on 04-17-2014 4:57 AM
Hi All,
Went through the docs + forums & even in the midst of OSS support but without any luck. Any insight will be much appreciated.
As per topic attempting to make use of SAP SNC with SLL without SSO. SAP ABAP on Unix & Active directory on Windows. Below config
Setspn command
setspn -S SAP/LDOWNIHRSADM DOMAINCONTROLLER\LDOWNIHRSADM
Registering ServicePrincipalNames for CN=LDOWNIHRSADM,CN=Users,DC=TST,DC=DOMAIN,DC=COM
SAP/LDOWNIHRSADM
Updated object
snc status -v
------------------------------------------------------------------------------
------------ status -------------------------------------------------------
------------------------------------------------------------------------------
Product version : Secure Login Library 1.0 SP 4 Patch 3
: CryptoLib 8.3.7.12
: aix-6.1-ppc-64
GSS library : available
GSS library name : libsecgss.so
PSE directory : (existing) /usr/sap/SM1/DVEBMGS00/sec
PSE file : (existing) /usr/sap/SM1/DVEBMGS00/sec/pse.zip
STRUST cred file : (missing ) /usr/sap/SM1/DVEBMGS00/sec/cred_v2
SNC config file : (existing) /usr/sap/SM1/DVEBMGS00/SLL/gss.xml
PSE accessible : yes
PSE logged in : yes
PSE credentials : MasterPassword SystemDefault
Kerberos keyTab : 4 entries
1: LDOWNIHRSADM@TST.DOMAIN.COM (KeyType DES)
2: LDOWNIHRSADM@TST.DOMAIN.COM (KeyType AES128)
3: LDOWNIHRSADM@TST.DOMAIN.COM (KeyType AES256)
4: LDOWNIHRSADM@TST.DOMAIN.COM (KeyType RC4)
------------------------------------------------------------------------------
SNC keys registered : 0 entries
Trusted certificates:
log from dev_w0
N SncInit(): Initializing Secure Network Communication (SNC)
N IBM RS/6000 with AIX (st,ascii,SAP_UC/size_t/void* = 16/64/64)
N UserId="sm1adm" (5180), envvar USER="sm1adm"
N SncInit(): found snc/data_protection/max=3, using 3 (Privacy Level)
N SncInit(): found snc/data_protection/min=1, using 1 (Authentication Level)
N SncInit(): found snc/data_protection/use=1, using 1 (Authentication Level)
N SncInit(): found snc/gssapi_lib=/usr/sap/SM1/DVEBMGS00/SLL/libsecgss.so
N File "/usr/sap/SM1/DVEBMGS00/SLL/libsecgss.so" dynamically loaded as GSS-API v2 library.
N The internal Adapter for the loaded GSS-API mechanism identifies as:
N Internal SNC-Adapter (Rev 1.0) to SAP Netweaver Single Sign-On v1.x
N SncInit(): found snc/identity/as=p:CN=LDOWNIHRSADM@TST.DOMAIN.COM
N
N Thu Apr 17 10:52:21 2014
N SncInit(): Accepting Credentials available, lifetime=Indefinite
N SncInit(): Initiating Credentials available, lifetime=Indefinite
M ***LOG R1Q=> p:CN=LDOWNIHRSADM@TST.DOMAIN.COM [thxxsnc.c 265]
M SNC (Secure Network Communication) enabled
Instance Profile for SNC
snc/permit_insecure_start = 1
snc/data_protection/use = 1
snc/data_protection/max = 3
snc/data_protection/min = 1
snc/accept_insecure_r3int_rfc = 1
snc/accept_insecure_gui = 1
snc/accept_insecure_rfc = 1
snc/accept_insecure_cpic = 1
snc/enable = 1
snc/gssapi_lib = /usr/sap/SM1/DVEBMGS00/SLL/libsecgss.so
snc/identity/as = p:CN=LDOWNIHRSADM@TST.DOMAIN.COM
ssf/ssfapi_lib = $(ssl/ssl_lib)
sec/libsapsecu = $(ssl/ssl_lib)
SAP Logon Entry
Error when logging on.
If you have read this far thanks!
Solved. Was testing with user from domain A but my machine with SAP GUI belong in domain B.
Now I need to figure out how to work with multiple domains.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Wei Liang Yew,
the client side error message shows that you use a different SNC library on client side as
on server side. Unfortunately there are not compatible. If you use Secure Login
Library on server side, then you have to use the
Secure Login Client or SNC client encryption on client side to get it work.
With SNC client encryption wou will have no SSO of cause.
What client do you use on client SAP GUI side?
best regards
Alexander Gimbel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.