Skip to Content
0
Former Member
May 28, 2007 at 02:06 PM

Kerberos configure not working in EP7 unix - Win ADS 2003

41 Views

Hi all:

I configure the Kerberos using SpNegoWizard.

After that I restart the EP7 in ibm aix.

I run the Diagtool, it checks my configure, and it does not print any warning or errors.

But when I run KERBTRAY in client machine, I found some strange things. Because my test users are using RemoteDesktop to login in EP. So when one test user login in the Remote Desktop in ADS, the Kerbtray util tool only display 2 Service Principal:

host/cn-sapdc01.cnsap.tst

krbtgt/CNSAP.TST

the cn-sapdc01 is the ADS server

cn-s-sapepq07.cn.test.com is the EP server

I access the Portal server in IE 7, there is no new service principal in Kerbtray tool. Is there something my configure wrong ?

I run ktpass and setspn like:

ktpass -princ host/cn-s-sapepq07.cn.test.com@CNSAP.TST -pass TestMe5So -out sap_svc3.keytab -mapUser j2ee-q09adm +DesOnly /crypto DES-CBC-MD5 /ptype KRB5_NT_PRINCIPAL

setspn -A HTTP/cn-s-sapepq07.cn.test.com j2ee-q09adm

setspn -A host/cn-s-sapepq07.cn.test.com j2ee-q09adm

for the Diagtool, it generate the output report like:

[1180359668151][May 28, 2007 9:41:08 PM ] - CLIENT: 2560, REQUEST:

{GET /irj/portal HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, /

Accept-Language: zh-cn

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Host: cn-s-sapepq07.cn.abb.com:50100

Connection: Keep-Alive

Cookie: saplb_*=(J2EE14167500)14167550; JSESSIONID=(J2EE14167500)ID2049890150DB10367346751886666640End

[1180359668290][May 28, 2007 9:41:08 PM ] - CLIENT: 2560, REPLY:

{HTTP/1.1 200 OK

Server: SAP J2EE Engine/7.00

Content-Type: text/html; charset=UTF-8

Content-Language: zh-CN

expires: 0

Content-Encoding: gzip

Date: Mon, 28 May 2007 13:41:08 GMT

Transfer-Encoding: chunked

Set-Cookie: PortalAlias=portal; Path=/

[1180359675881][May 28, 2007 9:41:15 PM ] - CLIENT: 2816, REQUEST:

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /

Accept-Language: en-us

UA-CPU: x86

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)

[1180359675899][May 28, 2007 9:41:15 PM ] - CLIENT: 2816, REPLY:

Set-Cookie: saplb_*=(J2EE14167500)14167550; Version=1; Path=/

Content-Language: en-US

Date: Mon, 28 May 2007 13:41:15 GMT

Set-Cookie: JSESSIONID=(J2EE14167500)ID1304956950DB10359115125736143867End; Version=1; Domain=.cn.abb.com; Path=/

[1180359675926][May 28, 2007 9:41:15 PM ] - CLIENT: 3072, REQUEST:

{GET /irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/sap_tradeshow/glbl/glbl_ie6.css?7.0.5.0.0 HTTP/1.1

Accept: /

Referer: http://cn-s-sapepq07.cn.abb.com:50100/irj/portal

Cookie: saplb_*=(J2EE14167500)14167550; PortalAlias=portal; JSESSIONID=(J2EE14167500)ID1304956950DB10359115125736143867End

[1180359675931][May 28, 2007 9:41:15 PM ] - CLIENT: 3072, REPLY:

Content-Type: text/css

Last-Modified: Tue, 03 Apr 2007 09:29:47 GMT

Cache-Control: max-age=86400

Content-Length: 5282

[1180359675963][May 28, 2007 9:41:15 PM ] - CLIENT: 3072, REQUEST:

{GET /irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/sap_tradeshow/prtl_std/prtl_std_ie6.css?7.0.5.0.0 HTTP/1.1

[1180359675967][May 28, 2007 9:41:15 PM ] - CLIENT: 3072, REPLY:

Last-Modified: Tue, 03 Apr 2007 09:29:49 GMT

Content-Length: 440

[1180359676087][May 28, 2007 9:41:16 PM ] - CLIENT: 3072, REQUEST:

{GET /irj/portalapps/com.sap.portal.epcf.loader/script/optimize/js13_epcf.js?6.45000903 HTTP/1.1

[1180359676091][May 28, 2007 9:41:16 PM ] - CLIENT: 3072, REPLY:

Content-Type: application/x-javascript

Last-Modified: Tue, 03 Apr 2007 09:35:02 GMT

Content-Length: 12166

Date: Mon, 28 May 2007 13:41:16 GMT

[1180359680603][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REQUEST:

{GET /irj/portalapps/com.sap.portal.runtime.logon/css/logon.css HTTP/1.1

[1180359680603][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REQUEST:

{GET /irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal/sap_tradeshow/ur/ur_ie6.css?7.0.5.0.0 HTTP/1.1

[1180359680606][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REPLY:

Last-Modified: Wed, 04 Apr 2007 09:38:04 GMT

Content-Length: 117

Date: Mon, 28 May 2007 13:41:20 GMT

[1180359680607][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REPLY:

Last-Modified: Tue, 03 Apr 2007 09:34:32 GMT

Content-Length: 24029

[1180359680667][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REQUEST:

{GET /irj/portalapps/com.sap.portal.runtime.logon/css/main2.css HTTP/1.1

[1180359680675][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REPLY:

Content-Length: 2620

[1180359680852][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REQUEST:

{GET /irj/portalapps/com.sap.portal.runtime.logon/js/basic.js HTTP/1.1

[1180359680855][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REPLY:

Content-Length: 739

[1180359680879][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REQUEST:

{GET /irj/portalapps/com.sap.portal.runtime.logon/layout/branding-image.jpg HTTP/1.1

[1180359680879][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REQUEST:

{GET /irj/portalapps/com.sap.portal.runtime.logon/layout/branding-text.gif HTTP/1.1

[1180359680881][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REPLY:

Content-Type: image/gif

Content-Length: 1866

[1180359680882][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REPLY:

Content-Type: image/jpeg

Content-Length: 25443

[1180359680909][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REQUEST:

{GET /irj/portalapps/com.sap.portal.runtime.logon/layout/sapLogo.gif HTTP/1.1

[1180359680911][May 28, 2007 9:41:20 PM ] - CLIENT: 2816, REPLY:

Content-Length: 1426

[1180359680919][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REQUEST:

{GET /irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal/sap_tradeshow/common/label/3x1_label_designbar.gif?7.0.9.0.0 HTTP/1.1

[1180359680922][May 28, 2007 9:41:20 PM ] - CLIENT: 3072, REPLY:

Last-Modified: Tue, 03 Apr 2007 09:34:11 GMT

Content-Length: 43

[1180359681530][May 28, 2007 9:41:21 PM ] - CLIENT: 3072, REQUEST:

{GET /favicon.ico HTTP/1.1

[1180359681532][May 28, 2007 9:41:21 PM ] - CLIENT: 3072, REPLY:

{HTTP/1.1 404 Not Found

Pragma: no-cache

Cache-Control: no-cache

Expires: 0

Content-Type: text/html

Content-Length: 1845

Date: Mon, 28 May 2007 13:41:21 GMT

101 lines

-


I do think there is some error configure in my ADS, Client side, right ?