SAP snc error with Kerberos5 and Active Directory
Zaphod Beeblebrox
zaphod24 at hotmail.com
Tue Aug 21 09:04:01 EDT 2007
My company is deploying SAP on SLES10 (running on zSeries). We would like to
use our existing Active Directory (on Windows server 2003) for single
sign-on. I have configured the SAP application servers for SNC, including
using the libgssapi_krb5.so library. I installed the gsskrb5.dll as
sncgss32.dll in the client's windows system32 folder.
I am inconsistently able to login to SAP with single sign-on. Sometimes it
works great, and other times I get an "snc error" popup and this in my
application server's log:
N Tue Aug 21 08:29:55 2007
N *** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3352]
N GSS-API(maj): Miscellaneous failure
N GSS-API(min): Unknown code
N Unable to establish the security context
N <<- SncProcessInput()==SNCERR_GSSAPI
M *** ERROR => ThSncIn: SncProcessInput (SNCERR_GSSAPI) [thxxsnc.c 976]
M *** ERROR => ThSncIn: SncProcessInput [thxxsnc.c 981]
M in_ThErrHandle: 1
M *** ERROR => ThSncIn: SncProcessInput (step 4, th_errno 44, action 1,
level 1) [thxxhead.c 10375]
Is this something I can fix? Unknown code doesn't tell me much. SAP states
very clearly they won't help with kerberos5 problems, especially when the
user store is in Active Directory. There are 3rd party products from vendors
like CyberSafe that claim to work with kerberos5 and Active Directory
integration, but I would prefer for what comes with SLES10 to just work for
us. SLES10 installed the krb5 1.4.3 package.
_________________________________________________________________
Learn.Laugh.Share. Reallivemoms is right place!
http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us
More information about the Kerberos
mailing list