KERBEROS OR NTLM
Shah
want to find out the following things
1)How to find out the authenticaion provider set for the server farm
(kerberos/NTLM)?
2)How to find out the authentication provider (kerberos/NTLM) for one of our
working sites (site collection or web app)?
3) When I build new sites with NTLM they work fine.After creating a new web
app with kerberos, I tried to run the following "C:\Program Files\Support
Tools>setspn -A http/mossdev sharepointservices
Registering ServicePrincipalNames for
CN=SharepointServices,CN=Users,DC=ad,DC=aaas,DC=org
http/mossdev
Failed to assign SPN on account
'CN=SharepointServices,CN=Users,DC=ad,DC=aaas,DC=org', error 0x2
098/8344 -> Insufficient access rights to perform the operation.
"
What does it mean?
4)What are the prerequisites the set up a web app with KERBEROS
authentication?
Thanks very much in advance
-Shah
Lambert Qin [MSFT]
Question 1&2: How to find out the authentication provider set for the
server farm and a site?
Kerberos authentication was set for each web application, so you could not
find a global or site level Kerberos authentication configuration in
SharePoint.
You could check the configurations in Central Administration > Application
Management > Authentication Providers.
Question 3: error "Insufficient access rights to perform the operation"
when using setspn.
The error message indicates that you do not have the privilege to run the
command.
To perform the command, you must have membership in Domain Admins,
Enterprise Admins, or you must have been delegated the appropriate
authority. For information on delegating the permissions to modify SPNs,
see Delegating Authority to Modify SPNs
(http://technet.microsoft.com/en-us/library/cc772895(WS.10).aspx).
Question 4:What are the prerequisites the set up a web app with KERBEROS
authentication?
As you are aware that Service Principal Names(SPNs) for Accounts are
required for Kerberos.
Another important thing is that Kerberos authentication for SQL
communications has to be configured, and confirmed to be working, before
configuring Office SharePoint Server 2007 use Kerberos.
Here is a good step to step guidance for your reference: Configure Kerberos
authentication (Office SharePoint Server)
(http://technet.microsoft.com/en-us/library/cc263449.aspx)
Additional resources for your reference:
Setspn Overview (http://technet.microsoft.com/en-us/library/cc773257.aspx)
Troubleshooting Kerberos Errors
(http://go.microsoft.com/fwlink/?LinkId=93730&clcid=0x409)
Sincerely,
Lambert Qin
Microsoft Online Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Shah
I see ZONE=DEFAULT and MEMBERSHIP PROVIDER NAME = WINDOWS under
AUTHENTICATION PROVIDER for one of our production site.What does it mean?
-Shah
Serge Tremblay MVP SharePoint
Authentication provider.
In the "Edit Authentication" page from the "Authentication Providers" you
should also see a section called "IIS Authentication settings" where you
will see a check mark beside "Integrated Windows Authentication", there you
can see if you are using NTLM or Negotiate(Kerberos).
Serge Tremblay
SharePoint MVP
"Shah" <sa...@newsgroup.nospam> a écrit dans le message de
news:1C1EFAEA-A478-4EA7...@microsoft.com...