Results 1 to 3 of 3

Thread: Enable Kerberos Authentication

  1. 08-11-2008 #1
    Tom Guest

    Enable Kerberos Authentication

    I would like to know the significance of the above setting under the
    network name parameters. Is there a best practice as to whether this
    option should be turned on for a file share? I know that enabling it
    will create a virtual server in AD. Is this recommended? Thanks
    Reply With Quote Reply With Quote
  2. 08-11-2008 #2
    ProADGuy Guest

    RE: Enable Kerberos Authentication

    For clusters in an Active Directory domain, enable Kerberos authentication
    for Network Name resources.
    Kerberos authentication is much more secure than the alternative, NTLM
    authentication. Note that when you enable Kerberos authentication, you must
    add certain rights and permissions to the account that the Cluster service
    creates for the Network Name resource, and possibly to the Cluster service
    account itself. For more information, see Knowledge Base article 307532, "How
    to troubleshoot the Cluster service account when it modifies computer
    objects," on the Microsoft Support Web site.

    -Best practices for securing server clusters:
    http://technet.microsoft.com/en-us/l.../cc785168.aspx

    Server Cluster Best Practices
    http://technet.microsoft.com/en-us/l.../cc781143.aspx

    Regards,
    ProADGuy


    "Tom" wrote:

    > I would like to know the significance of the above setting under the
    > network name parameters. Is there a best practice as to whether this
    > option should be turned on for a file share? I know that enabling it
    > will create a virtual server in AD. Is this recommended? Thanks
    >
    Reply With Quote Reply With Quote
  3. 08-11-2008 #3
    Marcin Guest

    Re: Enable Kerberos Authentication

    Tom ,
    in addition to security advantages (mutual authentiation between client and
    server, characteristics superior when compared with NTLM), this is a
    requirement when using delegation (this comes into play in a variety of
    scenarios - e.g. when creating a clustered encrypted file share)...

    hth
    Marcin

    "Tom" <usernetuser@yahoo.com> wrote in message
    news:a337666c-b961-4a15-9f5e-562a871f1e8c@k36g2000pri.googlegroups.com...
    >I would like to know the significance of the above setting under the
    > network name parameters. Is there a best practice as to whether this
    > option should be turned on for a file share? I know that enabling it
    > will create a virtual server in AD. Is this recommended? Thanks


    Reply With Quote Reply With Quote
« Unable to activate Windows Server 2003 x64 Enterprise SP2 (MSDN) | how to configure shared ISCSI SAN storage on Windows 2008 »

Similar Threads

  1. ADAM Kerberos Authentication issue and missing SPNs
    By mbenson in forum Active Directory
    Replies: 2
    Last Post: 15-02-2012, 11:32 AM
  2. AAA enable password authentication failed
    By X-MaaN in forum Networking & Security
    Replies: 5
    Last Post: 01-10-2011, 01:43 AM
  3. Samba Authentication by using Kerberos: Unable to add to the AD machine
    By Aerona in forum Operating Systems
    Replies: 5
    Last Post: 06-05-2011, 10:27 AM
  4. Kerberos/RPC Authentication issue
    By Agilent in forum Active Directory
    Replies: 2
    Last Post: 31-03-2010, 12:58 AM
  5. Kerberos authentication
    By Jorge Azcuy in forum Active Directory
    Replies: 8
    Last Post: 14-02-2007, 01:05 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Page generated in 1,714,124,020.69536 seconds with 17 queries