Also review OSS note 1257108 analyzing SSO issues
Don Pooters
Principal Consultant
CIBER, Inc.
949-510-8862
From: mridulg via sap-basis [mailto:sap-basis@Groups.ITtoolbox.com]
Sent: Tuesday, June 29, 2010 10:04 PM
To: DonPooters
Subject: Re: [sap-basis] SSO with AD
Posted by mridulg (Analyst)
on Jun 30 at 1:02 AM Mark as helpful
I copied gx64krb5.dll but which other dll then this 1...
Regards,
Mridul
On Tue, Jun 29, 2010 at 10:24 PM, DonPooters via sap-basis <
sap-basis@groups.ittoolbox.com> wrote:
> Posted by DonPooters
> on Jun 29 at 1:01 PM Mridul,
> here is a sample of the profile entries for SSO. Also did you copy the 2
> DLLs into the system32 directory?
>
> snc/enable 1
> snc/gssapi_lib C:\WINDOWS\system32\gx64krb5.dll
> snc/identity/as p:SAPService<SID>@<domain name in CAPS>
> snc/accept_insecure_cpic 1
> snc/accept_insecure_gui 1
> snc/accept_insecure_rfc 1
> snc/permit_insecure_start 1
> snc/permit_insecure_comm 1
>
>
>
> Don Pooters
> Principal Consultant
> CIBER, Inc.
> 949-510-8862
>
> From: mridulg via sap-basis [mailto:sap-basis@Groups.ITtoolbox.com]<http://Groups.ITtoolbox.com%5D>
> Sent: Tuesday, June 29, 2010 7:40 AM
> To: DonPooters
> Subject: [sap-basis] SSO with AD
>
> Posted by mridulg (Analyst)
> on Jun 29 at 10:56 AM
>
>
> Hi,
>
> I am trying to implement Single Sign-On with Microsoft Kerberos SSP as per
> installation guide and changed the parameter as per guide
> snc/enable = 1
> snc/gssapi_lib =<DRIVE>:\%windir%\system32\<kerberos_file>.dl l
> snc/identity/as =p:SAPService<SAPSID>at the rate<UPPERCASE_DNS_DOMAIN_NAME>
>
> The domain name of my system as mentioned in the Properties of My Computer
> is WSE.wsmain.local and when I am mentioning
> snc/identity/as =p:SAPService<SAPSID>at the raterateraterateraterateraterateraterateraterateraterateraterateWSE.wsmain.local
> the
> dispatcher is not coming up and I think the root cause is this snc paramter
>
> only. I even tried snc/identity/as =p:SAPService<SAPSID>at the
> rateWSE.WSMAIN.LOCAL, p:SAPService<SAPSID>at the rateWSE as well as same
> with three more cases with <sid>adm like snc/identity/as =p:<sid>admat the
> rateWSE.WSMAIN.LOCAL and so on but the dispatcher is not coming up.
>
> I am also pasting the log for dev_w0 for your reference:
>
> ------------------------------
> trc file: "dev_w0", trc level: 1, release: "700"
> ------------------------------
>
> N SncInit(): Initializing Secure Network Communication (SNC)
> N PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 16/64/64)
> N SncInit(): found snc/data_protection/max=3, using 3 (Privacy Level)
> N SncInit(): found snc/data_protection/min=2, using 2 (Integrity Level)
> N SncInit(): found snc/data_protection/use=9, using 3 (Privacy Level)
> N SncInit(): found snc/gssapi_lib=C:\WINDOWS\system32\gx64krb5.dll
> N File "C:\WINDOWS\system32\gx64krb5.dll" dynamically loaded as GSS-API v2
> library.
> N The internal Adapter for the loaded GSS-API mechanism identifies as:
> N Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
> N SncInit(): found snc/identity/as=p:SAPServiceW6Rat the
> rateWSE.WSMAIN.LOCAL
> N *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI http://sncxxall.c
> 1432<http://sncxxall.c%201432/>
> N GSS-API(maj): No valid credentials provided (or available)
> N GSS-API(min): SSPI u2u-problem: please add Service principal for own
> account
> N Could't acquire ACCEPTING credentials for
> N
> N name="p:SAPServiceW6Rat the rateWSE.WSMAIN.LOCAL"
> M *** ERROR => ErrISetSys: error info too large http://err.c
> 944<http://err.c%20%20%20%20%20%20%20%20944/>
> M Tue Jun 29 19:11:31 2010
> M LOCATION SAP-Server wss-cha-w6r_W6R_14 on host wss-cha-w6r (wp 0)
> M ERROR GSS-API(maj): No valid credentials provided (or available)
> M GSS-API(min): SSPI u2u-problem: please add Service principal for own a
> M name="p:SAPServiceW6Rat the rateWSE.WSMAIN.LOCAL"
> M TIME Tue Jun 29 19:11:31 2010
> M RELEASE 700
> M COMPONENT SNC (Secure Network Communication)
> M VERSION 5
> M RC -4
> M MODULE sncxxall.c
> M LINE 1432
> M DETAIL SncPAcquireCred
> M SYSTEM CALL gss_acquire_cred
> M ERRNO
> M ERRNO TEXT
> M DESCR MSG NO
> M DESCR VARGS GSS-API(maj): No valid credentials provided (or
> available);;;;
> M ;;;;GSS-API(min): SSPI u2u-problem: please add Service principal for own
> a;;;;
> M ;;;;name="p:SAPServiceW6Rat the rateWSE.WSMAIN.LOCAL"
> M DETAIL MSG N
> M DETAIL VARGS
> M COUNTER 1
> N SncInit(): Fatal -- Accepting Credentials not available!
> N <<- ERROR: SncInit()==SNCERR_GSSAPI
> N sec_avail = "false"
> M ***LOG R19=> ThSncInit, SncInitU ( SNC-000004) http://thxxsnc.c
> 230<http://thxxsnc.c%20%20%20%20230/>
> M *** ERROR => ThSncInit: SncInitU (SNCERR_GSSAPI) http://thxxsnc.c
> 232<http://thxxsnc.c%20%20%20%20232/>
> M in_ThErrHandle: 1
> M *** ERROR => SncInitU (step 1, th_errno 44, action 3, level 1)
> http://thxxhead.c
> 10468 <http://thxxhead.c%20%20%2010468/>
>
> M ThCallHooks: call hook >ThrSaveSPAFields< for event BEFORE_DUMP
> M *** ERROR => ThrSaveSPAFields: no valid thr_wpadm http://thxxrun1.c
> 724<http://thxxrun1.c%20%20%20724/>
> M *** ERROR => ThCallHooks: event handler ThrSaveSPAFields for event
> BEFORE_DUMP failed http://thxxtool3.c 261 <http://thxxtool3.c%20%20261/>
> M Entering ThSetStatError
> M ThIErrHandle: do not call ThrCoreInfo (no_core_info=0, in_dynp_env=0)
> M Entering ThReadDetachMode
> M call ThrShutDown (1)...
> M ***LOG Q02=> wp_halt, WPStop (Workproc 0 4088) http://dpnttool.c
> 327<http://dpnttool.c%20%20%20327/>
>
> Please suggest.
>
> Regards,
> Mridul
| __.____._ Copyright © 2010 Toolbox.com and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
| | Related Content White Papers
In the Spotlight  _.____.__ |
Mark as helpful
