Forum Discussion

theXfactor82_91's avatar
theXfactor82_91
Icon for Nimbostratus rankNimbostratus
Dec 23, 2013

Sharepoint 2010 using Kerberos Authentication within the DMZ

I'm trying to setup a Sharepoint 2010 environment in my lab and it's been a nightmare for me trying to get Kerberos to work. I'm trying to user Kerberos to authenticate machines that are not on our d...
design
devops
iApps
kerberos
microsoft
security
theXfactor82_91's avatar
theXfactor82_91
Icon for Nimbostratus rankNimbostratus
Dec 23, 2013

Would I need to do this on the LTM or should I be getting the group who look after the Domain Controller to run these commands within AD?

 

Joining a domain To use Kerberos authentication, you need the client joined and connected to a domain and you need a keytab file. 1.Create a surrogate user in the domain. In this example, the hostname of the virtual server on the BIG-IP system is testbed.lab.companynet and the user name is john. setspn -U -A HTTP/testbed.lab.companynet john 2.Map the user account to the service account and generate a keytab file for the service. You can use the ktpass utility to do this. In this example, LAB.COMPANYNET specifies the Kerberos authentication realm. c:>ktpass -princ HTTP/testbed.lab.companynet.com@LAB.COMPANYNET -mapuser john@LAB.COMPANYNET -crypto rc4-hmac-nt -ptype KRB5_NT_SRV_HST -pass password -out c:\temp\john.keytab