Have you guys ever had problems configuring/debugging Kerberos Authentication and scratched your heads and gone all wild figuring out - I did everything right. Why can I still not Sign IN???
Very recently i had got messed up in a similar situation till i came across this tool by Brian Murphy. The features this tool boasts of are
- Supports IIS 6.0 as well as IIS 7.0 (useKernelMode / useAppPoolCredentials)
- Allows adding backend servers of type UNC, HTTP, LDAP, OLAP, SQL, SSAS, and RDP
- Allows chaining of multiple hops (versus only a single backend)
- Performs duplicate SPN check against all trusted domains.
- /Set/SPNs.aspx - Allows adding and removing of ServicePrincipalNames
- /Set/Delegation.aspx - Allows changing Trust for Delegation settings.
- /Set/Providers.aspx - Allows correcting of inadequate NTAuthenticationProviders settings.
- /Report.aspx - Gives a picture of what is right and what is wrong.
- /Wizard.aspx - A set of wizard steps that supports adding more tiers to /Report.aspx.
- /Test.aspx - Allows double-hop tests for webServer-to-Sql or webServer-to-fileServer or webServer-to-webServer
http://blogs.iis.net/brian-murphy-booth/archive/2007/03/09/delegconfig-delegation-configuration-reporting-tool.aspx
It is also published on IIS.NET and can be downloaded at
http://www.iis.net/community/default.aspx?tabid=34&g=6&i=1887
So free yourself of Kerberos authentication woes now!.
No comments:
Post a Comment