My company is deploying SAP on SLES10 (running on zSeries). We would like to use our existing Active Directory (on Windows server 2003) for single sign-on. I have configured the SAP application servers for SNC, including using the libgssapi_krb5.so library. I installed the gsskrb5.dll as sncgss32.dll in the client's windows system32 folder.
I am inconsistently able to login to SAP with single sign-on. Sometimes it works great, and other times I get an "snc error" popup and this in my application server's log: N Tue Aug 21 08:29:55 2007 N *** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3352] N GSS-API(maj): Miscellaneous failure N GSS-API(min): Unknown code N Unable to establish the security context N <<- SncProcessInput()==SNCERR_GSSAPI M *** ERROR => ThSncIn: SncProcessInput (SNCERR_GSSAPI) [thxxsnc.c 976] M *** ERROR => ThSncIn: SncProcessInput [thxxsnc.c 981] M in_ThErrHandle: 1 M *** ERROR => ThSncIn: SncProcessInput (step 4, th_errno 44, action 1, level 1) [thxxhead.c 10375] Is this something I can fix? Unknown code doesn't tell me much. SAP states very clearly they won't help with kerberos5 problems, especially when the user store is in Active Directory. There are 3rd party products from vendors like CyberSafe that claim to work with kerberos5 and Active Directory integration, but I would prefer for what comes with SLES10 to just work for us. SLES10 installed the krb5 1.4.3 package. _________________________________________________________________ Learn.Laugh.Share. Reallivemoms is right place! http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
