Skip to Content
avatar image
Former Member

Kerberos Configuration not working

Hi all,

We are testing Kerberos for j2ee engine (for EP 7.1). It has UME integrated to LDAP. We have used the new Spnego wizard as the AD server is Windows 2008 R2. It did not work out well.

Whenever the configuration fails, We are unable to log in to the portal/nwa as administrator or any of the test users over the AD.

Is this due to the 'adjusting the policy configuration' part that we manipulate in the Visual Admin as a part of the Kerberos configuration? What should be the default policy configuration; without kerberos?

Any inputs will be greatly appreciated.

Thanks and regards,

Rosun

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • Best Answer
    Dec 03, 2010 at 02:33 PM

    Hi Rosun,

    To better understand the problem that you have with the kerberos configuration, you should create a webdiagtool trace, as described in SAP note 1045019. This will help you to see where the problem is.

    Regarding the policy configurations, I think this documention might be useful for you:

    https://cw.sdn.sap.com/cw/docs/DOC-110960

    Regards,

    Désiré

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      I had run the web diagtool. The First warning I am getting is as follows:

      ...

      User not found by account attributes: [[namespace: com.sap.security.core.authentication, name: principal, value: TEST_USER2], [namespace: com.sap.security.core.authentication, name: realm, value: XXXXSAPTEST.COM]]

      ...

  • avatar image
    Former Member
    Dec 08, 2010 at 02:52 PM

    Please check the following blog and series og blogs by Holger. I resolved most of my issues with ABAP as datasource using these blogs.

    Configuring and troubleshooting SPNego -- Part 2

    also the following one.

    Configuring and troubleshooting SPNego -- Part 3

    Edited by: venkatesh koukuntla on Dec 8, 2010 3:55 PM

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi venkatesh,

      I am following his blogs. He would be talking about Spnego configuration. I am running an Spnego-add on. This is new and differ in parts from the previous one. This is more from a Windows 7/Windows server 2008 R2 perspective. Hence the confusion.

      Thanks though.

  • avatar image
    Former Member
    Dec 29, 2010 at 04:13 AM

    This issue is resolved. The problem was with the KTPASS command we have been running for the keytab files generation.

    Add comment
    10|10000 characters needed characters exceeded