RS First Dynamics NAV Blog


...from NAV 3.60 to NAV 2013
Archivio Posts
Anno 2015

Anno 2014

Anno 2013

Anno 2012

Anno 2011

Anno 2010

Anno 2009

Anno 2008

Anno 2007

HOW-TO DELEGATION FOR NAV 2009 Service Tier & SQL SERVER

1) installare "Windows Support Tools" (contiene file SETSPN)
> crea cartella con tools tra cui SPN File (scaricare da Microsoft)

2) SQL DELEGATION , PORT & SERVICE
> "To delegate access to the SQL Server service"

setspn -A MSSQLSvc/SQL NAME:1433 DOMAIN\user       > accesso a porta SQL 1433

setspn -A MSSQLSvc/SQL NAME DOMAIN\user         > delega a login utente su sql, SQL full Qualify Name

3) NAV Server Delegation
setspn -A DynamicsNAV/srv-name:7046 DOMAIN\user


4) NAV Web Services
At the command prompt, use the setspn command to create two SPNs for the Microsoft Dynamics NAV Business Web Services service.

The http/ indicates that the SPN is for the Web services server.

setspn -A http/NameOfServer Domain\User

The first setspn command, using the fully qualified domain name of the server, has this format

setspn -A http/NAVSERV.yourDomain.yourCompany.com yourDomain\yourUser

5) ACL

This SPN accommodates Web services clients that connect using the NetBIOS name of the server.

Use httpcfg to register the access control list (ACL) that is associated with the Web service URL for the domain user.
An ACL is part of the Windows security infrastructure. For details, see Access Control Lists.

httpcfg delete urlacl –u http://+:7047/DynamicsNAV/
httpcfg set urlacl -u http://+:7047/DynamicsNAV/ -a D:^(A;^;GX^;^;^;)

 

Delegating Access to the SQL Server Service
Configuring delegation means explicitly configuring the Microsoft Dynamics NAV Server service to delegate its access to the database server on behalf of the RoleTailored client. To make the access more secure, you specify delegation to a specific service on a specific server.

To delegate access to the SQL Server service
1.On any server computer in the domain, click Start, and then click Run.

2.In the Open field, type dsa.msc.

This opens the Active Directory Users and Computers utility.

3.To configure delegation, the functional level for the domain must be Windows Server 2003 or higher. To verify the domain functional level, right-click the node for the domain where you have installed Microsoft Dynamics NAV, and then click Raise Domain Functional Level. If the level is not at least Windows Server 2003, then raise it to that level.

4.Right-click the node for the domain where you have installed Microsoft Dynamics NAV, and then click Find.

5.In the Find Users, Contacts, and Group dialog box, type the name of the domain user in the Name field, and then press ENTER.

6.In the Search results area, right-click the domain user, and then click Properties.

7.On the Delegation tab, click Trust this user for delegation to specified services only, and then click Use Kerberos only.

8.Click Add to open the Add Services dialog box.

9.In the Add Services window, click Users or Computers, and then type the name of the domain user.

10.In the list of services for the domain user, click MSSQLSvc, which is the name of the SQL Server service.

11.Click OK to exit the Add Services dialog box.

12.Click OK to close all open dialog boxes.

Issue by MSDN

martedì, 17 mag 2011 Ore. 17.23

Messaggi collegati


Statistiche
  • Views Home Page: 468.918
  • Views Posts: 885.792
  • Views Gallerie: 0
  • n° Posts: 343
  • n° Commenti: 0
Copyright © 2002-2007 - Blogs 2.0
dotNetHell.it | Home Page Blogs
ASP.NET 2.0 Windows 2003