1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Reply to: Kerberos - registering an SPN against service account

Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Kerberos - registering an SPN against service account"

Collapse
  • Malcolm Buggeridge
    replied
    Originally posted by Netraider View Post
    Good morning Malcom, is there anyway you can pull any logs from the system? Sometimes they give a clue as to what is going wrong.
    Morning NR. I can see from running Wireshark on the 2nd hop server that a Kerberos ticket is passed. No error messages in the logs. I suspect it is passing the wrong ticket as I get 401 errors.

    Leave a comment:

  • Netraider
    replied
    Good morning Malcom, is there anyway you can pull any logs from the system? Sometimes they give a clue as to what is going wrong.

    Leave a comment:

  • Malcolm Buggeridge
    started a topic Kerberos - registering an SPN against service account

    Kerberos - registering an SPN against service account

    Pulling what little hair I have left over getting Kerberos authentication working. There are so many variables at play but I know that one piece of the jigsaw that I have to get working is proving problematic.

    I have a web app that authentiicates users via forms authentication. They are then validated with an active directory membership provider (they proovide a domain qualified windows user id as the forms login)

    and I use impersonation and delegation to access external resources such as other web apps.

    Since the web app (IIS7) runs under the service account I have set up for its app pool, my understanding is that I have to set up an SPN against the app pool account. The web app url is in the form <server>/<appname> so I should set an SPN of HTTP/server/appname against the user. I can do this with setSPN utility but the ticket doesn't appear in Kerbtray for that user and various diagnostic tools tell me It's invalid.

    I think I've followed all the rules for naming conventions so there must be something im missing.

    Any help would be greatly appreciated.
    Tags: None

Advertisers

  1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
Working...
X