zoukankan      html  css  js  c++  java
  • 授权给adfs读取ad 在ad服务器上运行

    Because the application pool identity for the AD FS 2.0 AppPool is running as a domain user/service account, you must configure the Service Principal Name (SPN) for that account in the domain with the Setspn.exe command-line tool. Setspn.exe is installed by default on computers running Windows Server 2008. Run the following command on a computer that is joined to the same domain where the user/service account resides:

     
    setspn -a host/<server name> <service account>
    

    For example, in a scenario in which all federation servers are clustered under the Domain Name System (DNS) host name fs.fabrikam.com and the service account name that is assigned to the AD FS 2.0 AppPool is named adfs2farm, type the command as follows, and then press ENTER:

     
    setspn -a host/fs.fabrikam.com adfs2farm
    

    It is necessary to complete this task only once for this account.

    • After the AD FS 2.0 AppPool identity is changed to the service account, set the access control lists (ACLs) on the SQL Server database to allow Read access to this new account so that the AD FS 2.0 AppPool can read the policy data.

    http://technet.microsoft.com/en-us/library/dd807078(WS.10).aspx

  • 相关阅读:
    Jakarta雅加达项目简介
    java的Commons包简介
    装饰者模式
    命令模式
    桥接模式
    适配器模式
    观察者模式
    模板模式
    责任链模式
    CentOS搭建NAT和DHCP服务,实现共享上网
  • 原文地址:https://www.cnblogs.com/haoliansheng/p/3142682.html
Copyright © 2011-2022 走看看