on 09-12-2005 4:27 PM
I've a problem with the new ITS 6.20 (PL18). I like to create a Instance on which one the Agate and the Wgate are encrypted with SNC from Secude.
At the moment the wgate works fine. No Errors are into the trace-files. But the Agate has some Problems.
Here the basis-trace from agate:
[Thr 2204] GSS-API(maj): No credentials were supplied
[Thr 2204] GSS-API(min): No credentials found for this name ( not logged on )
[Thr 2204] Could't acquire ACCEPTING credentials for
[Thr 2204] name="p:CN=SERVER1, OU=1, OU=2, O=3, C=4"
Does anybody know how the credentials should be called ?
in the XML-Config sheet (ItsRegistryIT1.xml) i wrote in the Secudir and the creddir (from secude-instruction). But the ITS don't find any credentials. They are called (cred_v2)at the moment, but i allready sampled with names like cred or cred_v5 etc.
The Config-File (ItsRegistryIT1.xml) is looking like that:
<section name="IT1">
<key name="Programs">
(...)
<key name="AGate">
(...)
<key name="environment">
<value name="SECUDIR" type="text">C:secudeagate</value>
<value name="SNC_LIB" type="text">C:secudebinsecude.dll</value>
<value name="creddir" type="text">C:secudeagate</value>
</key>
(...)
And again at the End (to play it safe )
(...)
<key name="environment">
<value name="SECUDIR" type="text">C:secudeagate</value>
<value name="SNC_LIB" type="text">C:secudebinsecude.dll</value>
<value name="creddir" type="text">C:secudeagate</value>
</key>
</section>
I hope someone can help me.
Marco
Message was edited by: Marco Hochstrasser
I solved the problem myself.
Because of the wrong assignment of the credentials many errors occur!
The following steps are necessary to run ITS 6.20 with Secude!
I take it that the wgate and the agate are onto the same server.
Firstly you have to create the credentials for Wgate as follows:
set Path=c:secudebin;%Path%
set CREDDIR=c:secudewgate
cacls c:secudewgate*wgate*.pse /E /G <web-server-useraccount>:R
secude seclogin -p c:secudewgate*wgate*.pse -O <web-server-useraccount>
cacls c:secudewgatecred_v2 /E /G <its-serviceaccount>:R
The same with the Agate-pse.
set Path=c:secudebin;%Path%
set CREDDIR=c:secudeagate
cacls c:secudeagate*agate*.pse /E /G <its-serviceaccount>:R
secude seclogin -p c:secudeagate*agate*.pse -O <its-serviceaccount>
cacls c:secudeagatecred_v2 /E /G <its-serviceaccount>:R
Additionally you can check with "secude seclogin -l" which credentials are installed yet.
Unlike the older ITS, the Configurationparameters of the ITS has to be set into the predefinded .XML Files, which are
located in D:\SAP\ITS\6.20\config (standard-installation)
There are two important Files.
The first is the ItsRegistryWGATE.xml.
With secude-lib's an all SNC's the Configurationfile is looking like that:
<section name="WGATE">
<i>[...]</i>
<key name="LocalWgates">
<key name="WGATE_IIS_IT1">
<key name="Global">
<i>[...]</i>
<key name="Instances">
<i>[...]</i>
<key name="IT1">
<key name="Values">
<i>[...]</i>
</key>
<key name="Agates">
<key name="Agate1">
<value name="Host" type="text">its_sapgm</value>
<value name="PortAGate" type="text">sapavw00_IT1</value>
<value name="PortMManager" type="text">sapavwmm_IT1</value>
<value name="MultiProcess" type="text">no</value>
<value name="Available" type="text">yes</value>
<value name="Secure" type="text"><b>1</b></value>
<value name="Type" type="text"><b>2</b></value>
<value name="SncNameAGate" type="text"><b>p:CN=agate, OU=Server, OU=Services, C=Country</b></value>
<value name="SncNameWGate" type="text"><b>p:CN=wgate, OU=Server, OU=Services, C=Country</b></value>
</key>
</key>
<key name="Headers"/>
</key>
<i>[...]</i>
</key>
</key>
</key>
<key name="environment">
<value name="SNC_LIB" type="text"><b>C:secudebinsecude.dll</b></value>
<value name="creddir" type="text"><b>C:secudewgate</b></value>
</key>
</section>
The secound Configuration File is the ItsRegistry<SID>.xml
This file looks like that:
<section name="IT1">
<key name="Programs">
<i>[...]</i>
<key name="Connects">
<value name="Host" type="text">its_sapgm</value>
<value name="PortAGate" type="text">sapavw00_IT1</value>
<value name="PortMManager" type="text">sapavwmm_IT1</value>
<value name="Type" type="text">2</value>
<value name="SncNameAGate" type="text"><b>p:CN=agate, OU=Server, OU=Services, C=Country</b></value>
<value name="SncNameWGate" type="text"><b>p:CN=wgate, OU=Server, OU=Services, C=Country</b></value>
</key>
<i>[...]</i>
<key name="environment">
<value name="SNC_LIB" type="text"><b>C:secudebinsecude.dll</b></value>
<value name="creddir" type="text"><b>C:secudeagate</b></value>
</key>
</section>
After these steps the agate should connect without any problems directly and "secured" to the wgate. (If it works like that, you can see something like that into your wgate_sapbasis.trc)
<i>[Thr 3216] <<- SncProcessInput()==SAP_O_K
[Thr 3216] return values = "(Privacy) in=88, back=0, out=12"
[Thr 3216] NiIRead: read 1922, 1 packs, MESG_IO, handle 1, data complete
[Thr 3216] ->> SncProcessInput(snc_hdl=018EBDE8, ibuf=0190E1E0, ilen=1922, &obuf=00D17220,
&olen=00D1722C, &backbuf=00D17224, &backlen=00D17228)
[Thr 3216] <<- SncProcessInput()==SAP_O_K
[Thr 3216] return values = "(Privacy) in=1922, back=0, out=1845"
[Thr 3216] NiIRead: read 88, 1 packs, MESG_IO, handle 1, data complete
[Thr 3216] ->> SncProcessInput(snc_hdl=018EBDE8, ibuf=01910210, ilen=88, &obuf=00D17220,
&olen=00D1722C, &backbuf=00D17224, &backlen=00D17228)
[Thr 3216] <<- SncProcessInput()==SAP_O_K
[Thr 3216] return values = "(Privacy) in=88, back=0, out=12"
[Thr 3216] <<- SncSessionDone()==SAP_O_K
[Thr 3216] NiICloseHandle: shutdown and close nihandle-socket 1-636
</i>
Regards
Marco
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.