{"id":313,"date":"2018-04-09T17:09:17","date_gmt":"2018-04-09T09:09:17","guid":{"rendered":"https:\/\/rol801.com\/wordpress\/?p=313"},"modified":"2018-04-09T17:09:17","modified_gmt":"2018-04-09T09:09:17","slug":"kerberos-double-hop-setup-%e5%82%99%e5%bf%98-part-2","status":"publish","type":"post","link":"https:\/\/rol801.com\/wordpress\/?p=313","title":{"rendered":"Kerberos Double Hop Setup \u5099\u5fd8 &#8211; Part 2"},"content":{"rendered":"<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"289\" data-permalink=\"https:\/\/rol801.com\/wordpress\/?attachment_id=289\" data-orig-file=\"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/02\/logo-500px-300x300.png?fit=300%2C200&amp;ssl=1\" data-orig-size=\"300,200\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"logo-500px-300&amp;#215;300\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/02\/logo-500px-300x300.png?fit=300%2C200&amp;ssl=1\" class=\"alignleft size-full wp-image-289\" src=\"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/02\/logo-500px-300x300.png?resize=300%2C200&#038;ssl=1\" alt=\"\" width=\"300\" height=\"200\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>\u4eca\u65e5\u7e7c\u7e8c\u8a66\u843d\u53bb\uff0c\u5c31\u767c\u73fe\u81ea\u5df1\u4fc2\u6709\u53e6\u4e00\u90e8\u505a\u524dSet\u843d\u5df2\u7d93\u7528\u7dcaDouble Hop\u5605\u6a5f\u3002<br \/>\nSetup\u518d\u6709\u5c0f\u5c0f\u5514\u540c<br \/>\nDoubleHop Website\u7121enable ASP.Net Impersonation<br \/>\nApplication Pool \u4fc2\u7528.Net Framework v4.0.30319 . Managed pipeline mode \u4fc2&#8221;Integrated&#8221; \uff08\u5982\u679c\u6709Enable ASP.Net Impersonation\uff0c\u4f46\u4fc2Pipeline mode \u4fc2Integrated\uff0c\u6703\u51faError 500)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \u4eca\u65e5\u7e7c\u7e8c\u8a66\u843d\u53bb\uff0c\u5c31\u767c\u73fe\u81ea\u5df1\u4fc2\u6709\u53e6\u4e00\u90e8\u505a\u524dSet\u843d\u5df2\u7d93\u7528\u7dcaDouble Hop\u5605\u6a5f\u3002 Setup\u518d\u6709\u5c0f\u5c0f\u5514\u540c DoubleHop Website\u7121enable ASP.Net Impersonation Application Pool \u4fc2\u7528.Net Framework v4.0.30319 . Managed pipeline mode \u4fc2&#8221;Integrated&#8221; \uff08\u5982\u679c\u6709Enable ASP.Net Impersonation\uff0c\u4f46\u4fc2Pipeline mode \u4fc2Integrated\uff0c\u6703\u51faError 500)<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[2],"tags":[],"class_list":["post-313","post","type-post","status-publish","format-standard","hentry","category-it"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p71O8A-53","jetpack-related-posts":[{"id":306,"url":"https:\/\/rol801.com\/wordpress\/?p=306","url_meta":{"origin":313,"position":0},"title":"Kerberos Double Hop Setup \u5099\u5fd8","author":"rol801","date":"April 7, 2018","format":false,"excerpt":"\u00a0 \u00a0 \u00a0 \u00a0 Kerberos -\u00a0\u5c0d\u65bc\u81ea\u5df1\u569f\u8b1b\u53eb\u505a\u5e38\u7528\uff0c\u4f46\u4fc2\u6709\u6642\u5019\u90fd\u6703\u5fd8\u8a18\u4e00\u5572\u7279\u5225\u5605Implementation \u65b9\u6cd5\u3002Double Hop \u6b63\u6b63\u4fc2\u81ea\u5df1\u6703\u5fd8\u8a18\u5605\u4e00\u7a2e\u3002 \u5148\u8b1b\u54a9\u4fc2 Single Hop \uff0f Double Hop\u3002 \u00a0 \u9867\u540d\u601d\u7fa9 Single Hop > \u5e73\u5e38 \u5e38\u7528\u5605\u5ea6\u6cd5\uff0c\u597d\u4f3cShare Point\u5481 Double Hop > \u540cSingle Hop \u5605\u5225\u5c31\u4fc2\u6703\u518d\u7528Kerberos\u53bbConnect \u53e6\u4e00\u500bSource\u3002 \uff08\u6ce8\u610f\uff1a\u4fc2\u5169\u6b21Kerberos\uff0c\u6211\u6703\u5e38\u5e38\u5fd8\u8a18\u5605\u5c31\u4fc2\u7b2c\u4e8c\u5c64\u7121\u7528Kerberos\u5605\u99c1\u6cd5\u800cFail Error 401) \u4e0b\u9762\u7b2c\u4e00\u689dReference URL \u4fc2\u975e\u5e38\u6e05\u6670Setup Guide\u3002 \u800c\u5e38\u7528Kerberos Hop\u4fc2 IIS Virtual Directory\u6307\u4fc2 UNC Path \u81ea\u5df1\u559c\u6b61\u7528\u5605\u65b9\u6cd5\u540cArticle \u8b1b\u5605\u6709\u5572\u5514\u540c \u5230\u6cd5\u5982\u4e0b - IIS WebSite\u2026","rel":"","context":"In &quot;IT&quot;","block_context":{"text":"IT","link":"https:\/\/rol801.com\/wordpress\/?cat=2"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/04\/Kerberos_DoubleHop.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/04\/Kerberos_DoubleHop.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/04\/Kerberos_DoubleHop.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":440,"url":"https:\/\/rol801.com\/wordpress\/?p=440","url_meta":{"origin":313,"position":1},"title":"FreeNAS (Rsync over SSH) to Synology Setup","author":"rol801","date":"November 1, 2019","format":false,"excerpt":"\u00a0 \u00a0 \u00a0 Data \u5099\u4efd\u597d\u7dca\u8981\uff01 \u81ea\u5f9eOffice \u7528FreeNAS keep Source \u4ee5\u9ece\uff0c\u90fd\u4fc2\u7528USB HDD \u7d93PC \u884cSyncBackPro \u505aSchedule Backup (\u96d6\u7136\u91cd\u6709\u7b2c\u4e09\u5957Backup\u53bb\u53e6\u4e00\u96bbSynology\uff09 Reference site \u597d\u6709\u7528\uff0c\u4f46\u6709\u4e00\u6a23\u4fc2\u5165\u9762\u7121\u63d0\uff0c\u4f46\u81ea\u5df1\u53c8\u958b\u982d\u7121\u641e\u6e05\u695a\u5605\u3002\u5c31\u4fc2FreeNAS \u5605 \u300ersync\u300f service-account \u5605Primary Group \u8981\u4fc2 Wheel\uff0cPrimary Group \u4fc2\u81ea\u5df1\u540d\u6216\u5176\u4ed6\u3002Rsync task\u90fd\u5514\u6703\u884c\u5f97\u8d77\u3002 SSH Keygen \u5514\u4fc2\u592a\u96e3\uff0c\u6700\u7dca\u8981\u641e\u6e05\u695a\u908a\u90e8\u6a5f\u53bb\u908a\u90e8\u6a5f(Source>Target) Genkey \u7cfb\u4fc2Source\u6a5fgen\uff0c\u4e4b\u5f8c\u6284id_rsa.pub\u53bbTargetMachine ~\/.ssh\u5165\u9762\uff0c\u540c\u57cb \"authorized_key\" \u5169\u500bfile\u3002Permission 711 \u4fc2Synology\u5165\u9762enable Rsync\u5514\u592a\u8907\u96dc\uff0c\u4f46\u4fc2\u552f\u4e00\u4ee4\u6211\u518d\u4f0f\u5605\u4f4d\u4fc2, Synology Rsync Service-Account\u9700\u8981\u4fc2Admin Group Member\u3002\u5514\u4fc2\u5572\u8a71FreeNAS\u7528SSHconnect\u53bbSynology\u7cfb\u6703\u7167\u554fPassword\u3002 \u5982\u7121\u7279\u5225\u554f\u984c\u5c31\u53ef\u4ee5Trial Run\u3002\u3002\u4f46\u4fc2\u592a\u591aData\u53bb\u6284\uff0c\u7d50\u679c 1.3T Data\u7cfb\u7528\u63a5\u8fd1\u5169\u661f\u671f\u5b8c\u6210\u3002 \u984d\u5916\u5c31\u4fc2FreeNAS\u5605Rsync\u7cfb\u6703unlimit\u2026","rel":"","context":"In &quot;IT&quot;","block_context":{"text":"IT","link":"https:\/\/rol801.com\/wordpress\/?cat=2"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2019\/11\/FreeNAS.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":189,"url":"https:\/\/rol801.com\/wordpress\/?p=189","url_meta":{"origin":313,"position":2},"title":"Microsoft ActiveSync &#8211; New EAS Website with Certificate Base Authentication(CBA) in same server","author":"rol801","date":"May 12, 2017","format":false,"excerpt":"\u70ba\u5de6\u5514\u4f7f\u8d77\u591a\u90e8CAS\uff0c\u4f46\u53c8\u53ef\u4ee5\u8a66CBA\uff0c \u53ea\u4fc2\u7528\u52a0\u591a\u4e00\u5f35NIC\uff0c\u591a\u4e00\u7c92IP\u3002 \u7d55\u5c0d\u4fc2\u5feb\u975a\u6b63\u3002 \u4f46\u4fc2\uff0c\u4fc2deployment\u5605\u904e\u7a0b\uff0c\u4fc2\u7d55\u5c0d\u4ffeExchange\/IIS\u73a9\u6b7b\u3002 \u5462\u4e0bWebsite\u5605\u6b65\u9a5f\u7d55\u5c0d\u7121\u932f\uff08\u63a8\u85a6\u7b2c\u4e00\u500b\uff09 \u9047\u5230\u554f\u984c\u5982\u4e0b 1\u3002\u540c\u4e00\u5f35NIC\u7528\u4e8c\u7c92IP\uff0c\u4fc2setup\u6642\u6703\u884d\u751fHost \u932fIP\u554f\u984c\uff0c\u6240\u4ee5\u5514\u5efa\u8b70 2\u3002\u7576\u4e2d\u907f\u514d\u7528IIS\u53bbSet\uff0c\u7279\u5225\u4fc2Step 11\u958bclientCertificateMappingAuthentication\uff0c\u540c\u57cb\u6700\u5c3eenable \"Require Client Certificate\" \u96d6\u7136\u4fc2IIS\u90fd\u6703\u6539\u5230\uff0c\u4f46\u4fc2\u5049\u5927\u5605M\uff04\u8a71Exchange \u91ce\u61c9\u8a72\u8fd4Exchange Admin Center\uff08EAC\uff09\u505a\uff0c\u540cSharePoint \u4e00\u6a23...... \u5514\u76f8\u4fe1....\u6211\u81ea\u5df1\u5f97\u5230\u5605\u4ee3\u50f9\uff0c\u5c31\u4fc2\u5514\u540c\u5605IIS Error\u3002\u3002 \u53ef\u80fd\u4fc2403.7 \uff0c\u63a5403.16........ \u518d\u5514\u4fc2\uff0c\u51faError 500\u3002\u3002\u606d\u559c\uff5eGameOver\u3002\u3002\u3002 \u9047\u904e\u597d\u5e7e\u6b21\uff0c\u8981delete site\uff0c\u7531\u982d\u518d\u569f..... 3\u3002EWS IIS Error 413, \u5514Fix, Notification\u4ea6\u6703\u505c\u5514work \u9700\u8981\u6539\u4ee5\u4e0b C:\\Program Files\\Microsoft\\Exchange Server\\V15\\FrontEnd\\HttpProxy\\autodiscover\\web.config C:\\Program Files\\Microsoft\\Exchange Server\\V15\\FrontEnd\\HttpProxy\\ews\\web.config 2. Replace the value \"uploadReadAheadSize\" of 0 to 1048576 (bytes) in\u2026","rel":"","context":"In &quot;IT&quot;","block_context":{"text":"IT","link":"https:\/\/rol801.com\/wordpress\/?cat=2"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2016\/08\/images.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":71,"url":"https:\/\/rol801.com\/wordpress\/?p=71","url_meta":{"origin":313,"position":3},"title":"ADFS 3.0 -> MFA Setup Configuration","author":"rol801","date":"January 6, 2016","format":false,"excerpt":"\u00a0 \u00a0 \u00a0 \u00a0 \u57fa\u65bc\u88abM\uff04 \u6311\u6a5f\u8a71\u73a9 ADFS \u8981\u7528 On-Premises MFA \u5148\u5920\u597d\u3002 \uff08\u5f80\u5f8c\u5c31\u4fc2\u554f M\uff04\u9ede\u89e3 Cloud MFA \u505a\u5514\u5230Intranet IP by pass MFA) \u7528\u6700\u7c21\u55ae\u5605\u65b9\u6cd5\u4fc2 MFA server \u5b89\u4fc2 ADFS \u540c\u4e00\u90e8\u5e7e\u3002 \u5b89\u88dd\u540c\u5927\u90e8\u5206configure \u4ee5\u4e0b\u9762URL\u70ba\u597d\uff0c \u6bd4Microsoft Official Article \u66f4\u65b9\u4fbf Reference https:\/\/4sysops.com\/archives\/azure-multi-factor-authentication-part-7-securing-ad-fs\/ \u4f46\u4fc2\uff0c\u8981\u63d0\u53ca MFA User Portal\u6703\u7121\u795e\u795e\u9ed0\u7dda login \u5514\u5230\uff0c \u751a\u81f3\u5f71\u97ff\u5230\u4e00\u822c\u7528\u5605ADFS \u721bpage\u3002\u4fc2\u5b89\u88dd\u9014\u4e2dReboot Server\u591a\u7684\u4e8b....... \u6700\u5f8c\u6700\u7d93\u5178\u5605\u4fc2Microsoft \u5605 article \u932f\u8aa4\u52c1\u591a\u3002 PowerShell Commmand \u81ea\u5df1\u780c\u4f46\u4fc2\u7528\u9ece\u5305Parameter\u2026","rel":"","context":"In &quot;ADFS&quot;","block_context":{"text":"ADFS","link":"https:\/\/rol801.com\/wordpress\/?cat=13"},"img":{"alt_text":"mfa_thumb","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2016\/01\/mfa_thumb-300x179.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":352,"url":"https:\/\/rol801.com\/wordpress\/?p=352","url_meta":{"origin":313,"position":4},"title":"Android Enterprise Chrome Managed Bookmarks","author":"rol801","date":"July 19, 2018","format":false,"excerpt":"\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u7d93\u904e\u4fc2MobileIron configure Android Enterprise\uff0coverall \u4fc2\u6210\u529f\u5605\uff0c\u4e0d\u4fc2\u56e0\u70ba\u7121Web@Work\u505aSecure Browser\u3002\u53ea\u53ef\u4ee5\u7528MI Tunnel + Chrome\u3002 \u4fc2Android Enterprise\u843dApp Configure\u540c\u4e00\u822cApp Config\u5514\u540c\u3002 Configuration Profile\u4fc2\u76f4\u63a5\u8ddfApp\u3002 \u4f46\u4fc2\u597d\u8870\u683c\u5605\u4fc2\u8cc7\u6599\u597d\u5c0f\u597d\u96e3\u6435\u3002\u4ee5\u4e0b\u4fc2\u843dManaged Bookmarks\uff0c\u4fc2MI Web@Work \u843dBookmarks\u5bb9\u6613\u597d\u591a \u7531\u4e0b\u9762Microsoft Link\u5605Sample\uff0c\u6211\u53ea\u9700\u8981Managed Bookmarks\u500b\u6bb5\u3002 \u4f46\u4fc2\u53e6\u4eba\u8aa4\u6703\u5605\u4fc2 \u6240\u6709\u5605slash \"\\\"\u00a0\uff0c \u90fd\u4fc2\u5514\u9700\u8981\u5605\u3002 { \u00a0 \"kind\": \"androidenterprise#managedConfiguration\", \u00a0 \"productId\": \"app:com.android.chrome\", \u00a0 \"managedProperty\": [ \u00a0 \u00a0 { \u00a0 \u00a0 \u00a0 \"key\": \"EditBookmarksEnabled\", \u00a0\u2026","rel":"","context":"In &quot;Android&quot;","block_context":{"text":"Android","link":"https:\/\/rol801.com\/wordpress\/?cat=16"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/07\/download.jpeg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":386,"url":"https:\/\/rol801.com\/wordpress\/?p=386","url_meta":{"origin":313,"position":5},"title":"iOS Device  Global HTTP Proxy \u518d\u7e8c","author":"rol801","date":"August 25, 2018","format":false,"excerpt":"\u518d\u7e8c\u4e0a\u56de\uff0c\u5df2\u7d93\u63a5\u8fd14\u500b\u661f\u671f\u3002 \u4fc2Split Brain DNS + Dual Web Server Host Proxy Pac (ASP) \u7d93Mobile Network \u99c1\u5165\uff08External Proxy ASP file) \u96d6\u7136\u7121\u660e\u89ba\u8a66\u5230\u554f\u984c\uff0c\u4f46\u7576\u7528Internal WiFi (Internal Proxy ASP file) \u5c31\u7d42\u65bc\u6709\u767c\u73fe\u3002 \u5982\u4e4b\u524d\u8b1b\u3002\u4fc2\u7406\u8ad6\u4e0a\uff0c\u4e0d\u8ad6External \u540c Internal Proxy file \uff0c\u53bbMDM Server\u65e2traffic\u90fd\u4fc2 \u201cDirect\u201d\u3002 \u4f46iDevice \u78ba\u5be6\u6703\u51fa\u73fe \u201cInternet Connection lost\u201d\u3002\u5462\u53e5\u610f\u601d\u4fc2\u54a9\uff1f\u5c31\u4fc2iOS device\u6703\u4fc2Connect\u4f4fInternal WiFi\uff0c\u6709Valid IP, GW, DNS \u5605\u60c5\u6cc1\u4e4b\u4e0b\uff0c\u53bb\u5514\u5230\u4efb\u4f55Destination\u3002\u4e0d\u8ad6 External\/Internal\u5982\u5426\u3002\u7747\u5230\u5462\u5230\uff0c\u7576\u7136\u6703\u554f\uff0c\u4fc2\u54aa\u4f60WiFi \u6709\u554f\u984c\uff0ciOS device fault\u3002 \u6211\u53ef\u4ee5\u8b1b\uff0c \u5169\u6a23\u90fd\u7121\u554f\u984c\u3002\u4fc2\u7528\u76f8\u540cWiFi,\u2026","rel":"","context":"In &quot;iOS&quot;","block_context":{"text":"iOS","link":"https:\/\/rol801.com\/wordpress\/?cat=15"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rol801.com\/wordpress\/wp-content\/uploads\/2018\/07\/iOS.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/313","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=313"}],"version-history":[{"count":1,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/313\/revisions"}],"predecessor-version":[{"id":314,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/313\/revisions\/314"}],"wp:attachment":[{"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=313"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=313"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rol801.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=313"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}