Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SharePoint with Kerberos authentication

Posted on 2007-04-11
2
Medium Priority
?
717 Views
Last Modified: 2012-05-05
I am running a MOSS 2007 small farm with two load-balanced WFE servers and one SQL 2005 server. I have set up kerberos authentication
1) selected the kerberos options during install and web application creation
2) registered the SPN for my WFE computers and accounts running my application pools
3) set my WFE computers and application pool accounts as trusted for delegation in AD
4) set up the certificate on my WFEs
5) modified the IIS metabase line <IISWebServer> ...<ntauthentication="ntlm">  to <IISWebServer> ...<ntauthentication="negotiate,ntlm">

However when I go to the security tab in the Event Viewer on my web front end, it still says "NTLM" as the authentication method for many SharePoint events. Could this be correct?

Secondly, each time I open up a browser and navigate to the SharePoint site for the first time, it prompts for a user name and password. Is this the correct behavior for kerberos? Is it not extremely inconvenient for users to be prompted for this each time they open a browser window and navigate to SharePoint? I would like to get rid of ths if possible.
0
Comment
Question by:NGPSoft1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 44

Accepted Solution

by:
zephyr_hex (Megan) earned 1500 total points
ID: 18891388
as for your second question...
make sure the site is configured in IE as local intranet.
also, under the local intranet options, make sure User Authentication is set to "automatic logon with current username and password"

0
 
LVL 4

Author Comment

by:NGPSoft1
ID: 18891668
Thank you, that worked.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question