RE: Excel Calculation Services
- From: weilu@xxxxxxxxxxxxxxxxxxxx (Wei Lu [MSFT])
- Date: Fri, 19 Oct 2007 06:42:33 GMT
{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset0 MS Sans Serif;}}
\viewkind4\uc1\pard\lang2052\f0\fs20 Hello Vincent,
\par
\par Have you tried to use the Kerberos to delegate the credentials?
\par
\par To get kerberos working in moss you need to:
\par
\par 1. Enable kerberos authentication to share point web application, you can do so from central admin. If the sharepoint application pool is a domain account, then you must register an SPN for it, e.g.
\par
\par machine FQDN = sharepoint.domain.com
\par
\par apppoolaccount = domain\\sharepoint
\par
\par
\par
\par setspn -a http/sharepoint domain\\sharepoint
\par
\par setspn -a http/sharepoint.domain.com domain\\sharepoint
\par
\par
\par
\par (if it's a machine service account (e.g. Network Service) then an SPN is already registered when the machine was joined to the domain.)
\par
\par
\par
\par 2. Enable kerberos authenticaiton to the shared services by running the following stsadm commands on the shared services machine:
\par
\par stsadm -o set-ecssecurity -accessmodel delegation -ssp SharedServices1
\par
\par stsadm -o setsharedwebserviceauthn -negotiate
\par
\par stsadm -o execadmsvcjobs
\par
\par
\par
\par You'd also need to register SPNs for it if running under a domain account.
\par
\par machine FQDN = sharedservice.domain.com
\par
\par apppoolaccount = domain\\sharedservice
\par
\par
\par
\par setspn -a http/sharedservice domain\\sharedservice
\par
\par setspn -a http/sharedservice.domain.com domain\\sharedservice
\par
\par
\par
\par 3. In active directory you need to enable delegation from the domain\\sharepoint account to the SPNs you registered for the domain\\sharedservice account.
\par
\par
\par
\par That should do the trick.
\par
\par
\par
\par As for accessing data sources using delegation from excel services, you'll need to:
\par
\par
\par
\par 4. Register SPNs for the data source. e.g. SSAS 2005:
\par
\par setspn -a MSOLAPSvc.3/ssasmachinename domain\\ssasaccount
\par
\par setspn -a MSOLAPSvc.3/ssasmachinename.domain.com domain\\ssasaccount
\par
\par
\par
\par 5. In active directory you need to enable delegation from the domain\\sharedservice account to the SPNs you registered for the domain\\ssasaccount account.
\par
\par
\par
\par
\par Sincerely,
\par
\par Wei Lu
\par Microsoft Online Community Support
\par
\par ==================================================
\par
\par When responding to posts, please "Reply to Group" via your newsreader so
\par that others may learn and benefit from your issue.
\par
\par ==================================================
\par This posting is provided "AS IS" with no warranties, and confers no rights.
\par }
- Follow-Ups:
- RE: Excel Calculation Services
- From: Wei Lu [MSFT]
- RE: Excel Calculation Services
- References:
- RE: Excel Calculation Services
- From: Wei Lu [MSFT]
- RE: Excel Calculation Services
- From: ITS
- RE: Excel Calculation Services
- From: ITS
- RE: Excel Calculation Services
- Prev by Date: BDC, Document library, Customers
- Next by Date: RE: Copying SPListItem with workflow history
- Previous by thread: RE: Excel Calculation Services
- Next by thread: RE: Excel Calculation Services
- Index(es):
Relevant Pages
|
