Sharepoint 2010 using Kerberos Authentication within the DMZ
I'm trying to setup a Sharepoint 2010 environment in my lab and it's been a nightmare for me trying to get Kerberos to work. I'm trying to user Kerberos to authenticate machines that are not on our doamin. Our Server Design team has indicated they would only like users to authenticate to the LTM via Kerberos and then we would go SSO to the Sharepoint Web Servers. I've gone through the 2010 Sharepoint iapp and neither the NTLM or Smart Card option gives me the proper Access Policy for this scenario. Does anyone have any idea on what my Access Policy should look like?
It currently looks like this...
Login Page > HTTP 401 Response > Kerberos Auth > SSO Credential Mapping > Allow
When I look at the Session Report Summary it seems to be failing on the Kerberos Auth part of the access policy. I'm suspecting the issues is either the Keytab file or the way I have the AAA Kerberos Server setup. My AAA is setup as follows:
Realm : LABDMZ.DOMAIN.COM
Service Name: HTTP
Keytab File Details:
Principal: HTTP/sharepoint-vip.labdmz.domain.com@LABDMZ.DOMAIN.COM
Any ideas on how I can verify that this is working properly?