Hi All
I have been searching for the proper documentation for mapping the SAP Users with Windows Domain users, but could'nt get the correct documentation so far. I got one but it was for windows 2000 from Realtech.
All our SAP Systems run on Red Hat Linux Enterprise 5.2 and all our users are to be mapped from Windows 2008 Domain controller to SAP.
Can anyone please throw some light on how to map the sap users to windows users and what are the steps that we need to follow to setup the Application server on linux level?
We followed to set-up the Service Principal Name for sap system and the tickets are getting generated, after I enabled the SNC related profile parameters, the system is not coming up, below the profile parameters I have set and output of dev_w0 file:
Profile Parameters:
snc/gssapi_lib /usr/lib64/snckrb5.so
snc/identity/as p/krb5:SAPService/linuxlabsrv.domainname@DOMAINNAME SNC identity
snc/enable 1 Use SNC
snc/accept_insecure_cpic 1 Permit CPIC without SNC
snc/accept_insecure_rfc 1 Permit RFC without SNC
snc/accept_insecure_gui 1 Permit SAPGUI connections without SNC
snc/accept_insecure_r3int_rfc 1 Permit internal RFC connections without SNC
snc/data_protection/min 1 Min. protection level 1 (authentication)
snc/data_protection/max 3 Max. protection level 3 (encryption)
snc/data_protection/use 3 Use level of snc/data_protection/max
snc/permit_insecure_start 1 Allow execution of external programs without SNC
dev_w0 Errror:
SncInit(): Initializing Secure Network Communication (SNC)
N AMD/Intel x86_64 with Linux (st,ascii,SAP_UC/size_t/void* = 16/64/64)
N SncInit(): found snc/data_protection/max=3, using 3 (Privacy Level)
N SncInit(): found snc/data_protection/min=1, using 1 (Authentication Level)
N SncInit(): found snc/data_protection/use=3, using 3 (Privacy Level)
N SncInit(): found snc/gssapi_lib=/usr/lib64/snckrb5.so
N File "/usr/lib64/snckrb5.so" dynamically loaded as SNC-Adapter.
N The Adapter identifies as:
N External SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
N SncInit(): found snc/identity/as=p:sapservicedpi
N *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI [sncxxall.c 1432]
N GSS-API(maj): Unspecified GSS failure. Minor code may provide more information
N GSS-API(min): No principal in keytab matches desired name
N Could't acquire ACCEPTING credentials for
N
N name="p:sapservicedpi@domainname"
M *** ERROR => ErrISetSys: error info too large [err.c 944]
M Mon Apr 20 18:03:05 2009
M LOCATION SAP-Server omtr-sap-pi_DPI_00 on host omtr-sap-pi (wp 0)
M ERROR GSS-API(maj): Unspecified GSS failure. Minor code may provi
M GSS-API(min): No principal in keytab matches desired name
M name="p:sapservicedpi@domainname"
M TIME Mon Apr 20 18:03:05 2009
M RELEASE 700
M COMPONENT SNC (Secure Network Communication)
M VERSION 5
==========================================================================
Can some one please throw some light....
Thanks
Sri