Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Kerberos Not Set Up On Server


Kerberos Not Set Up On Server

Author
Message
FREDERICK
FREDERICK
Forum Newbie
Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)

Group: General Forum Members
Points: 4 Visits: 29
Hello

Another party set up the Server and Databases.

First the Server was set up
Windows Server 2008 SP1

Then the Databases were set up
SQL Server 2008 along the reporting Services
Server Authentication - SQL Server and Windows Authentication

Now I go to use Reporting Services with Integrated Windows Authentication and find Kerberos was never set up.
So I ran this to check the Kerberos
SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid

And I got
NTLM

SO my question is:

If I set Kerberos now, will this cause any issues?

Thanks

FRED



FREDERICK
FREDERICK
Forum Newbie
Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)Forum Newbie (4 reputation)

Group: General Forum Members
Points: 4 Visits: 29
Additional info;
I want to use Windows integrated security such that each user who accesses the reports must have a valid Windows local or domain user account or be a member of a Windows local or domain group account.



Orlando Colamatteo
Orlando Colamatteo
SSCrazy Eights
SSCrazy Eights (8.3K reputation)SSCrazy Eights (8.3K reputation)SSCrazy Eights (8.3K reputation)SSCrazy Eights (8.3K reputation)SSCrazy Eights (8.3K reputation)SSCrazy Eights (8.3K reputation)SSCrazy Eights (8.3K reputation)SSCrazy Eights (8.3K reputation)

Group: General Forum Members
Points: 8287 Visits: 14368
FREDERICK (2/5/2013)
Hello

Another party set up the Server and Databases.

First the Server was set up
Windows Server 2008 SP1

Then the Databases were set up
SQL Server 2008 along the reporting Services
Server Authentication - SQL Server and Windows Authentication

Now I go to use Reporting Services with Integrated Windows Authentication and find Kerberos was never set up.
So I ran this to check the Kerberos
SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid

And I got
NTLM

SO my question is:

If I set Kerberos now, will this cause any issues?

Thanks

FRED





Connecting to a local instance is always done using NTLM, i.e. when on the server where SQL Server resides and connecting to a local instance.

Setting up your SPNs such that remote clients authenticate using Kerberos instead of NTLM is transparent to the database operations within SQL Server and should not cause you any trouble.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Joie Andrew
Joie Andrew
SSC Eights!
SSC Eights! (978 reputation)SSC Eights! (978 reputation)SSC Eights! (978 reputation)SSC Eights! (978 reputation)SSC Eights! (978 reputation)SSC Eights! (978 reputation)SSC Eights! (978 reputation)SSC Eights! (978 reputation)

Group: General Forum Members
Points: 978 Visits: 1921
If I set Kerberos now, will this cause any issues?


No, but there are a few things to note with Kerberos:
- If you have service accounts other than local system (and possibly network service) the SPNs will have to be registered against those accounts
- SPNs will have to be setup for both SQL and SSRS if you want Windows Integrated Security to work for SSRS
- The SSRS service account will need to be able to delegate Kerberos authentication to the SQL service running under the SQL Server service account

This white paper goes step-by-step how to go through setting it up:
Configuring Kerberos Authentication in a Reporting Services Environment

Joie Andrew
"Since 1982"
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search