EFS file sharing with constrained delegation

hello,

is it supported to configure the remote EFS file server not with the
unconstrained delegation but with only a limited set of constrained
delegation SPNs? which SPNs must be used?

thank you very much

ondrej.

Ondrej Sevecek wrote:
> hello,
>
> is it supported to configure the remote EFS file server not with the
> unconstrained delegation but with only a limited set of constrained
> delegation SPNs? which SPNs must be used?
>
> thank you very much
>
> ondrej.

Hi,

this is what worked for me,

FS delegate: cifs/DC, ldap/DC, protectedstorage/DC
(note, if you have multiple domain controllers in site you should add them all)
FS delegate: HOST/CA

However, I could not find any documentation regarding constrained delegation,
technet does not mention whether this configuration is supported or not.

HTH

Pozdravuje (Greetings)

Martin

--
Replace nospam with google's mail for e-mail communication

yes, no documentation at all to this, but it actually doesn't work for me,
even previously i tested something similar:

fs1: can delegate to CIFS/DC1
fs1: can delegate to LDAP/DC1
fs1: can delegate to ProtectedStorage/DC1
fs1: can delegate to GC/DC1
fs1: can dleegate to RPCSS/CA1
fs1: can delegate to HOST/CA1

but it stops after obtaining the last ticket from DC, no further ip traffic
occuring from the FS. it must have been that the FS dindn't know something
or was thinking something incorrectly, but it didn't repair even after
restarts.

ale dekuju moc za podporu. pokusim se to jeste nejak poresit a dam vedet :-)

ondrej





"Martin Rublik" <> wrote in message
news:...
> Ondrej Sevecek wrote:
>> hello,
>>
>> is it supported to configure the remote EFS file server not with the
>> unconstrained delegation but with only a limited set of constrained
>> delegation SPNs? which SPNs must be used?
>>
>> thank you very much
>>
>> ondrej.
>
> Hi,
>
> this is what worked for me,
>
> FS delegate: cifs/DC, ldap/DC, protectedstorage/DC
> (note, if you have multiple domain controllers in site you should add them
> all)
> FS delegate: HOST/CA
>
> However, I could not find any documentation regarding constrained
> delegation,
> technet does not mention whether this configuration is supported or not.
>
> HTH
>
> Pozdravuje (Greetings)
>
> Martin
>
> --
> Replace nospam with google's mail for e-mail communication

Just a simple question,

is it possible to log on the server locally and to encrypt a file using EFS?

Martin

Ondrej Sevecek wrote:
> yes, no documentation at all to this, but it actually doesn't work for
> me, even previously i tested something similar:
>
> fs1: can delegate to CIFS/DC1
> fs1: can delegate to LDAP/DC1
> fs1: can delegate to ProtectedStorage/DC1
> fs1: can delegate to GC/DC1
> fs1: can dleegate to RPCSS/CA1
> fs1: can delegate to HOST/CA1
>
> but it stops after obtaining the last ticket from DC, no further ip
> traffic occuring from the FS. it must have been that the FS dindn't know
> something or was thinking something incorrectly, but it didn't repair
> even after restarts.
>
> ale dekuju moc za podporu. pokusim se to jeste nejak poresit a dam vedet
> :-)
>
> ondrej
>
>
>
>
>
> "Martin Rublik" <> wrote in message
> news:...
>> Ondrej Sevecek wrote:
>>> hello,
>>>
>>> is it supported to configure the remote EFS file server not with the
>>> unconstrained delegation but with only a limited set of constrained
>>> delegation SPNs? which SPNs must be used?
>>>
>>> thank you very much
>>>
>>> ondrej.
>>
>> Hi,
>>
>> this is what worked for me,
>>
>> FS delegate: cifs/DC, ldap/DC, protectedstorage/DC
>> (note, if you have multiple domain controllers in site you should add
>> them all)
>> FS delegate: HOST/CA
>>
>> However, I could not find any documentation regarding constrained
>> delegation,
>> technet does not mention whether this configuration is supported or not.
>>
>> HTH
>>
>> Pozdravuje (Greetings)
>>
>> Martin
>>
>> --
>> Replace nospam with google's mail for e-mail communication
>

--
--
Replace nospam with google's mail for e-mail communication