On 9 Jun., 10:17, Michael Ströder <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > > SAP Support says, that the guys at MIT have successfully implemented > > such a scenario > > One of my customers also successfully installed that. I wasn't involved > in that though. > > With this particular error message I'd examine two things: > 1. DNS A and PTR RRs for all involved systems. > 2. Attribute servicePrincipalName for the server account. > > Ciao, Michael.
We have A und PTR for all our systems. But the KDCs are in the DNS Domain intra.cvk.de and the SAP Servers are in cvk.de. The settings dns_lookup_realm = false and dns_lookup_kdc = false should suppress at least some of the DNS requests. What do you mean by Attribute servicePrincipalName? We've already had to set a servicePrincipalName per AD SAP ServiceAccount, because we've had to produce a keytab with ktpass for each one of them. Does your customer run his SAP Servers on Linux? Regards, Thomas ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos