blog

Kerberos and SharePoint 2007

Published on
2 minute read

If you want to use Kerberos authentication and not NTLM with SharePoint then there are some extra tasks that you need to get someone with Domain Admin privileges to perform. For EVERY dns / port combination a SPN needs to be added to Active Directory to tell it that it  is allowed to use Kerberos to authenticate a specific account or server to that URL. In a production environment with a farm of multiple server you will need to use the account option.

The account option lets you create an Active Directory account called..say… svc_Sharepoint and add a bunch of SPN’s to it. This account then needs to be used to run the application you are trying to connect to. So if it is an IIS website then the AppPool needs to run under that account. if it is SQL Server then the services need to run under that account.

You need to add an SPN for each protocol URL and port combination:

setspn -a admin.ep-dev.[domain].biz [domain]svc_sharepoint
setspn -a admin.ep-dev.[domain].biz:8080 [domain]svc_sharepoint
setspn -a bi.ep-dev.[domain].biz [domain]svc_sharepoint
setspn -a nrcdashboard.ep-dev.[domain].biz [domain]svc_sharepoint
setspn -a ep-dev.[domain].biz     [domain]svc_sharepoint
setspn -a team.ep-dev.[domain].biz [domain]svc_sharepoint
setspn -a search.ep-dev.[domain].biz [domain]svc_sharepoint
setspn -a my.ep-dev.[domain].biz [domain]svc_sharepoint
setspn -a technet.ep-dev.[domain].biz [domain]svc_sharepoint
setspn -a tfs01.ep-dev.[domain].biz [domain]svc_tfsservices
setspn -a tfs01.ep-dev.[domain].biz:8080 [domain]svc_tfsservices
setspn -a TFS  .ep-dev.[domain].biz [domain]svc_tfsservices

These SPN’s will allow authentication to work on these domains, but it does require Domain Admin to run them. And these are only my initial FQDN for this environment. We will be having a production environment soon and most likely a UAT environment before we start any development work on our Enterprise Portal.

Technorati Tags: SP 2007    MOSS    SP 2010    TFS    SharePoint 

code-and-complexity problems-and-puzzles blog configuration infrastructure moss2007 sharepoint sp2007 spf2010 tfs tools

Connect with Martin Hinshelwood

If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.

Our Happy Clients​

We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.​

Genus Breeding Ltd Logo
Ericson Logo
Brandes Investment Partners L.P. Logo
Kongsberg Maritime Logo
Schlumberger Logo
Xceptor - Process and Data Automation Logo
Philips Logo

NIT A/S

Boxit Document Solutions Logo
Sage Logo
New Signature Logo
Milliman Logo
Akaditi Logo
MacDonald Humfrey (Automation) Ltd. Logo
Workday Logo

CR2

Microsoft Logo
Deliotte Logo
Ghana Police Service Logo
Nottingham County Council Logo
Royal Air Force Logo
Washington Department of Enterprise Services Logo
Washington Department of Transport Logo
New Hampshire Supreme Court Logo
ALS Life Sciences Logo
SuperControl Logo
Alignment Healthcare Logo
Workday Logo
Teleplan Logo
Bistech Logo