|
我们目前正在设置SQL 2012环境,它将用于存储SSRS在sharepoint集成模式下访问的数据.我们将使用Kerberos进行身份验证.
我们希望能够做的是为sql server使用cnames.我们使用默认实例,每个服务器只需要一个实例.
我关心的是kerberos,IE / .NET和CNAME的已知问题.我想知道只要我确保为CNAME和SQL服务器的A-Record正确设置SPN,这个配置是否会起作用?
解决方法
起初我很想说不,你不能这样做,但是第二个想法,就去吧.
““You must register the Kerberos service principal names (SPNs),the
host name,and the fully-qualified domain name (FQDN) for all the new
DNS alias (CNAME) records. If you do not do this,a Kerberos ticket
request for a DNS alias (CNAME) record may fail and return the error
code KDC_ERR_S_SPRINCIPAL_UNKNOWN.”
http://blogs.msdn.com/b/karang/archive/2009/12/12/why-do-we-need-spn-for-file-server-nas-ras-file-share-system-dna-alias-cname.aspx
For follow up I can confirm that the kerberos connection is
established correctly. Thanks for the link as it confirms that only a
CNAME is needed as long as the SPN is created for the SQL Cluster
Name.
http://social.msdn.microsoft.com/Forums/en/sqldatabaseengine/thread/fa0a38ef-106a-4521-b4f3-a62c60f89a99
Technically,because SQL Server SPNs include an instance name (if you
are using the second-named instance on the same computer),you can
register the DNS host for the cluster as a CNAME alias and avoid the
CNAME issue described in Appendix A,Kerberos configuration known
issues (SharePoint Server 2010). However,if you choose to use CNAMEs,
you have to register an SPN using the DNS (A) record host name for the
CNAME aliases.
http://msdn.microsoft.com/en-us/library/gg502606.aspx (编辑:李大同)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
