February 5, 2013 at 10:07 am
Hello
Another party set up the Server and Databases.
First the Server was set up
Windows Server 2008 SP1
Then the Databases were set up
SQL Server 2008 along the reporting Services
Server Authentication - SQL Server and Windows Authentication
Now I go to use Reporting Services with Integrated Windows Authentication and find Kerberos was never set up.
So I ran this to check the Kerberos
SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid
And I got
NTLM
SO my question is:
If I set Kerberos now, will this cause any issues?
Thanks
FRED
February 5, 2013 at 10:08 am
Additional info;
I want to use Windows integrated security such that each user who accesses the reports must have a valid Windows local or domain user account or be a member of a Windows local or domain group account.
February 5, 2013 at 5:31 pm
FREDERICK (2/5/2013)
HelloAnother party set up the Server and Databases.
First the Server was set up
Windows Server 2008 SP1
Then the Databases were set up
SQL Server 2008 along the reporting Services
Server Authentication - SQL Server and Windows Authentication
Now I go to use Reporting Services with Integrated Windows Authentication and find Kerberos was never set up.
So I ran this to check the Kerberos
SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid
And I got
NTLM
SO my question is:
If I set Kerberos now, will this cause any issues?
Thanks
FRED
Connecting to a local instance is always done using NTLM, i.e. when on the server where SQL Server resides and connecting to a local instance.
Setting up your SPNs such that remote clients authenticate using Kerberos instead of NTLM is transparent to the database operations within SQL Server and should not cause you any trouble.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
February 6, 2013 at 5:58 am
If I set Kerberos now, will this cause any issues?
No, but there are a few things to note with Kerberos:
- If you have service accounts other than local system (and possibly network service) the SPNs will have to be registered against those accounts
- SPNs will have to be setup for both SQL and SSRS if you want Windows Integrated Security to work for SSRS
- The SSRS service account will need to be able to delegate Kerberos authentication to the SQL service running under the SQL Server service account
This white paper goes step-by-step how to go through setting it up:
Configuring Kerberos Authentication in a Reporting Services Environment
Joie Andrew
"Since 1982"
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply