AXForum  
Вернуться   AXForum > Microsoft Dynamics AX > DAX Blogs
All
Забыли пароль?
Зарегистрироваться Правила Справка Пользователи Сообщения за день Поиск

 
 
Опции темы Поиск в этой теме Опции просмотра
Старый 21.05.2009, 18:05   #1  
Blog bot is offline
Blog bot
Участник
 
25,631 / 848 (80) +++++++
Регистрация: 28.10.2006
Solutions Monkey: Kerberos configuration for Clients accessing Role Center from outside of intranet
Источник: http://blogs.msdn.com/solutions/arch...-intranet.aspx
==============
If you have EP/Role Centers rolled out in your intranet with Kerberos configured ( refer to Kerberos configuration document ) and now would like to expose this to your domain users outside of your corpnet, for example employee would access their role center from home, then you need to additionally configure Kerberos protocol configuration. You might have got enabled your firewall settings to allow them to access the EP and Reporting servers from outside network. Since the user comes outside of the network, IE will prompt them to enter the user account / password even though IIS authentication is set to windows integrated authentication. In this case, for Kerberos to work you need to configure protocol transition in Kerberos. To do that
1. Open up your “Active Directory Users and Computers” admin tool on your domain controller and locate the user account that you are using as business connector proxy and right click and open up its properties window.
2. Navigate to the “Delegation” tab and change the setting to “Trust this user for delegation to specified services only” and “User any authenticate protocol”.
3. Click the add button in the “Delegation” tab. It will bring up the “Add Services” dialog.
4. Click on the “Users or Computers” button. It will bring up the “Select Users or Computers” dialog.
5. Enter the account that is used as business proxy account ( This is the same account that the EP and report web site use as the application pool and the SSAS window service logon account).
6. Click “OK”. This will close the “Select Users or Computers” dialog and list the services (SPNs registered for Kerberos for the bc proxy account) in the “All Services” list of “Add Services: dialog.
7. Click “Select All” and then “OK” in “Add Services” dialog. This will close “ADD Services dialog” and list them in “Services to which this account can present delegated credentials” list in the “Delegation” tab.
8. Click “OK” to save this setting to the user account.
9. Do “IISReset” on the EP server





The alternate approach could be to use ISA 2006 as the firewall and let ISA collect the user account/password using a form over ssl and ISA will user Kerberos constrained delegation.
http://technet.microsoft.com/en-us/l.../bb794858.aspx



==============
Источник: http://blogs.msdn.com/solutions/arch...-intranet.aspx
__________________
Расскажите о новых и интересных блогах по Microsoft Dynamics, напишите личное сообщение администратору.
 

Похожие темы
Тема Автор Раздел Ответов Посл. сообщение
Solutions Monkey: Microsoft Dynamics AX 2009 White Paper: Configuring Kerberos Authentication with Role Centers Blog bot DAX Blogs 0 14.04.2009 02:09
Solutions Monkey: KPIs in Role Center Business Overview Web Part keeps loading all the time and never ends. Blog bot DAX Blogs 0 12.03.2009 07:05
Solutions Monkey: Microsofty Dynamics AX 2009 Enterprise Portal / Role Centers - Deployment Tips-n-Tricks - 2 Blog bot DAX Blogs 0 30.09.2008 07:07
Solutions Monkey: Role Center Security Blog bot DAX Blogs 0 28.05.2008 16:05
при построении перекрёстных ссылок выдаётся сообщение об ошибках mmmax DAX: Программирование 10 21.01.2005 12:42

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.
Быстрый переход

Рейтинг@Mail.ru
Часовой пояс GMT +3, время: 18:57.