SAP snc error with Kerberos5 and Active Directory

Zaphod Beeblebrox zaphod24 at hotmail.com
Tue Aug 21 09:04:01 EDT 2007


My company is deploying SAP on SLES10 (running on zSeries). We would like to 
use our existing Active Directory (on Windows server 2003) for single 
sign-on. I have configured the SAP application servers for SNC, including 
using the libgssapi_krb5.so library. I installed the gsskrb5.dll as 
sncgss32.dll in the client's windows system32 folder.

I am inconsistently able to login to SAP with single sign-on. Sometimes it 
works great, and other times I get an "snc error" popup and this in my 
application server's log:


N Tue Aug 21 08:29:55 2007
N  *** ERROR => SncPEstablishContext()==SNCERR_GSSAPI  [sncxxall.c 3352]
N        GSS-API(maj): Miscellaneous failure
N        GSS-API(min): Unknown code
N      Unable to establish the security context
N  <<- SncProcessInput()==SNCERR_GSSAPI
M  *** ERROR => ThSncIn: SncProcessInput (SNCERR_GSSAPI) [thxxsnc.c    976]
M  *** ERROR => ThSncIn: SncProcessInput [thxxsnc.c    981]
M  in_ThErrHandle: 1
M  *** ERROR => ThSncIn: SncProcessInput (step 4, th_errno 44, action 1, 
level 1) [thxxhead.c   10375]

Is this something I can fix? Unknown code doesn't tell me much. SAP states 
very clearly they won't help with kerberos5 problems, especially when the 
user store is in Active Directory. There are 3rd party products from vendors 
like CyberSafe that claim to work with kerberos5 and Active Directory 
integration, but I would prefer for what comes with SLES10 to just work for 
us. SLES10 installed the krb5 1.4.3 package.

_________________________________________________________________
Learn.Laugh.Share. Reallivemoms is right place! 
http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us




More information about the Kerberos mailing list