Hi, I am trying to configure Single Sign-On based on Kerberos/SPNEGO. I have sucessfully already configured in other servers however in this one I am not able to success.
The error I am getting in dev_w0 is the following:
N SncInit(): Initializing Secure Network Communication (SNC)
N PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
N GetUserName()="SAPServiceSH1" NetWkstaUser="SAPServiceSH1"
N SncInit(): found snc/data_protection/max=3, using 3 (Privacy Level)
N SncInit(): found snc/data_protection/min=2, using 2 (Integrity Level)
N SncInit(): found snc/data_protection/use=3, using 3 (Privacy Level)
N SncInit(): found snc/gssapi_lib=F:\usr\sap\SH1\DVEBMGS01\SLL\sapcrypto.dll
N File "F:\usr\sap\SH1\DVEBMGS01\SLL\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
N SECUDIR="C:\Users\sapservicesh1.SNL\AppData\Local\sec" (from APPDATA)
N The internal Adapter for the loaded GSS-API mechanism identifies as:
N Internal SNC-Adapter (Rev 1.1) to CommonCryptoLib
N Product Version = CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.42 pl40 (Sep 24 2015) MT-safe
N SncInit(): found snc/identity/as=p:CN=SL-ABAP-SH1@<DOMAIN>
N *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI [D:/depot/bas/74 1445]
N GSS-API(maj): No credentials were supplied
N Could't acquire ACCEPTING credentials for
N
N name="p:CN=SL-ABAP-SH1@<DOMAIN>"
N FATAL SNCERROR -- Accepting Credentials not available!
N (debug hint: default acceptor = "p:CN=DummyCredential")
N <<- SncInit()==SNCERR_GSSAPI
N sec_avail = "false"
M ***LOG R19=> ThSncInit, SncInitU ( SNC-000004) [thxxsnc.c 271]
M *** ERROR => ThSncInit: SncInitU (SNCERR_GSSAPI) [thxxsnc.c 273]
M in_ThErrHandle: 1
M *** ERROR => SncInitU (step TH_INIT, thRc ERROR-SNC-OTHER ERROR IN SNC LAYER, action STOP_WP, level 1) [thxxhead.c 2393]
Note: Where is <DOMAIN> I replaced with the correct domain.
Possible solution:
How can i set permanetly the SECUDIR to F:\usr\sap\SH1\DVEBMGS01\sec instead of C:\Users\sapservicesh1.SNL\AppData\Local\sec
I have executed the following commands:
1. set SECUDIR=F:\usr\sap\SH1\DVEBMGS01\sec
2. sapgenpse keytab -p SAPSNCSKERB.pse -a SL-ABAP-SH1@<DOMAIN>
3. sapgenpse seclogin -p SAPSNCSKERB.pse -O snl\SAPServiceSH1 -N
Profile Parameters:
snc/enable=1
snc/gssapi_lib=F:\usr\sap\SH1\DVEBMGS01\SLL\sapcrypto.dll
snc/identity/as= p:CN=SL-ABAP-SH1@<DOMAIN>
snc/data_protection/min=2
snc/data_protection/max=3
snc/data_protection/use=3
snc/accept_insecure_gui=1
snc/accept_insecure_rfc=1
snc/accept_insecure_cpic=1
snc/permit_insecure_start=1
snc/r3int_rfc_qop=8
snc/r3int_rfc_secure=0
snc/force_login_screen=0
spnego/enable=1
spnego/krbspnego_lib= F:\usr\sap\SH1\DVEBMGS01\SLL\sapcrypto.dll
SAPCRYPTOLIB= F:\usr\sap\SH1\DVEBMGS01\SLL\sapcrypto.dll
Information:
Command sapgenpse:
Command sapgenpse seclogin -l
Checked the RSBDCOS0 (t-code SE38) and executed the command sapgenpse seclogin -l 2>&1
Command setspn -L SL-ABAP-SH1
Command klist
