Writers: Bhejpal Singh, Rama Raman, Reagan Templin Technical Reviewers
Download 106.42 Kb.
|
- Navigate this page:
- Delegation Requirements
- Configure Kerberos with Full Delegation
- Configure Authentication Types for Reporting Services
- Verify Service Account Group Membership or Local Security Policy Settings
Configure Trust for DelegationIf you want to use the Kerberos credentials against the backend server (such as Reporting Services to SQL Server) it is necessary to configure trust for delegation. In this context, delegation refers to enabling a computer to impersonate an authenticated user to services on another computer. Delegation RequirementsThe following list describes the requirements for delegation.
Table 3: Delegation requirements in the Reporting Services deployment. Use the following procedures to configure the domain controller for delegation. To verify settings for domain user accounts used to access reports/application
Figure 7: The Account tab in the User Properties dialog box. Configure Kerberos with Full DelegationTo configure the middle tier computer/user account to use Kerberos with full delegation
Note: If the Delegation tab is not visible, there is no SPN configured for the account. Add an SPN and then perform the procedure. To verify the middle tier computer is trusted for delegation
Figure 8: The Delegation tab in the Computer Properties dialog box. To verify that the domain account used as the service account on the middle tier is trusted for delegation
Figure 9: The Delegation tab in the SQL Service Properties dialog box Configure Authentication Types for Reporting ServicesFor Reporting Services to use Kerberos authentication, you must ensure that the authentication types are configured correctly in the Reporting Services configuration file (rsreportserver.config) of each individual browser. For Internet Explorer, use RSWindowsNegotiate for Authentication Type which is specific to Windows/SPNEGO. For other browsers use RSWindowsKerberos. To configure authentication types for Reporting Services
Verify Service Account Group Membership or Local Security Policy SettingsAfter installation, the Reporting Services Service Account SID is assigned to the SQLServerReportServerUser$Server$MSRS10.MSSQLSERVER local group, which is then assigned to the IIS group. If they are not added by default, add the account to the groups mentioned below.
The IIS_WPG user group provides the minimum set of privileges and permissions that are required to start and run worker processes in IIS. For more information about the IIS_WPG group, see Configuring Application Pool Identity in IIS 6.0 (IIS 6.0). To verify membership in the IIS_WPG or IIS_IUSRS group (IIS 6.0 or IIS 7.0 only)
To verify local policy rights
Directory: download download -> Performance Tuning Guidelines for Windows Server 2008 May 20, 2009 Abstract download -> Northern England’s set-jetting locations download -> Bbc archives: Beyond the programme download download -> Occupational health and safety download -> Dynatest 3031 lwd light Weight Deflectometer download -> Forth coming competitive exams download -> English Olympiad Tasks: 10 th form Аудіювання, 10 клас. Текст download -> Brush High School Morning Announcements Friday, September 05, 2014 all school download -> Year 9 The Arts — Music download -> Years 7 and 8 standard elaborations — Australian Curriculum: Music draft Download 106.42 Kb. Share with your friends:
|