Contributors: Carl Rabeler, Denny Lee, Philippe-Joseph Arida, Luca Bandinelli, Kevin Donovan, Pej Javaheri, Cephas Lin, Dave Manning, Prash Shirolkar, Norm Warren, Josh Zimmerman
This document provides you with information that will help you understand the concepts of identity in SharePoint 2010 products, how Kerberos authentication plays a critical role in authentication and delegation scenarios, and the situations where Kerberos authentication should be leveraged or may be required in solution designs. The document also shows you how to configure Kerberos authentication end-to-end within your environment, including scenarios which use various service applications in SharePoint Server. Additional tools and resources are described to help you test and validate Kerberos configuration. The "Step-by-Step Configuration" sections of this document cover several SharePoint Server 2010 scenarios.
http://go.microsoft.com/fwlink/?LinkID=196600
Pingback from Twitter Trackbacks for Configuring Kerberos Authentication for Microsoft SharePoint 2010 Products - Whitepapers [sqlcat.com] on Topsy.com
Carl,
We have a very large SharePoint 2009 and 2010 deployment.
There are several things that we would like to do with KPI's, etc.. that we can not because we get a security error from the Data Connector. When logged into one of the Share Point servers we get no errors. However, users accessing the content from thier desktops do. We are using 2010 AD with Kerberos authentication, SQL Database and Analysis server are MS SQL 2005, everything is running on seperate servers. I say this is an issue with the Kerberos pass through authentication proxy not being supported by the MS SQL 2005 Analysis server. I would love to be wrong about this.
Thank you!
SQL AS 2005 does support Kerberos authentication so that’s not the issue. You probably don’t have delegation setup correctly. Log onto the SharePoint server using a recognizable user account (not something like administrator). Repro the steps when you say it “works”. Then log onto the SQL AS box and look at the security log. Look for the login used when logging into the SharePoint box. Check to see if the logon package is Kerberos. If not, Kerb delegation is certainly not working. If it is working, then check the client to see if it is authenticating with Kerberos to the WFE.
Other than that, you will need to do standard Kerberos debugging. Netmon traces are typically the best route.
Dynamic IT and Microsoft Business Intelligence The latest Microsoft® business intelligence tools and