Hi everyone,
we try to configure Single Sign-On for the users with SAP GUI for Windows.
The ABAP application server has been configured, and I think the config is OK, since in the log file I see:
N SncInit(): Initializing Secure Network Communication (SNC)
N AMD/Intel x86_64 with Linux (st,ascii,SAP_UC/size_t/void* = 16/64/64)
N UserId="sidadm" (1002), envvar USER="sidadm"
N SncInit(): found snc/data_protection/max=3, using 3 (Privacy Level)
N SncInit(): found snc/data_protection/min=1, using 1 (Authentication Level)
N SncInit(): found snc/data_protection/use=3, using 3 (Privacy Level)
N SncInit(): found snc/gssapi_lib=/usr/lib64/snckrb5.so
N File "/usr/lib64/snckrb5.so" dynamically loaded as external SNC-Adapter.
N The SNC-Adapter identifies as:
N External SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
N SncInit(): found snc/identity/as=p/krb5:SAPServiceSID/sapsid.intranet.ufz.de@INTRANET.UFZ.DE
N SncInit(): Accepting Credentials available, lifetime=Indefinite
N SncInit(): Initiating Credentials available, lifetime=07h 37m 16s
So, I think there is no error on the server side. But whenever a user tries to log in, he/she gets an error in SAP GUI:
---snip---
GSS-API(maj): Miscellaneous Failure
GSS-API(min): SSPI u2u-problem: please add Service principal for targe
target="p:myuser@INTRANET.UFZ.DE"
Error in SNC
---pins---
What's wrong here? Do I have to execute the "setspn" command for each user? And how would this look like? On the command line, the output of "setspn -l myuser" is empty, "setspn -l myuser@INTRANET.UFZ.DE" results in an error.
The entry in the Network tab in the SAP GUI reads either "p/krb5:myuser@INTRANET.UFZ.DE" or "p:myuser@INTRANET.UFZ.DE" or simply "P:myuser", the error remains always the same.
Can someone please help me?
Werner