Re: SPS wont use kerberos
From: Al Blake (al_at_blakes.net)
Date: 05/30/04
- Next message: Jonathan Maltz [MS-MVP]: "Re: IIS Seperate Partition?"
- Previous message: Ryan Riddell: "IIS Seperate Partition?"
- In reply to: Ken Schaefer: "Re: SPS wont use kerberos"
- Next in thread: Ken Schaefer: "Re: SPS wont use kerberos"
- Reply: Ken Schaefer: "Re: SPS wont use kerberos"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 30 May 2004 09:07:42 +1000
Sure.
But what would you like to know ?
Al.
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:uwgvzEYREHA.1644@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> As mentioned in your other thread, let's please look at what is actually
> happening between server and client before speculating about causes.
>
> Cheers
> Ken
>
>
> "Al Blake" <al@blakes.net> wrote in message
> news:%23w3uNdWREHA.2112@TK2MSFTNGP11.phx.gbl...
> : We have a windows2003 member server in a native AD domain that runs
> SPS2003
> : as well as a number of non-SPS IIS6 web sites.
> : We have managed to configure all the web sites *except* SPS2003 to use
> : kerberos as their preferred authentication - so we know kerberos is
> working
> : on the box.
> :
> : We have followed KB832769 to enable kerberos on the SPS web but still
> : whenever a client browser connects (XP + IE6SP1) the authentication
method
> : selected is NTLM. Why?
> :
> : We have:
> : a) Set NTAuthenticationProviders to "Negoatiate,NTLM" in the metabase
for
> : the SPS site
> : b) Set the computer account as trusted for delegation in AD
> : c) Set the user account used by the app pool as trusted in AD
> : d) Used setspn to add HTTP/DOMAIN\USER SERVER as an additional spn
> :
> : but still NTLM is used as the authentication mechanism.
> :
> : As a side issue, when tryng to access the box from another windows2003
> : server (such as our TS server) which is running IE 6.0.3790.0 we get
> : repeatedly prompted to login if authentication mechanism is
> : "Negotiate,NTLM". Checking in the event log shows a kerberos failure for
a
> : blank username.
> :
> : Trying from XP+IE6SP1 clients we do not get prompted to login (ie
windows
> : authentication works) but checking in the event log indicates that NTLM
> has
> : been used ! So XPIE6SP1 is NOT using kerberos to authenticate with the
SPS
> : site. Why not?
> :
> : Al Blake, Canberra, Australia
> :
> :
>
>
- Next message: Jonathan Maltz [MS-MVP]: "Re: IIS Seperate Partition?"
- Previous message: Ryan Riddell: "IIS Seperate Partition?"
- In reply to: Ken Schaefer: "Re: SPS wont use kerberos"
- Next in thread: Ken Schaefer: "Re: SPS wont use kerberos"
- Reply: Ken Schaefer: "Re: SPS wont use kerberos"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
