Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Question from sapera on Oct 26 at 8:53 AM Hi, We are configuring the SSO between the Windows AD and the SAPGui using Kerberos in one of your AP servers. Our SAP system is a SAP ECC EhP7 with Netweaver 7.40 where the CI is running on HP-UX but one of the AP servers is running in Linux 3.12.49-11-default x86_64. We have installed the libraries that appear on the screenshot on the server: The keytab from the CI has been copied to the / etc directory on the AP server . Using the SIDADM user we have generated the ticket /usr/bin/kinit -k -t /etc/krb5.keytab email@removed . On RZ10, we have added the following SNC parameters: ### Parametros de SNC snc/permit_insecure_start = 1 snc/data_protection/use = 3 snc/data_protection/max = 3 snc/data_protection/min = 1 snc/accept_insecure_r3int_rfc = 1 snc/accept_insecure_rfc = 1 snc/accept_insecure_cpic = 1 snc/accept_insecure_gui = 1 snc/gssapi_lib = /usr/lib64/libgssapi_krb5.so.2 snc/enable = 1 snc/identity/as = p: email@removed login/password_change_for_SSO = 0 The AP server can be started without problems but when we try to access to the system via SSO we have this error: M ThSncCheckEnv: I'm SNC acceptor M ThSncCheckEnv: initialized snc env M ThSncCheckEnv: snc count of T16/U23: 1 M ThSncIn: process input data at 7fe7ea30b008 with length 1812 N *** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3563] N GSS-API(maj): No credentials were supplied, or the credentials were unavailable or inaccessible N Unable to establish the security context N <<- SncProcessInput()==SNCERR_GSSAPI M *** ERROR => ThSncIn: SncProcessInput (SNCERR_GSSAPI) [thxxsnc.c 1035] M {root-id=00505684AB7D1EE6A2F91D63738B9A86}_{conn-id=00000000000000000000000000000000}_0 M *** ERROR => ThSncIn: SncProcessInput [thxxsnc.c 1040] M {root-id=00505684AB7D1EE6A2F91D63738B9A86}_{conn-id=00000000000000000000000000000000}_0 M in_ThErrHandle: 1 M *** ERROR => ThSncIn: SncProcessInput (step 4, th_errno 44, action 1, level 1) [thxxhead.c 11560] M {root-id=00505684AB7D1EE6A2F91D63738B9A86}_{conn-id=00000000000000000000000000000000}_0 Does anyone know what could be happening? We have already checked the SECUDIR and SECULIB and the server hostname it´s on the DNS Thanks a lot and best regards, Sapera | Reply to this email to post your response. __.____._ | _.____.__ |