首页 > 代码库 > SharePoint 2013 平台Kerberos 配置详细说明 (Configure Kerberos Guideline)
SharePoint 2013 平台Kerberos 配置详细说明 (Configure Kerberos Guideline)
一个项目用到,考虑到很多项目会用到,方便同事和自己也能方便别人参加。所以写出详细技术细节
所有抓图均来自与服务器,由于这个项目时英文的,所有我写也是英文admin guideline
Ok let‘s begin.
All Programs > Microsoft SharePoint 2013 Products > SharePoint 2013 Central Administration Enter farm administrator credentials when requested. Click on “Security”
and then Click on “Configureservice accounts”
Select from the list of services the service “Windows Service – Claims to Windows Token Service” Select from the list of services the service “Windows Service – Claims to Windows Token Service”
这里我简单说明一下 这里就是你在windows服务里的Claims to Windows Token Service 管理登录名
Add the WSS_WPG Windows Group to the c2wtshost.exe.config file
Start > All Programs > Accessories > Windows Explorer
Navigate to the following path: “C:\ Program Files\Windows Identity Foundation\v3.5\”
Start > All Programs > Accessories > Windows Explorer
Navigate to the following path: “C:\ Program Files\Windows Identity Foundation\v3.5\”
Open the file “c2wtshost.exe.config” in notepad Locate section “<allowedCallers>”
Insert following section “<add value-”WSS_WPG”>”
Insert following section “<add value-”WSS_WPG”>”
And then you must to Reset IIS you know that?
next step. Start the service on the application servers
All Programs > Microsoft SharePoint 2013 Products > SharePoint 2013 Central Administration Enter farm administrator credentials when requested.Click on “Application Management”
Click on “Manageservices on server” and then Look for the “Claims to Windows Token Service” and check if it’s started If it is stopped, click on “Start” next to its title
Set the local permissions for the claims to windows token service
Start > Administrative Tools > Computer Management Select node “Local Users and Groups” Select node “Groups” Select the “Administrators” group.Right Click and select “Add to Group …”
Start > Administrative Tools > Computer Management Select node “Local Users and Groups” Select node “Groups” Select the “Administrators” group.Right Click and select “Add to Group …”
Click on “Add”.Enter the Claims To Windows token Service Name %Kerberos_C2WTSAccount%. Click on “Check Names”.Click on “OK”
And then
Start > All Programs > Administrative Tools > Local Security Policy.
Select the node “Local Policies”. Select the node “User Rights Assignment”. In the “Local Security Policy”, on the right side, double click on “Act as part of the operating system”
Click on “Add User or Group” Enter the Claims To Windows token Service Name %Kerberos_C2WTSAccount% Click on “Check Names”Click on “OK”
Click on “Add User or Group” Enter the Claims To Windows token Service Name %Kerberos_C2WTSAccount% Click on “Check Names”Click on “OK”
In the “Local Security Policy”, on the right side, double click on “Impersonate a client after authentication
Click on “Add User or Group”
Enter the Claims To Windows token Service Name %Kerberos_C2WTSAccount%
Click on “Check Names”
Click on “OK”
In the “Local Security Policy”, on the right side, double click on “Log on as a service”
Click on “Add User or Group”
Enter the Claims To Windows token Service Name %Kerberos_C2WTSAccount%
Click on “Check Names”
Click on “OK”
In the “Local Security Policy”, on the right side, double click on “Impersonate a client after authentication
Click on “Add User or Group”
Enter the Claims To Windows token Service Name %Kerberos_C2WTSAccount%
Click on “Check Names”
Click on “OK”
In the “Local Security Policy”, on the right side, double click on “Log on as a service”
Click on “Add User or Group”
Enter the Claims To Windows token Service Name %Kerberos_C2WTSAccount%
Click on “Check Names”
Click on “OK”
And then Set a service dependency
Please note that this steps should be proceeded on each server that will be hosting BI services in SharePoint Farm.
Please note that this steps should be proceeded on each server that will be hosting BI services in SharePoint Farm.
Start > Administrative Tools > Services
Look for the “Claims to Windows Token Service” And double click on the title
In the “Dependencies” tab check if it the service depends on other system components
If this is the case, and there is no dependency, you can continue with this section. Otherwise you can jump to the following section
If this is the case, and there is no dependency, you can continue with this section. Otherwise you can jump to the following section
Start > All Programs > Accessories
Launch a Command Prompt as an administrator
To add the dependency, type the following command :”sc config c2wts depend= CryptSvc”
Note that a space is required between the equal sign and the value
You can then go back to the services list and check for the “Claims to Windows Token” service that the dependency has been added
Launch a Command Prompt as an administrator
To add the dependency, type the following command :”sc config c2wts depend= CryptSvc”
Note that a space is required between the equal sign and the value
You can then go back to the services list and check for the “Claims to Windows Token” service that the dependency has been added
SharePoint 2013 平台Kerberos 配置详细说明 (Configure Kerberos Guideline)
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。