Skip to Content
0
Former Member
Apr 21, 2009 at 01:05 AM

SSO - Windows 2008 Domain to RHEL 5.2 Authentication

150 Views

Hi All

I have been searching for the proper documentation for mapping the SAP Users with Windows Domain users, but could'nt get the correct documentation so far. I got one but it was for windows 2000 from Realtech.

All our SAP Systems run on Red Hat Linux Enterprise 5.2 and all our users are to be mapped from Windows 2008 Domain controller to SAP.

Can anyone please throw some light on how to map the sap users to windows users and what are the steps that we need to follow to setup the Application server on linux level?

We followed to set-up the Service Principal Name for sap system and the tickets are getting generated, after I enabled the SNC related profile parameters, the system is not coming up, below the profile parameters I have set and output of dev_w0 file:

Profile Parameters:

snc/gssapi_lib /usr/lib64/snckrb5.so

snc/identity/as p/krb5:SAPService/linuxlabsrv.domainname@DOMAINNAME SNC identity

snc/enable 1 Use SNC

snc/accept_insecure_cpic 1 Permit CPIC without SNC

snc/accept_insecure_rfc 1 Permit RFC without SNC

snc/accept_insecure_gui 1 Permit SAPGUI connections without SNC

snc/accept_insecure_r3int_rfc 1 Permit internal RFC connections without SNC

snc/data_protection/min 1 Min. protection level 1 (authentication)

snc/data_protection/max 3 Max. protection level 3 (encryption)

snc/data_protection/use 3 Use level of snc/data_protection/max

snc/permit_insecure_start 1 Allow execution of external programs without SNC

dev_w0 Errror:

SncInit(): Initializing Secure Network Communication (SNC)

N AMD/Intel x86_64 with Linux (st,ascii,SAP_UC/size_t/void* = 16/64/64)

N SncInit(): found snc/data_protection/max=3, using 3 (Privacy Level)

N SncInit(): found snc/data_protection/min=1, using 1 (Authentication Level)

N SncInit(): found snc/data_protection/use=3, using 3 (Privacy Level)

N SncInit(): found snc/gssapi_lib=/usr/lib64/snckrb5.so

N File "/usr/lib64/snckrb5.so" dynamically loaded as SNC-Adapter.

N The Adapter identifies as:

N External SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2

N SncInit(): found snc/identity/as=p:sapservicedpi

N *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI [sncxxall.c 1432]

N GSS-API(maj): Unspecified GSS failure. Minor code may provide more information

N GSS-API(min): No principal in keytab matches desired name

N Could't acquire ACCEPTING credentials for

N

N name="p:sapservicedpi@domainname"

M *** ERROR => ErrISetSys: error info too large [err.c 944]

M Mon Apr 20 18:03:05 2009

M LOCATION SAP-Server omtr-sap-pi_DPI_00 on host omtr-sap-pi (wp 0)

M ERROR GSS-API(maj): Unspecified GSS failure. Minor code may provi

M GSS-API(min): No principal in keytab matches desired name

M name="p:sapservicedpi@domainname"

M TIME Mon Apr 20 18:03:05 2009

M RELEASE 700

M COMPONENT SNC (Secure Network Communication)

M VERSION 5

==========================================================================

Can some one please throw some light....

Thanks

Sri