Hi there,
We are trying to implement SPNego single sign-on on SAP Netweaver 2004S
SR2 Portal 7.0..
We have implemented instructions as per help.sap.com. We have also
implemented numerous notes...
968191 - SPNego: Central Note
927350 - keytab generation for Kerberos authentication with SPNego
982127 - Troubleshooting authentication problems
957666 - tool for Troubleshooting Security Configuration
957707 - Using Diagtool for Troubleshooting Single Sign-On
935644 - configuring kerberos on NW04 against database user store
Our LDAP resides on ADS Windows 2003 Server SP1 (used ktab as
workaround since ktpass tool is incompatible)
Client is WinXP SP2 (hotfix applied KB885887)
Some further info:
- J2EE system is running on Windows 2003 SP1 64-bit (x86_64)
- Running on NetWeaver 2004s SR2 (SP9)
- We've applied the patch described in note 982044
- We're authenticating against Active Directory. Kerberos realm is
ENGENOIL.NET. The service user in AD was created according to the
guidelines in note 986060
We've installed the w2k_lsa_auth.dll from a 1.5.0 JVM for x86_64, as
per customer message 1853075/2006. As described above, the keytab
being used was generated using the JVM tool ktab rather than the
Kerberos tools on the AD domain controller, which is running
Windows 2003 SP1.
Your help will be much appreciated...