Kerberos Not Set Up On Server

  • Hello

    Another party set up the Server and Databases.

    First the Server was set up

    Windows Server 2008 SP1

    Then the Databases were set up

    SQL Server 2008 along the reporting Services

    Server Authentication - SQL Server and Windows Authentication

    Now I go to use Reporting Services with Integrated Windows Authentication and find Kerberos was never set up.

    So I ran this to check the Kerberos

    SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid

    And I got

    NTLM

    SO my question is:

    If I set Kerberos now, will this cause any issues?

    Thanks

    FRED

  • Additional info;

    I want to use Windows integrated security such that each user who accesses the reports must have a valid Windows local or domain user account or be a member of a Windows local or domain group account.

  • FREDERICK (2/5/2013)


    Hello

    Another party set up the Server and Databases.

    First the Server was set up

    Windows Server 2008 SP1

    Then the Databases were set up

    SQL Server 2008 along the reporting Services

    Server Authentication - SQL Server and Windows Authentication

    Now I go to use Reporting Services with Integrated Windows Authentication and find Kerberos was never set up.

    So I ran this to check the Kerberos

    SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid

    And I got

    NTLM

    SO my question is:

    If I set Kerberos now, will this cause any issues?

    Thanks

    FRED

    Connecting to a local instance is always done using NTLM, i.e. when on the server where SQL Server resides and connecting to a local instance.

    Setting up your SPNs such that remote clients authenticate using Kerberos instead of NTLM is transparent to the database operations within SQL Server and should not cause you any trouble.

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

  • If I set Kerberos now, will this cause any issues?

    No, but there are a few things to note with Kerberos:

    - If you have service accounts other than local system (and possibly network service) the SPNs will have to be registered against those accounts

    - SPNs will have to be setup for both SQL and SSRS if you want Windows Integrated Security to work for SSRS

    - The SSRS service account will need to be able to delegate Kerberos authentication to the SQL service running under the SQL Server service account

    This white paper goes step-by-step how to go through setting it up:

    Configuring Kerberos Authentication in a Reporting Services Environment

    Joie Andrew
    "Since 1982"

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply