SPS wont use kerberos
From: Al Blake (al_at_blakes.net)
Date: 05/29/04
- Next message: Ken Schaefer: "Re: SPS wont use kerberos"
- Previous message: Kevin McCloskey: "Re: audiences problem"
- Next in thread: Ken Schaefer: "Re: SPS wont use kerberos"
- Reply: Ken Schaefer: "Re: SPS wont use kerberos"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 29 May 2004 20:25:25 +1000
We have a windows2003 member server in a native AD domain that runs SPS2003
as well as a number of non-SPS IIS6 web sites.
We have managed to configure all the web sites *except* SPS2003 to use
kerberos as their preferred authentication - so we know kerberos is working
on the box.
We have followed KB832769 to enable kerberos on the SPS web but still
whenever a client browser connects (XP + IE6SP1) the authentication method
selected is NTLM. Why?
We have:
a) Set NTAuthenticationProviders to "Negoatiate,NTLM" in the metabase for
the SPS site
b) Set the computer account as trusted for delegation in AD
c) Set the user account used by the app pool as trusted in AD
d) Used setspn to add HTTP/DOMAIN\USER SERVER as an additional spn
but still NTLM is used as the authentication mechanism.
As a side issue, when tryng to access the box from another windows2003
server (such as our TS server) which is running IE 6.0.3790.0 we get
repeatedly prompted to login if authentication mechanism is
"Negotiate,NTLM". Checking in the event log shows a kerberos failure for a
blank username.
Trying from XP+IE6SP1 clients we do not get prompted to login (ie windows
authentication works) but checking in the event log indicates that NTLM has
been used ! So XPIE6SP1 is NOT using kerberos to authenticate with the SPS
site. Why not?
Al Blake, Canberra, Australia
- Next message: Ken Schaefer: "Re: SPS wont use kerberos"
- Previous message: Kevin McCloskey: "Re: audiences problem"
- Next in thread: Ken Schaefer: "Re: SPS wont use kerberos"
- Reply: Ken Schaefer: "Re: SPS wont use kerberos"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
