A HTTP/[ServerName].Microsoft.com microsoft\SRV_OSS_DEV_App002

setspn -A HTTP/[ServerName] microsoft\SRV_OSS_DEV_App002

Second Step

To configure the IIS server to be trusted for delegation, using a domain account follow these steps:

1. Start Active Directory Users and Computers.

2. In the left pane, click Computers.

3. In the right pane, right-click the name for each these IIS servers, and then click Properties.

4. Click the General tab, click to select the Trust computer for delegation check box, and then click OK.

a. microsoftportaldev02

b. microsoftportaldev03

c. microsoftindexdev01

5. Quit Active Directory Users and Computers.

---UPDATE Jan 3, 2008---

Thanks to Liam Cleary fellow SharePoint MVP for remind me a great post he wrote a long time ago about SharePoint and Kerberos, you should take a look, Here you go...

Published Jan 02 2008, 09:42 PM by Luis Du Solier G.
Filed under: ,

Comments

 

Liam Cleary said:

Hi Luis,

  I too have wrote a lengthy post about Kerberos with SharePoint, not that I am pimping my own stuff but thought it would be useful for anyone else.

www.helloitsliam.com/.../moss2007-–-configuration-process-for-kerberos-authentication.aspx

Liam

January 3, 2008 3:20 AM
 

Luis Du Solier G. said:

Liam, thanks for remind me.

I saw that post a long time ago, thanks for point me to it....

Great one....

Cheers!

Luis.

January 3, 2008 7:47 PM
 

Brad Saide (livePoint) said:

I have written up a blog entry on Kerberos as well, specifically around overcoming the challenges relating to running MOSS WFE, ECS, SQL SSAS and SQL Server all on separate servers and securing the data at the SSAS level (Banks. They're mad keen on who can see what, and they looooove Excel.)

The info may be useful for people setting up High-availabliity environments.

Cheers!

January 6, 2008 5:30 AM
 

Luis Du Solier G. said:

Hi Brad, Thanks for share with us your Blog, could you please post the link to the post about Kerberos?

Thanks

Luis.

January 8, 2008 10:06 PM

Leave a Comment

(required )  
(optional )
(required )  
Add
Need SharePoint Training? Attend a SharePoint Bootcamp!
Posts (c) their respective authors. Everything else (c) 2007 SharePoint Experts