cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SPNego and no domain

Former Member

on ‎04-12-2006 8:51 AM

0 Kudos

Hello

I'm in a situation where I'm about to implement SPNego, and I realize that I might be in an impossible situation.

The users are part of a domain, but the portal server is not part of any domain. That is the case and cannot be changed.

But as part of setting up SPNego I need an SPN for the portal server, which in my understanding is not possible since it is not part of the domain.

In the old days I would put an IisProxy on a server within the domain and all the troubles would go away. But how do I go about this in an SPNego environment?

Best regards,

Thomas Mouritsen

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎04-12-2006 11:04 AM
0 Kudos

Thomas,

your portal is not required to be a windows domain member. (which btw would be impossible if it is on a non-windows box).

You are right, that you need an SPN for your portal. Think of it as a (freely choosable) service user that you set up on ADS.

Kind regards,

Dominik Witte

Show replies
Show replies
Former Member
‎04-12-2006 11:15 AM
0 Kudos

Hi Dominik,

Right, didn't think about the cross-platform availability.

OK. Let's say that I have a server (non domain member) called server01. I have a domain called domain.dom. And I want the portal to be known as portal.domain.dom ind the end. Is it then correct to do the following on the CD:

ktpass -princ host/portal.domain.dom@DOMAIN.DOM -pass secret -out j2ee-p01-portal.keytab -mapUser j2ee-p01-portal +DesOnly /crypto DES-CBC-MD5 /ptype KRB5_NT_PRINCIPAL

setspn –A HTTP/portal.domain.dom j2ee-p01-portal

I appreciate any input on this.

Best regards,

Thomas Mouritsen

Former Member
‎04-12-2006 1:11 PM
0 Kudos

Thomas,

yes, this should be correct. But first (if not already done), set up a user account for your portal in ADS domain "domain.dom".

Kind regards,

Dominik Witte

Former Member
‎06-25-2007 3:42 PM
0 Kudos

HI Thomas,

where you able to solve your problem? I just implemented SPNego and I might be able to help maybe.

Kind Regards,

Gerardo J

Ask a Question