Server not found in Kerberos database #2
Hi, I'm a Java developer and new to Kerberos. We have a Java application that needs to be authenticated against Kerberos Active Directory. For testing purpose, we have Active Directory installed on a Win 2k server. Then, the Kerberos was turned on by a co-worker, who doesn't know much about Kerberos either. Without any manual about Active Directory, he did that based on his best judgement. Here are the basic setting information: (01) The Win2k server has FQDN: devtest.mycompany.com. (02) C:\WINNT\krb5.ini file looks like: [libdefaults] default_realm = DEVTEST.COM [realms] DEVTEST.COM = { kdc = <IP address of the Win2k server> } (03) The AD is listening on port 389 (default for LDAP server), and KDC listens on port 88. When a user logs in with Java code, apparently the user can log in successfully and get ticket from Kerberos AD. However, whenever the code tries to instantiate InitialDirContext (an Object in Java that would capture the environment context), an error would be thrown claiming that "Server not found in Kerberos database". I can't find problem in the Java code and suspect the error may be related with our Kerberos setting. I wonder what exactly the error message means in Kerberos arena. How can I verify that the Kerberos is correctly set? Also, you may notice that the Kerberos realm (DEVTEST.COM) is not the same as the machine's FQDN (devtest.mycompany.com). I wonder if that makes any difference. Our code-...

UNKNOWN_SERVER
As always with things like this, it's hard to determine whether to send this here or to openafs-info. Can anyone tell me what is going on here? This is what krb5kdc logged when I logged into 129.83.11.213. -- sshd + UsePAM -- pam_krb5.so (RHELv4) -- pam_afs_session.so (PAM session module which uses aklog to get tokens from a K5 ticket). Apr 18 16:46:07 silmaril.foo.com krb5kdc[26891](info): TGS_REQ (1 etypes {3}) 129.83.11.213: UNKNOWN_SERVER: authtime 1176929167, jblaine@rcf.foo.com for afs/rcf.foo.com@rcf.foo.com, Server not found in Kerberos database Apr 18 16:46:07 silmaril.foo.com krb5kdc[26891](info): TGS_REQ (1 etypes {1}) 129.83.11.213: UNKNOWN_SERVER: authtime 1176929167, jblaine@rcf.foo.com for afs/rcf.foo.com@rcf.foo.com, Server not found in Kerberos database Apr 18 16:46:07 silmaril.foo.com krb5kdc[26891](info): TGS_REQ (1 etypes {1}) 129.83.11.213: ISSUE: authtime 1176929167, etypes {rep=16 tkt=1 ses=1}, jblaine@rcf.foo.com for afs@rcf.foo.com ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Jeff Blaine <jblaine@kickflop.net> writes: > Can anyone tell me what is going on here? This is what > krb5kdc logged when I logged into 129.83.11.213. > -- sshd + UsePAM > -- pam_krb5.so (RHELv4) > -- pam_afs_session.so (PAM session module which uses aklog to > get tokens from a K5 ticket). > Apr 18 16:46:07 silmaril.foo.com kr...

Error: Server not found in Kerberos database
Hello, I want to enable someone the access to my account by using the .k5login file. I did all necessary things and immediatly started off by trying: shell% ksu toka Nevertheless I wasn't able to get toka's ID but /home/toka contains the ..k5login file with my principal. Furthermore there's the following error message: ksu: Server not found in Kerberos database while geting credentials from kdc Authentication failed. ^ typo in krb5 I looked for solutions on google and discovered the url http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/kerberos/ troubleshooting.html#misc_2 which describes the issue. My /etc/hosts file is fully qualified (including its entries) and the hostnames are correctly mapped to the IPs and vice versa. So where could the source of failure be located? Thanks in advance - Marcel Karras ------------------------------------------------------------------------ Contact: toka@freebits.de karma@informatik.tu-chemnitz.de http://www.freebits.de http://www.tu-chemnitz.de Unix, Linux && OpenSource Student of Chemnitz University of Technology ------------------------------------------------------------------------ ...

Server not found in Kerberos database #3
This is a multi-part message in MIME format. --------------010801060200000807020407 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit hello list, we want to use kerberos for authentication and to secure connections for telnet sessions. so i installed kerberos v5 for the debian system via apt-get and did the configuration. attached are the configs for this system. kinit works for a user, but the start of a telnet session is refused with the message "Authentication failed". i used the command "kinit stefan" and "telnet.krb5 -a -F vxr-r.imos.net." "vxr-r.imos.net" is the cisco router i want to connect to. when i look into the logs i see the following messages: Nov 11 09:49:28 alpha krb5kdc[8745](info): AS_REQ (1 etypes {1}) 192.168.3.3(16417): NEEDED_PREAUTH: stefan@IMOS.NET for krbtgt/IMOS.NET@IMOS.NET, Additional pre-authentication required Nov 11 09:49:30 alpha krb5kdc[8745](info): AS_REQ (1 etypes {1}) 192.168.3.3(16417): ISSUE: authtime 1100162970, etypes {rep=1 tkt=16 ses=1}, stefan@IMOS.NET for krbtgt/IMOS.NET@IMOS.NET Nov 11 09:49:33 alpha krb5kdc[8745](info): TGS_REQ (1 etypes {1}) 192.168.3.3(16417): UNKNOWN_SERVER: authtime 1100162970, stefan@IMOS.NET for host/vxr-r.imos.net@IMOS.NET, Server not found in Kerberos database Nov 11 09:49:33 alpha krb5kdc[8745](info): TGS_REQ (1 etypes {1}) 192.168.3.3(16417): UNKNOWN_SERVER: authtime 1100162970, stefan@IMOS.NET for host/vxr...

Server not found in Kerberos Database #4
Hi all, When do we get the error as "Server not found in Kerberos Database"? I have a KDC on Win2003 and a client which is a Linux (redhat) is trying to authenticate the users from this Active directory, which is on the win 2003 machine. I observed that in case we specify the wrong user name (which does not exist on the AD server) at the time of kinit command on Linux machine we get the error as "Client not found in Kerberos database". What is this server which is not found when I am trying to join the redhat client machine to the AD server? Thanks in advance for all the help Regards, Sayali --------------------------------- All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos > Hi all, > When do we get the error as "Server not found in Kerberos Database"? > I have a KDC on Win2003 and a client which is a Linux (redhat) is trying to authenticate the users from this Active directory, which is on the win 2003 machine. > I observed that in case we specify the wrong user name (which does not exist on the AD server) at the time of kinit command on Linux machine we get the error as "Client not found in Kerberos database". > What is this server which is not found when I am trying to j...

Server not found in Kerberos database error on ldapsearch
Good afternoon! I have the following problem: I need to connect securely to a AD and search it via ldapsearch. When I try to do so the "Server not found in Kerberos database" error appears. I'm not quite sure, why. I have extracted a keytab of the AD and kinit seems to work fine for the same user as I want to use with ldapsearch. The hosts-files are set up correctly (a ping on DNS-names looks fine). There is nothing that indicates an error in the AD-logs (only successful logons). Could anyone give me a hint, why I get this reaction? -- View this message in context: http://www.nabble.com/Server-not-found-in-Kerberos-database-error-on-ldapsearch-tf4777894.html#a13667697 Sent from the Kerberos - General mailing list archive at Nabble.com. ...

Newbie: "Server not found in Kerberos database"
I am still in 'toy installation mode'. I have set up a KDC on a Linux machine, call it kervara.mygroup.org I have successfully set things up to the point that I can kinit from various clients. I have also set up OpenSSH 3.9p1 to use GSSAPI authentication. When I am logged into kervara, and have a valid TGT from this realm, I can successfully ssh into kervara.mygroup.org without a password; the keytab contains entries for the host/kervara.mygroup.org principal. This is the way things are supposed to work. Life is good. The problem comes when I attempt to do the same thing with the same version of OpenSSH built with the same options on a Solaris machine. In that case, the server logs a "Server not found in Kerberos database" message and gives up. I have looked at all the obvious candidates (wrong DNS entry, disagreement as to host name in /etc/hosts and DNS, etc) and come up empty. Unfortunately, the log messages do not tell me _what_ principal it was trying to find in krb5.keytab (I assume that this is where the mismatch or missing entry is). Is there a way to squeeze more diagnostic information? Or does this sound like a familiar problem? In article <d17eap$ejf$1@panix5.panix.com>, urban@panix.com (Michael Urban) wrote: .... > The problem comes when I attempt to do the same thing with the same > version of OpenSSH built with the same options on a Solaris machine. > In that case, the server logs a "Server not found in Kerberos ...

RE: Server not found in Kerberos database error on ldapsearch
> You should not need these. Ok. > Some things to try: > > Wireshare or other trace program to see DNS and Kerberos requests. > This should show name of the "Server not found in Kerberos database" I captured the request dialog with wireshark and got this (the things I think are important): MSG Type: KRB-ERROR Error_code: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (7) Realm: EXAMPLE.COM Server Name (Unknown): krbtgt/COM Name-type: Unknown (0) Name: krbtgt Name: COM I guess that indicates an error in my krbtgt setup. But where should I search for it and what does the right setup look like? > On the unix side, do you have a /etc/krb5.conf or /etc/krb5.conf? > Is the default realm (in uppercase) the same as the AD domain name? > if not, you may need a krb5.conf, or the -R option on ldapsearch. Yes, I do have a krb5.conf on the unix side. Here it is: [libdefaults] default_realm=EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false # default_tkt_enctypes = des-cbc-md5 des-cbc-crc # default_tgs_enctypes = des-cbc-md5 des-cbc-crc kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # v4_instance_resolve = false # v4_name_convert = { [realms] EXAMPLE.COM = { kdc = 192.168.10.4:88 admin_server = 192.168.10.4:749 } [domain_realm] .example.com = EXAMPLE.COM As you can see, it is a setup for some tests... ----------------- ...

Server to server = Server client to server?
For a server to server connection, is the connecting server considered as a client of the accepting server or is it not? I have the following classes: Connection <--- base class of the following two ClientConnection <--- client ServerConnection <--- server ServerClientConnection <--- server as a client of another server. But then I came across something that states "A client is anything connected to a server that is not another client". Comments please... Just remember! Server ( programm ) is always listening a connections!!! - wrote: &g...

RE: Server not found in Kerberos database error on ldapsearch #2
I don't know, if I got you right (I'm not quite good in networks and especially AD; thats a new thing for me, so I'm a noob) So I just ask again: Douglas E. Engert wrote > > I captured the request dialog with wireshark and got this > (the things I think > > are important): > > > > MSG Type: KRB-ERROR > > Error_code: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (7) > > Realm: EXAMPLE.COM > > Server Name (Unknown): krbtgt/COM > > Name-type: Unknown (0) > > Name: krbtgt > > Name: COM > > This looks like cross realm, where the client is working its > way up the realm > tree to get the the realm of the server, say AD.DOMAIN.COM. > Client is using TGT > from EXAMPLE.COM to get TGT for realm COM (which does not > exist) If it did, it > would then try and get a TGT from COM for DOMAIN.COM, then > get one from > AD.DOMAIN.COM and the get service ticket from AD.DOMAIN.COM. > > I thought you where trying to use Active Directory, and the > domain name > was something like ad.domain.com. So why does you unix system have > a realm named EXAMPLE.COM? Have you setup cross realm trust > between them? > > If you are not using cross-real, then you should be using the > AD domain name as > the realm name. It should have a realm named AD.DOMAIN.COM. > Either the user and server must be in the same realm, or you > need cross realm > trust. The domai...

newbie: error getting credentials: Server not found in Kerberos database
Hi! I never found the time to deal intensively with kerberos so please indulge me if this is ought to be a stupid question: kinit works. krsh does not: krsh server error getting credentials: Server not found in Kerberos database trying normal rlogin (/usr/bin/rlogin) So, this is what I did so far: server: /etc/krb5.conf: [libdefaults] default_realm = LOCALDOMAIN [realms] LOCALDOMAIN = { kdc = server.localdomain:88 admin_server = server.localdomain:750 } [domain_realm] .localdomain = LOCALDOMAIN localdomain = LOCALDOMAIN [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log /etc/hosts: 127.0.0.1 localhost 192.168.0.2 server server.localdomain real hostname is actually *not* "server"! kadmin.local: addprinc foo client: /etc/krb5.conf [libdefaults] ticket_lifetime = 600 default_realm = LOCALDOMAIN default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc [realms] LOCALDOMAIN = { kdc = server.localdomain:88 admin_server = server.localdomain:750 } [domain_realm] .localdomain = LOCALDOMAIN localdomain = LOCALDOMAIN [kdc] profile = /etc/krb5kdc/kdc.conf [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FI...

Server not found in Kerberos database while getting a service url ticket
hello, I have added to my kerberos database the following principal: "http://localhost:8080/axis/services/test" . (It' s in a url format instead of being in the format: service/host@REALM.) So, the thing is that I would like to acquire a service ticket for that principal. To request a service ticket I am using gss api and follow the next steps: class KrbClient{ main(){ ..... //I have acquired the credentials from the ticket cache .... PrincipalName serviceName = new PrincipalName("http://localhost:8080/axis/services/test"); // create the tgs_req to ask for service tickets sun.security.krb5.KrbTgsReq tgs_req = new sun.security.krb5.KrbTgsReq(credentials, serviceName); tgs_req.send(); // get tgs_rep KrbTgsRep tgs_rep = tgs_req.getReply(); } } and it gets the folllowing error: KrbException: Server not found in Kerberos database (7) at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:67) at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:235) at KrbClient.requestServiceTicket(KrbClient.java:142) at KrbClient.main(KrbClient.java:39) Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.KDCRep.init(KDCRep.java:134) at sun.security.krb5.internal.TGSRep.init(TGSRep.java:59) at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:54) at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:50) ... 3 more >From the debugging of gss api: >>>KRBError: sTime is Mon ...

Trouble authenticating with Kerberos & LDAP
I've been very frustrated trying to get this to work. We are trying to use a windows 2003 server as our Kerberos server, along with our openldap on solaris as our directory server. The machines we want to authenticate on are all Solaris 9. The ldap tree is fully populated, and working properly. With our current nsswitch.conf, logins work using the ldap directory (with posixAccount & shadowAccount records), as does a getent passwd <ldapusername>. Also, we have our Windows 2003 server's directory setup with named users, and with our current pam.conf, we can authenticate aga...

RE: Server not found in Kerberos database error on ldapsearch #3
Ok, I got it now! I set up the AD server to run as ad.example.com and replaced the ip's in my krb5.conf with dns names and now it works! Thank you very much for your help. Still, if you have any howto on this topic (AD and UNIX), I would apreciate if you could send me a link to it. Evgeniy Zhaovsky (aka Jeck) ----------------- Evgeniy Zharovsky Ludwig-Maximilians-Universitaet Ref. IIIA5 (Sicherheitstechnik und Verzeichnisdienste) Martiusstr. 4 / 207 80539 Muenchen email mailto:evgeniy.zharovsky@verwaltung.uni-muenchen.de ...

Once a week Kerberos failure between IIS6 web server and SQL Server 2000 db server
Hi, Regularly once a week we get problems with a Kerberos failure on ouintranet application. Kerberos is set up with Constrained Delegation and Protocol Transition. Configuration: S3 ...

Kerberos Web Server to file Server
Hello, Is Kerberos delegation needed to write a file from a web app to a file server within the same network? If so, I will be setting up constrained delegation. The problem is what is the service on the file server that I will let the web service be delegated for? ...

Exchange Server and Campus Kerberos server ?
Hi - I hope this is the right place to post this query - if not, I apologize. Does anyone have any experience with Exchange Server and Kerberos who might be willing to talk to someone from another University. I have no experience with either kerberos or exchange and would be unable to answer their questions. If you are interested, please contact BK directly. Thanks, Kirky --------- attached email ---------- Kirky - I've been contacted my a Director of Network Security at a Mid-Atlantic-based University who is looking to speak with a peer that has experience syncing up an Exchange server to a campus-wide Kerberos server. Do you think the folks on IT Partners would know themselves or of someone who migh have such experience? Feel free to have them contact me directly. Best Regards, B.K. DeLong Dir. of Partner Member Services & Research Institute for Applied Network Security 15 Court Square, Suite 1100 Boston, MA 02108 617.399.8100 617.399.8101 facsimile www.ianetsec.com[1] Links: ------ [1] http://www.ianetsec.com/ ----- End forwarded message ----- ...

Microsoft SSPI error
Hello, I have configuration of active directory 2003 r2 sp3 working with linux mod_auth_kerb. I use SPNEGO for subversion. When using Linux all work great! When using Windows XP(and Windows 7) Firefox/IE/cifs client work great. Problem is subversion which uses neon, it get the following: --- Running post_send hooks ah_post_send (#1), code is 201 (want 401), WWW-Authenticate is Negotiate oYGfMIG coAMKAQChCwYJKoZIhvcSAQICooGHBIGEYIGBBgkqhkiG9xIBAgICAG9yMHCgAwIBBaEDAgEPomQwYqA DAgEXolsEWTLvPLmZvxBgaMEmPDDTIeG9bdJ5rmfTEtsj6Cv9eF9s9Z8sBWhVhPXYzIVsm/sw0hqR+1u DM9frpOeV2Y0YGtDk2flN5iOM/HdEujj0GXAYEWHvPp/3kSc2 auth: SSPI challenge. InitializeSecurityContext [fail] [80090304]. sspi: initializeSecurityContext [failed] [80090304]. --- At windows event log I see the following: --- Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40962 Date: 10/3/2011 Time: 3:55:38 PM User: N/A Computer: VALON Description: The Security System was unable to authenticate to the server HTTP/correlux-gentoo.correlsense.com because the server has completed the authentication, but the client authentication protocol Kerberos has not. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. --- Had anyone seen this before? I tried many configurations, but without success: --- Gentoo --- dev-libs/openssl-1.0.0e -> also downgraded to openssl-0.9.8f www-servers/apache-2.2.21 www-apache/mod_auth_kerb-5.4 -> also downgraded to m...

Subject: Help needed on "Server not found in Kerberos Database" while using "mod_auth_kerb+Apache"
Hi, My Kerberos Setup is as follows- Kerberos v5 Server- example.domain.com (Linux Box) Kerberos Realm- EXAMPLE.COM Registered User on Kerberos realm- test@EXAMPLE.COM Apache Server(with mod_auth_kerb) can be accessed as: http://apache.domain.com (Linux Box) Now I have added a principal name- HTTP/apache.domain.com@EXAMPLE.COM using the addprinc command. I have generated a keytab file for this principal (using ktadd) and then transferred it to the Apache Server(apache.domain.com). I have pointed to this keytab file in ..htaccess file. Now when I try to access APACHE.DOMAIN.COM:80 through a browser(IE) running on my desktop say CLIENT1.DOMAIN.COM, and give the proper user credentials...it doesnt authenticate. When I look this up in the Kerberos log file (krb5kdc.log) it gives the following messages...for the event- Jul 08 18:52:34 example.domain.com krb5kdc[9797](info): AS_REQ (6 etypes {18 16 23 1 3 2}) 192.168.200.27: ISSUE: authtime 1089292954, etypes {rep=16 tkt=16 ses=16}, test@EXAMPLE.COM for krbtgt/EXAMPLE.COM@EXAMPLE.COM Jul 08 18:52:34 example.domain.com krb5kdc[9797](info): TGS_REQ (6 etypes {18 16 23 1 3 2}) 192.168.200.27: UNKNOWN_SERVER: authtime 1089292954, test@EXAMPLE.COM for krbtgt/REALM1.COM@EXAMPLE.COM, Server not found in Kerberos database Jul 08 18:52:34 example.domain.com krb5kdc[9797](info): TGS_REQ (6 etypes {18 16 23 1 3 2}) 192.168.200.27: UNKNOWN_SERVER: authtime 1089292954, test@EXAMPLE.COM for krbtgt/COM@EXAMPLE.COM, Server not found i...

kerberos SERVER
Hello. could you help me where i can find and download a Kerberos SERVER please. thanks a lot. <ali.mohammadi62@gmail.com> wrote in message news:1115458379.334742.266760@o13g2000cwo.googlegroups.com... > Hello. > could you help me where i can find and download > a Kerberos SERVER please. > thanks a lot. > ever heard of Google ? ...

Samba file server on AD Kerberos Domain
Hello, I'm new to samba. I would like to share files with our existing Windows AD Kerberos domain. I would like to have the AD domain take care of all authentication and I don't want to have to add accounts to /etc/passwd. I have configured smb.conf (below). I then created a computer account in the Active Directory. Finally I joined the domain with "net join" and was told "Joined SAMBASERVER to realm MYAD.DOMAIN". It seemed that all was well, but now when I browse to the file share from a Windows client it pops up with a dialog box asking for ...

Changing master key (Kerberos authentication server+LDAP database)
Is it possible to change the master key of a realm when LDAP is used as the database server? The stash file is not present since LDAP is used. Appreciate any help on this. Thanks, Anubha ...

USERID case sensitiveness on ADS server? Any solution at Kerberos client side?
Hi Kerberos Team,, I am seeing the problem with Case sensitiveness of Username. 1. I am wroking on the Kerberos with Windows ADS server. While trying to do User AUthentication, I am seeing the following issue. I am using C code not Java Libraries 2. Our Previous sysadmin guys have set the User names in UPPER case in ADS and after that our new sys admin guys have configured the User names in Lower case. 3. While working with the Kerberos, we found the problem that, case sensitiveness is the BIG ISSUE. Because, for some user users, it is upper case and for some users it is lower case. 4. Kerberos always look for the case sensitive of USERID. That means, if User enter the same case USERID and passwd, then only Authentication successful. 5. Because of the different sys admins, the USER IDs are not in UNIQUE format. Some of them are UPPPER case and some are LOWER case. 6. How to resolve this problem? Any idea? Please let me know your thoughts. Solution#1: We can change the Server settings: make all of the USERIDs are small case. So all of them will be in UNIQUE format. BUt the probelm is: we have amy users in terms of 1000s. So this is not a feasible sloution. COuld you please provide me some solution in such a way that, Kerbeors client should ignore the case sensitiveness of USERID. Please let me know your thoughts ASAP. Thanks a lot. Regards, -Surendra ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit...

Working Kerberos application SAP/Unix server authenticating to Win2k AD?
Hi, is somebody using the above scenario? I want to use MIT Kerberos to implement SNC for a SAP server on Linux. Then this server and the GUI clients should be able to authenticate (using single sign-on) against a Win2k AD DC. I'm mainly interested in the configuration details, like the used principal names when authenticating to the win2k ad, in order to make sure I understand the principle. Could you send me your SNC configuration (especially the SAPgui, SAPlogon SNC part and snc/identity/as in the *.PFL files)? I slightly modified the sources of the GSS-API implementation of MIT Kerberos 1.2.8 to make it return only the rfc1964 compliant mechanism and now it passes a certification test program from SAP: gsstest-1.26. In addition I made the SNC-Adapter (a GSS-API wrapper, with minor additions; available by download from the SAP website) from SAP work on Linux and pass the same test. BTW: The pre-rfc1964 mechanism also passes the test. (Note however: Tests can only show the presence of bugs but never their absence.) When I use my snckrb5.so adapter together with SAP R/3 (on Linux), I get the following error message, when trying to establish the security context: N *** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3423] N GSS-API(maj): A token was invalid N GSS-API(min): Mechanism is incorrect N Unable to establish the security context N <<- SncProcessInput()==SNCERR_GSSAPI M *** ERROR => ThSncIn: SncProc...