on 07-13-2011 8:10 AM
Hi all,
All our SAP system are under Linux Suse10, and we planned to join it with Windows 2008 Domain (Active Directory)
May i know is anyone has been success done on this without using any 3rd party tools which certified by SAP?
From my research, in order to done this i have to download a tool called as SNC adapter? Anyone have this?
Hope you guys can help me on this.
Thanks,
Regards,
Thomas
Hi all,
I am getting this error message, can anyone help me on this?
SsfSapSecin: automatic application server initialization for SAPSECULIB
SsfSapSecin: Looking for PSE in database
SsfPseLoad: started...(path=/usr/sap/A01/DVEBMGS01/sec, AS=sapA01, instanceid=01)
SsfPseLoad: Downloading file /usr/sap/A01/DVEBMGS01/sec/SAPSYS.pse (client: , key: SYSPSE, len: 1619)
SsfPseLoad: ended (1 of 1 sucessfully loaded, 1 checked...
MskiCreateLogonTicketCache: Logon Ticket cache created in shared memory.
MskiCreateLogonTicketCache: Logon Ticket cache pointer registered in shared memory.
SncInit(): Initializing Secure Network Communication (SNC)
AMD/Intel x86_64 with Linux (st,ascii,SAP_UC/size_t/void* = 16/64/64)
SncInit(): found snc/data_protection/max=3, using 3 (Privacy Level)
SncInit(): found snc/data_protection/min=1, using 1 (Authentication Level)
SncInit(): found snc/data_protection/use=3, using 3 (Privacy Level)
SncInit(): found snc/gssapi_lib=/usr/lib64/snckrb5.so
File "/usr/lib64/snckrb5.so" dynamically loaded as external SNC-Adapter.
The SNC-Adapter identifies as:
External SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
SncInit(): found snc/identity/as=p:SAPServiceA01'@'DOMAIN
ERROR => SncPAcquireCred()==SNCERR_GSSAPI [sncxxall.c 1439]
GSS-API(maj): Miscellaneous failure
GSS-API(min): No principal in keytab matches desired name
Could't acquire ACCEPTING credentials for
name="p:SAPServiceA01'@'DOMAIN"
SncInit(): Fatal -- Accepting Credentials not available!
<<- SncInit()==SNCERR_GSSAPI
sec_avail = "false"
LOG R19=> ThSncInit, SncInitU ( SNC-000004) [thxxsnc.c 230]
ERROR => ThSncInit: SncInitU (SNCERR_GSSAPI) [thxxsnc.c 232]
in_ThErrHandle: 1
ERROR => SncInitU (step 1, th_errno 44, action 3, level 1) [thxxhead.c 10589]
Thanks,
Regards,
Thomas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Arun,
For your information, you can go:-
-> Installations and Upgrades
-> Browse our Download Catalog
-> SAP NetWeaver and complementary products
-> SAP NW SINGLE SIGN ON
-> SAP NW SINGLE SIGN ON 1.0
-> Installation
-> Downloads
But you need to check with your SAP local contract department, and see is that your SAP has the valid contract to download
'SAP NW SINGLE SIGN ON 1.0'?
Thanks,
Best Regards,
Thomas
Hi ,
Our SAP installation (ECC 6.) is on RHEL 5.4 and we have a requirment to integrate SAP with AD (MS Active directory) for authentication purpose. SSO and SNC is not a requirement, but if it come as a by product of the primary requirement, it s fine.
Can we get this done without using any 3rd party security tools ? If so what are the solutions ?
Can SAP Netweaver Single Sign-On 1.0 be a solution to our reqirement ? Would this be a good route ?
With SAP Netweaver Single Sign-On 1.0 can certain user like RF gun users be omited from SSO, but still be authenticated with AD ?
Appreciate your help on this matter.
Regards
Edited by: Param on Jan 23, 2012 11:46 PM
Hi all,
>
> All our SAP system are under Linux Suse10, and we planned to join it with Windows 2008 Domain (Active Directory)
> May i know is anyone has been success done on this without using any 3rd party tools which certified by SAP?
>
> From my research, in order to done this i have to download a tool called as SNC adapter? Anyone have this?
>
>
> Hope you guys can help me on this.
>
> Thanks,
> Regards,
> Thomas
Hi Thomas,
Check the articles, below;
You can check SAP EcoHub, also
Best regards,
Orkun Gedik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.