安装 SharePoint 时应如何使用此 SetSPN 命令
在 SharePoint 安装文档中我说,
如果您使用域用户帐户 SQL Server 服务帐户,您 必须确保有效的服务 该帐户的主体名称 (SPN) 以及其上的 SQL Server 实例 数据库服务器存在于他们的 环境。 情况是这样的 无论您使用 NTLM 还是 Office 的 Kerberos 身份验证 SharePoint Server 2007。
您必须为此配置 SPN 使用域中的帐户 Setspn.exe 命令行工具。 Setspn.exe 默认安装在 运行 Windows Server 2008 的计算机。 在 a 上运行以下命令 连接到同一台计算机 域作为用户/服务帐户。
setspn -a <http/<farmclusterdnsname> <serviceaccountname>
在这种情况下参数应该是什么?
我猜服务帐户名称将是“域\用户名” 但不确定第一个参数应该是什么。
In the SharePoint install document I have it says,
If you use a domain user account for
the SQL Server service account, you
must make sure that a valid service
principal name (SPN) for that account
and instance of SQL Server on their
database server exists in their
environment. This is the case
regardless of whether you use NTLM or
Kerberos authentication for Office
SharePoint Server 2007.You must configure the SPN for that
account in the domain using the
Setspn.exe command-line tool.
Setspn.exe is installed by default on
computers running Windows Server 2008.
Run the following command on a
computer that is joined to the same
domain as the user/service account.
setspn -a <http/<farmclusterdnsname> <serviceaccountname>
What should the parameters be in this case?
I guess the serviceaccountname would be 'domain\username'
not sure what the first parameter should be though.
This is the technet link for SetSPN.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
语法如下所示:
或者
尝试这样考虑: 您希望将 www.mywebsite.com 的 http 服务的所有者注册到 domain\serviceaccountname 目录对象。 此 spn 条目允许使用为注册名称 (www.mywebsite.com) 上的服务 (http) 的所有者 (serviceaccountname) 注册的密码对身份验证票证进行加密。
添加 SPN 条目后,您可以通过执行以下命令,在所有者 (serviceaccountname) 上使用“SetSPN -l”来验证结果:
有一点需要指出。 您在环境中只能拥有该服务 (http) 和注册名称 (www.mywebsite.com) 的一个所有者。 可能会意外地得到多个结果。
使用 SetSPN -l 选项查找安装 SharePoint 的计算机对象的注册条目,以确保尚不存在条目:
前任。
您可以在 Microsoft TechNet 网站
The syntax would look something like the following:
or
Try and think of it this way: You want to register the owner of the http service for www.mywebsite.com to the domain\serviceaccountname directory object. This spn entry allows the authentication tickets to be encrypted with the password registered for the owner (serviceaccountname) of the service (http) on the registration name (www.mywebsite.com).
After you have added the SPN entry you can verify the results by using the 'SetSPN -l' on the owner (serviceaccountname) by executing the command:
One thing to point out. You can only have one owner for the service (http) and the registration name (www.mywebsite.com) in the environment. It might be possible to accidentially end up with more than one.
Use the SetSPN -l option to lookup the registration entries for the computer object where SharePoint is installed to make sure there isn't already an entry:
ex.
You can read much more about how SPN works at the Microsoft TechNet web site.
我对此不是 100% 确定,但我知道如何使用 Win2k 中的 SetSPN,所以我想说,如果您在单个服务器上运行,则需要“http/servername”,其中“servername”是 DNS 名称那个服务器。
如果它不起作用,它不应该破坏任何东西,您可以使用 SetSPN 从主体中删除 spn 。
I'm not 100% sure about this, but I know how to use SetSPN from Win2k, so I'd say you want "http/servername" if you are running on a single server, where 'servername' is the DNS name of that server.
If it doesn't work, it shouldn't break anything, and you can just remove the spn from the principal with SetSPN.
您可以下载 Kerberos SPN 生成工具,它可以帮助您解决多个 Microsoft BI 产品的此问题。 尝试 http://futuresults.com
You can download a Kerberos SPN Generation tool that may help you with this issue for multiple Microsoft BI products. Try http://futuresults.com