You are viewing limited content. For full access, please sign in.

Question

Question

Kerberos Configuration

Laserfiche
Updated June 19, 2014
asked on March 20, 2014

We followed the steps below :

http://www.laserfiche.com/support/webhelp/webaccess/9.1/en-us/WAA/WAConfiguration.htm#Configuration%20Page%20Repositories.htm

 

and

Setting Up Kerberos for Web Access on IIS 7 

Let me tell you what we did : 

 

1- In IIS,we made the Anonymous Authentication item is disabled and that the Windows Authentication item is enabled.

2- In Domain Controller, we enabled delegation for the webaccess server.

3- In webaccess configuration page we made the connection option as "Auto Login using integrated windows authentication".

4- In Laserfiche Administration Console We made the user "Trust: allow access"

 

Notes :

            a. the webserver and Laserfiche server in different machines.

            b. Laserfiche Server is running under the Local System account.

 

But We still getting access denied

Is there any missed steps should be done?

 

0 0

Replies

replied on March 20, 2014

Hi, 

 

Take a look at KB #1012580, i had the same problem with WebLink and my VAR pointed me in that direction which did it for me.

 

https://support.laserfiche.com/KB/1012580

 

JS

0 0
replied on April 6, 2014

We did but Still not working.

0 0
replied on April 6, 2014

Could it possible, anyone can come online or remote connect session on customer site to resolve this issue.

 

waiting the positive response. Thanks

0 0
View 1 previous reply
replied on April 7, 2014

Please open a case with Tech Support if you need direct assistance.

0 0
replied on May 21, 2014

A client of ours is encountering the same issue and has the same set-up as above with Windows Server 2012 R2. Laserfiche Support assisted and had us try logging from the WebLink Server with Windows Authentication and that worked successfully.

 

But when the same link is tried from any workstation on the network, the "permissions denied" error message is encountered. KB 1012580 didn't help either.

 

Any pointers on this would be highly appreciated.

0 0
replied on June 18, 2014

Mustafa & Karim

Did you both get any resolution with this. My client's config is similar to Karim's. 

0 0
replied on June 19, 2014

Roy,

 

This is what our Client ended up doing to resolve the issue:

 

What led them in the right direction was this post (look half way down for CTGR posted May 14, 2013 11:35 am: https://support.laserfiche.com/forums.aspx?Link=viewtopic.php%3ft%3d18166%26amp

 

Here’s what we did:

 

Register spn: mylfserver using setspn on Domain Controller server.

 

setspn –a HTTP/MyLFServer.mydomain.com LFServiceUser

setspn –a LaserficheServer/MyLFServer LFServiceUser

setspn –a LaserficheServer/MyLFServer.mydomain.com LFServiceUser

 

In Active Directory

  • Click on WebLink server
  • Go to Delegation tab and change to "Trust this computer for delegation to specified services only"
  • Use any authentication protocol
  • In service type add  'HTTP' and 'LaserFicheServer' types and add them to the list. Then you can Apply/OK the settings on the Computer object. (see attached screen shot)

 

 

Let me know if this works for you.

 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...