On 9 Jun., 10:17, Michael Ströder <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > SAP Support says, that the guys at MIT have successfully implemented
> > such a scenario
>
> One of my customers also successfully installed that. I wasn't involved
> in that though.
>
> With this particular error message I'd examine two things:
> 1. DNS A and PTR RRs for all involved systems.
> 2. Attribute servicePrincipalName for the server account.
>
> Ciao, Michael.

We have A und PTR for all our systems. But the KDCs are in the DNS
Domain
intra.cvk.de and the SAP Servers are in cvk.de.

The settings  dns_lookup_realm = false and dns_lookup_kdc = false
should
suppress at least some of the DNS requests.

What do you mean by Attribute servicePrincipalName? We've already had
to set a
servicePrincipalName per AD SAP ServiceAccount, because we've had to
produce
a keytab with ktpass for each one of them.

Does your customer run his SAP Servers on Linux?

Regards, Thomas
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to