Search

April 2005
M T W T F S S
« Mar   May »
 123
45678910
11121314151617
18192021222324
252627282930  

Kerberos

April 23rd, 2005 by

From: “josh”


Subject: Kerberos


Date: Thu, 17 Mar 2005 16:45:53 +1100


Newsgroups: microsoft.public.sharepoint.portalserver


 


Hello All,


 


I have a web application that is using Integrated Windows Authentication. I have a ‘double hop’ issue when I try to connects to Sharepoint Portal Server 2003 from my Web Application.


 


I hear Kerberos is the answer but I can’t get it to work,  does anyone know how to get the IIS running Share Point Portal Server 2003 to use Kerberos?


 


Your help or push in the right direction would be greatly appreciated.


 


Cheers,


Josh


 


*************************************


 


From: “Steve Smith”


Subject: Re: Kerberos


Date: Thu, 17 Mar 2005 17:10:35 -0000


Newsgroups: microsoft.public.sharepoint.portalserver


 


Try these 2 to get you going Josh. Hopefully these are what you are after


 


http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/en-us/stse16.mspx


 


http://www.microsoft.com/resources/documentation/IIS/6/all/techref/en-us/iisRG_SEC_15.mspx


 


Cheers


 


Steve Smith


 


*************************************


 


From: “Liam Cleary”


Subject: Re: Kerberos


Date: Sat, 23 Apr 2005 07:57:39 +0100


Newsgroups: microsoft.public.sharepoint.portalserver


 


Hi,


 


You need to fo the folowing:


1. In Active Directory you need to edit the computer accounts and trust them for delegation


 


2. You will then need to add an SPN to the Apppication Pool account that SharePoint is running under.  The SPN can be configured through scripts or through ADSI Edit.  The SPSN will be in the following format: HTTP/FQDN


 


3. Edit the MetaBase.xml file in WINDOWS\SYSTEM32\INETSRV


 


4. Search for <IISWEBSERVER and then look for the IIS Website you want (Default Web Site)


 


5. Change the line NTAuthenticationProviders=”NTLM” to NTAuthenticationProviders=”Negotiate,NTLM”


If this line does not exist create it.


 


Reset IIS and all should work in Kerberos Mode.NOTE: if your SPN is wrong then when you try to login it will keep asking you for a username and password. The SPN is the most important bit..


 


Hope this helps


 


Liam Cleary


Productivity & Collaboration Specialist


liamcleary@msn.com


 

Posted in SPPS03_Tips | No Comments »



Comments are closed.