Thursday, March 30, 2006

SharePoint cambiar a NTLM y cambiar el usuario a SPN

Adjunto un articulo muy bueno sobre como configurar SharePoint para que utilice autenticacion NTLM y para configurar un usuario para que sea utilizado como identidad dentro del Application Pool.

To configure an SPN for the domain user account
Download and install the Setspn.exe command-line tool. You can download the Setspn.exe tool from the following Microsoft Web site:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/setspn-o.asp
Note: You must be a Domain Administrator to use the setspn utility.
Use Setspn.exe to add an SPN for the domain account. At the command prompt, type the following syntax, and then press ENTER, where ServerName is the fully qualified domain name (FQDN) of the server, Domain is the name of the domain, and UserName is the name of the domain user account:
setspn -A HTTP/ServerName Domain\UserName
If you install Windows SharePoint Services and choose to use Kerberos authentication but do not configure the domain account Windows SharePoint Services is running as with an SPN, users will be unable to log on to the SharePoint site. Those users who are not administrators on the server computer will receive multiple authentication prompts and will receive the following error:
HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.
Internet Information Services (IIS)
If this occurs, configure the SharePoint Central Administration and virtual servers extended with Windows SharePoint Services for NTLM authentication. You can use a script to configure Windows SharePoint Services to use NTLM authentication.
To configure Windows SharePoint Services to use NTLM authentication
Determine the virtual server ID for the SharePoint Central Administration and SharePoint content virtual servers.
On the IIS server, click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
Locate the virtual server you need to find the ID for, right-click it, and then click Properties.
On the Web Site tab, , next to the Active Log Format box, click Properties.
Next to Log file name, you can see a path and file name, such as W3SVCxx\exyymmdd.log. The number replacing the xx after W3SVC is the virtual server ID.
On the IIS server, click Start, and then click Run. In the Open box, type cmd, and then click Open.
Change to the Inetpub\Adminscripts folder, by typing the following line, where Drive is the drive where Windows is installed: cd Drive:\inetpub\adminscripts
To see the currently-configured authentication, type the following line, and then press ENTER, where xx is the virtual server ID number: cscript adsutil.vbs get w3svc/xx/NTAuthenticationProviders
Note: The virtual server ID of the Default Web site in IIS is 1.
If the virtual server is configured for NTLM it will return the following value:NTAuthenticationProviders : (STRING) "NTLM"
If the virtual server is configured for Kerberos it will return one of the following two statements:NTAuthenticationProviders : (STRING) " Negotiate,NTLM"The parameter "NTAuthenticationProviders" is not set at this node.
To enable NTLM on the virtual server, type the following line, and then press ENTER, where xx is the virtual server ID number: cscript adsutil.vbs set w3svc/xx/NTAuthenticationProviders "NTLM"
Note: The virtual server ID of the Default Web site in IIS is 1.
Restart IIS.
Click Start, and then click Run. In the Open box, type cmd, and then click OK.
At the command prompt, type iisreset, and then press ENTER
Type exit, and then press ENTER to exit Command Prompt.

No comments:

SQL Server 2016 Stretch Databases

El SQL Server Stretch Database permite que los datos históricos o de bitácoras puedan ser movidos hacia Azure, específicamente permite mover...