It looks like You don't have - proper keytab generated for SNC - or valid SNC service principal is not in the keytab - or You forget configure external application service identity or Saprouter identity (depend where You using SNC) in config tables ( I think its something like RZ MENU 10) - or all above
Pavel M >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of JuanM >Sent: Tuesday, November 02, 2004 3:45 AM >To: [EMAIL PROTECTED] >Subject: Validation with Kerberos 5, SAP Linux, SNC for SSO > >We want to install Single Sign on functionality for SAP, with >BC-SNC, Kerberos 5 and Active >Directory, but when we configure SNC in SAP with kerberos we >have a validation error as soon as >start SAP. >Notice: >We have installed SAP over Linux which has Kerberos 5, the >library that we are using is >libgssapi_krb5.so. >The domain controllers of the AD are Windows 2003. > >The configuration seems to be ok, we create the accounts in >the AD (Linux server account >"hostname" and SAP Service account "SAPServiceXXX"), however >when SAP starts we FIND the following >error: > >N SncInit(): Initializing Secure Network Communication (SNC) >N Intel x86 with Linux (st,ascii,SAP_UC/size_t/void* = 8/32/32) >N SncInit(): found snc/data_protection/max=3, using >3 (Privacy Level) >N SncInit(): found snc/data_protection/min=3, using >3 (Privacy Level) >N SncInit(): found snc/data_protection/use=3, using >3 (Privacy Level) >N SncInit(): found snc/gssapi_lib=/usr/kerberos/lib/libgssapi_krb5.so >N File "/usr/kerberos/lib/libgssapi_krb5.so" dynamically >loaded as GSS-API v2 library. >N The internal Adapter for the loaded GSS-API mechanism >identifies as: >N Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2 >N SncInit(): found snc/identity/as=p:[EMAIL PROTECTED] >N *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI [sncxxall.c 1510] >N GSS-API(maj): Miscellaneous failure >N GSS-API(min): Permission denied >N Could't acquire ACCEPTING credentials for >N >N name="p: [EMAIL PROTECTED]" >N SncInit(): Fatal -- Accepting Credentials not available! >N <<- SncInit()==SNCERR_GSSAPI >N sec_avail = "false" > > >I can't find any information for the error code. >Could you please help me with this problem? > >Thanks in advance! > > > > > > > >___________________________________ >�Llevate a Yahoo! en tu Unif�n! >Ahora pod�s usar Yahoo! Messenger en tu Unif�n, en cualquier >momento y lugar. >Encontr� m�s informaci�n en: http://ar.mobile.yahoo.com/sms.html > >________________________________________________ >Kerberos mailing list [EMAIL PROTECTED] >https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
