tech·nic·al·ly agile

Kerberos and SharePoint 2007

Learn how to configure Kerberos authentication for SharePoint 2007, including essential SPN setup steps for a secure and efficient environment.

Published on
2 minute read
Image
https://nkdagility.com/resources/REHiKbbVOD8

If you want to use Kerberos authentication and not NTLM with SharePoint then there are some extra tasks that you need to get someone with Domain Admin privileges to perform. For EVERY dns / port combination a SPN needs to be added to Active Directory to tell it that it  is allowed to use Kerberos to authenticate a specific account or server to that URL. In a production environment with a farm of multiple server you will need to use the account option.

The account option lets you create an Active Directory account called..say… svc_Sharepoint and add a bunch of SPN’s to it. This account then needs to be used to run the application you are trying to connect to. So if it is an IIS website then the AppPool needs to run under that account. if it is SQL Server then the services need to run under that account.

You need to add an SPN for each protocol URL and port combination:

setspn -a admin.ep-dev.[domain].biz [domain]svc_sharepoint
setspn -a admin.ep-dev.[domain].biz:8080 [domain]svc_sharepoint
setspn -a bi.ep-dev.[domain].biz [domain]svc_sharepoint
setspn -a nrcdashboard.ep-dev.[domain].biz [domain]svc_sharepoint
setspn -a ep-dev.[domain].biz     [domain]svc_sharepoint
setspn -a team.ep-dev.[domain].biz [domain]svc_sharepoint
setspn -a search.ep-dev.[domain].biz [domain]svc_sharepoint
setspn -a my.ep-dev.[domain].biz [domain]svc_sharepoint
setspn -a technet.ep-dev.[domain].biz [domain]svc_sharepoint
setspn -a tfs01.ep-dev.[domain].biz [domain]svc_tfsservices
setspn -a tfs01.ep-dev.[domain].biz:8080 [domain]svc_tfsservices
setspn -a TFS  .ep-dev.[domain].biz [domain]svc_tfsservices

These SPN’s will allow authentication to work on these domains, but it does require Domain Admin to run them. And these are only my initial FQDN for this environment. We will be having a production environment soon and most likely a UAT environment before we start any development work on our Enterprise Portal.

Technorati Tags: SP 2007    MOSS    SP 2010    TFS    SharePoint 

System Configuration Install and Configuration
Comments

Related blog posts

No related videos found.

Connect with Martin Hinshelwood

If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.

Our Happy Clients​

We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.​

Jack Links Logo
Cognizant Microsoft Business Group (MBG) Logo
Boeing Logo
Boxit Document Solutions Logo
Big Data for Humans Logo
Microsoft Logo
Healthgrades Logo
Lockheed Martin Logo
Philips Logo
Deliotte Logo
Freadom Logo

NIT A/S

Akaditi Logo
YearUp.org Logo
Brandes Investment Partners L.P. Logo
Ericson Logo
Workday Logo
Slaughter and May Logo
Washington Department of Enterprise Services Logo
New Hampshire Supreme Court Logo
Washington Department of Transport Logo
Royal Air Force Logo
Ghana Police Service Logo
Nottingham County Council Logo
Graham & Brown Logo
ProgramUtvikling Logo
Healthgrades Logo
Boxit Document Solutions Logo
Slicedbread Logo
Sage Logo