Kerberos (Again)

This is obviously one of the trickiest tools in the MOSS box.

Previously, I referenced this industry standard post from Martin Kearn.

And now we have this from TechNet.

And this from TechNet Blogs.

Installing it is one thing; proving that it's working is another.  For example, what happens when it doesn't work?

So we've got this Kerbtray.exe tool from the Win2K Resource Kit.

When you install it, it doesn't make a menu item to open it so you have to go to your C:Program FilesResource Kit folder to run it from the .exe. 

When you run it, you get a system tray icon and when you click on the icon, you get a cool little windows app that shows you:

  • Client Principal – This looks like me because it says Robot@MyFirm.MyDomain.Net
  • A tree of what looks like IDs spilling out of MyFirm.MyDomain.Net – these are kind of cryptic; one is cifs/SomeComputer.MyFirm.MyDomain.Net.  Another is host/MyComputerName.MyFirm.MyDomain.Net.  There's others including this one that kind of makes sense: LDAP/SomComputer.MyFirm.MyDomain.Net.  I think the "SomeComputer" is actually our local domain controller.  Some of the others are duplicates.
  • A box headed Service Principal (spelled -P-A-L meaning "lead person", not "idea.")
  • A tabbed table with heading for Names, Times, Flags, Encryptions Types.

The Names tab includes three fields, Client Name, Service Name, and Target Name.  When I select a different node in the tree, the lead value in the Service Principal box changes to match and the names then change accordingly.

I'm going to log out, reboot, log in with a local account and then see what it says.

Much as I suspected, when you log in locally, the little application is blank and it says No Network Authentication.  I tried logging into my SharePoint site that is supposed to be running Kerberos and still nothing.  I also tried executing a RunAs command and using my network ID and still, nothing.

So, apparently, they've updated our MOSS "Infrastructure" and you have to have this update: Description of the Microsoft Office Servers Infrastructure Update: July 15, 2008  This update says to update be sure to run the WSS Infrastructure Update first.  This upate lives here: Description of the Infrastructure Update for Windows SharePoint Services 3.0: July 15, 2008

So the question arises, have these already been installed using the automated update programs?  No sweat, it says it will tell you how to tell if these updates have already been installed.  To do this, it gives you a set of files names with size and date info and I guess you're supposed to see if those files are already on your server.  My problem is that it doesn't tell me where to look for them.


Tags:

This entry was posted on August 22nd, 2008 and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

 
«
»
 
 

Comments are closed.