首页 > 代码库 > SharePoint 2013 平台Kerberos 配置详细说明 (Configure Kerberos Guideline)

SharePoint 2013 平台Kerberos 配置详细说明 (Configure Kerberos Guideline)

一个项目用到,考虑到很多项目会用到,方便同事和自己也能方便别人参加。所以写出详细技术细节

所有抓图均来自与服务器,由于这个项目时英文的,所有我写也是英文admin guideline

Ok  let‘s begin.

All Programs > Microsoft SharePoint 2013 Products > SharePoint 2013 Central Administration  Enter farm administrator credentials when requested.  Click on “Security”
技术分享

and then Click on “Configureservice accounts
技术分享
Select from the list of services the service “Windows Service – Claims to Windows  Token Service” Select from the list of services the service “Windows Service – Claims to Windows  Token Service”
这里我简单说明一下 这里就是你在windows服务里的Claims to Windows  Token Service 管理登录名
技术分享
Add the WSS_WPG Windows Group to the c2wtshost.exe.config file
Start > All Programs > Accessories > Windows Explorer
Navigate to the following path: “C:\ Program Files\Windows Identity Foundation\v3.5\”
Open the file “c2wtshost.exe.config” in notepad  Locate section “<allowedCallers>”
Insert following section “<add value-”WSS_WPG”>”
技术分享

And then you must to Reset IIS  you know that?
next step.  Start the service on the application servers
All Programs > Microsoft SharePoint 2013 Products > SharePoint 2013 Central Administration    Enter farm administrator credentials when requested.Click on “Application Management”
技术分享

Click on “Manageservices on server”  and then  Look for the “Claims to Windows Token Service” and check if it’s started If it is stopped, click on “Start” next to its title
技术分享
Set the local permissions for the claims to windows token service
Start > Administrative Tools > Computer Management  Select node “Local Users and Groups”  Select node “Groups” Select the “Administrators”  group.Right Click and select “Add to Group …”
技术分享
Click on “Add”.Enter the Claims To Windows token Service Name %Kerberos_C2WTSAccount%. Click on “Check Names”.Click on “OK”
And then 
Start > All Programs > Administrative Tools > Local Security Policy.
Select the node “Local Policies”. Select the node “User Rights Assignment”. In the “Local Security Policy”, on the right side, double click on “Act as part of the operating system”
Click on “Add User or Group” Enter the Claims To Windows token Service Name %Kerberos_C2WTSAccount% Click on “Check Names”Click on “OK”

Click on “Add User or Group” Enter the Claims To Windows token Service Name %Kerberos_C2WTSAccount% Click on “Check Names”Click on “OK”
In the “Local Security Policy”, on the right side, double click on “Impersonate a client after authentication
Click on “Add User or Group”
Enter the Claims To Windows token Service Name %Kerberos_C2WTSAccount%
Click on “Check Names”
Click on “OK”
In the “Local Security Policy”, on the right side, double click on “Log on as a service”
Click on “Add User or Group”
Enter the Claims To Windows token Service Name %Kerberos_C2WTSAccount%
Click on “Check Names”
Click on “OK”
And then Set a service dependency
Please note that this steps should be proceeded on each server that will be hosting BI services in SharePoint Farm.
Start > Administrative Tools > Services
Look for the “Claims to Windows Token Service” And double click on the title
技术分享
In the “Dependencies” tab check if it the service depends on other system components
If this is the case, and there is no dependency, you can continue with this section. Otherwise you can jump to the following section
技术分享

Start > All Programs > Accessories
Launch a Command Prompt as an administrator 
To add the dependency, type the following command :”sc config c2wts depend= CryptSvc”
Note that a space is required between the equal sign and the value
You can then go back to the services list and check for the “Claims to Windows Token” service that the dependency has been added
技术分享


SharePoint 2013 平台Kerberos 配置详细说明 (Configure Kerberos Guideline)