Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Question from sapera on Oct 26 at 8:53 AM Hi,
We are configuring the SSO between the Windows AD and the SAPGui using Kerberos in one of your AP servers. Our SAP system is a SAP ECC EhP7 with Netweaver 7.40 where the CI is running on HP-UX but one of the AP servers is running in Linux 3.12.49-11-default x86_64.
We have installed the libraries that appear on the screenshot on the server:
The keytab from the CI has been copied to the / etc directory on the AP server . Using the SIDADM user we have generated the ticket /usr/bin/kinit -k -t /etc/krb5.keytab email@removed .
On RZ10, we have added the following SNC parameters:
### Parametros de SNC
snc/permit_insecure_start = 1
snc/data_protection/use = 3
snc/data_protection/max = 3
snc/data_protection/min = 1
snc/accept_insecure_r3int_rfc = 1
snc/accept_insecure_rfc = 1
snc/accept_insecure_cpic = 1
snc/accept_insecure_gui = 1
snc/gssapi_lib = /usr/lib64/libgssapi_krb5.so.2
snc/enable = 1
snc/identity/as = p: email@removed
login/password_change_for_SSO = 0
The AP server can be started without problems but when we try to access to the system via SSO we have this error:
M ThSncCheckEnv: I'm SNC acceptor
M ThSncCheckEnv: initialized snc env
M ThSncCheckEnv: snc count of T16/U23: 1
M ThSncIn: process input data at 7fe7ea30b008 with length 1812
N *** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3563]
N GSS-API(maj): No credentials were supplied, or the credentials were unavailable or inaccessible
N Unable to establish the security context
N <<- SncProcessInput()==SNCERR_GSSAPI
M *** ERROR => ThSncIn: SncProcessInput (SNCERR_GSSAPI) [thxxsnc.c 1035]
M {root-id=00505684AB7D1EE6A2F91D63738B9A86}_{conn-id=00000000000000000000000000000000}_0
M *** ERROR => ThSncIn: SncProcessInput [thxxsnc.c 1040]
M {root-id=00505684AB7D1EE6A2F91D63738B9A86}_{conn-id=00000000000000000000000000000000}_0
M in_ThErrHandle: 1
M *** ERROR => ThSncIn: SncProcessInput (step 4, th_errno 44, action 1, level 1) [thxxhead.c 11560]
M {root-id=00505684AB7D1EE6A2F91D63738B9A86}_{conn-id=00000000000000000000000000000000}_0
Does anyone know what could be happening? We have already checked the SECUDIR and SECULIB and the server hostname it´s on the DNS
Thanks a lot and best regards, Sapera
| Reply to this email to post your response. __.____._ |   _.____.__ |
