× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.




Check to be sure your LDAP server has an administrator password defined,
and that the EIM server is setup with this password. I think when I had
this error I needed to first define the LDAP admin password and then re-run
the EIM setup wizard and use this password when running the wizard. Once
that was done, the CWBSY1018 error went away. Not sure if this will be
your fix, but maybe it will help.





"marco franchini"
<marco.frn@tiscal
i.it> To
Sent by: <MIDRANGE-L@xxxxxxxxxxxx>
midrange-l-bounce cc
s@xxxxxxxxxxxx
Subject
Problem with EIM and Kerberos
04/10/2009 04:06
AM


Please respond to
Midrange Systems
Technical
Discussion
<midrange-l@midra
nge.com>






I would want setting up SSO using EIM on System i5 V5R4M0:

I have configured "Network authentication service"
I have created Kerberos principal for my i5 in the KDC of server 2003
(created user in Active Directory for iSeries and executed ktpass),
I have created a domain EIM,
I have created user registries: Kerberos and i5/OS,
I have created an identifier and created associations between Windows user
(source) and iSeries user (target) (user with password=*NONE),
I have executed for user, from qsh, kinit and verified with klist that
kerberos credential had been correctly acquired.
At the connection with 5250 emulation, defined to use Kerberos principal
name, I obtain this error - CWBSY1018 - Impossible to define Kerberos
credentials for user on server rc=201


I have forgotten something ?
Someone can help me
Thanks

Marco





Wy trace list of iSeries Access

09/04/2009 11.53.57.74 Security 32-bit P=5AC T=AC0 2:
sec::signon Entry
09/04/2009 11.53.57.74 Security 32-bit P=5AC T=AC0 2:
sec::setPromptMode=Always
09/04/2009 11.53.57.74 Security 32-bit P=5AC T=AC0 2:
sec::signon - no userID set, determine signon mode
09/04/2009 11.53.57.74 Security 32-bit P=5AC T=AC0 2:
sec::signon - Mode: Use kerberos principal
09/04/2009 11.53.57.74 Security 32-bit P=5AC T=AC0 2:
sec::validateSignonInfoW Entry
09/04/2009 11.53.57.74 Security 32-bit P=5AC T=A1C 2:
sec::validateW Entry
09/04/2009 11.53.57.74 Security 32-bit P=5AC T=A1C 2:
sock::validateSignonInfoW Entry
09/04/2009 11.53.57.74 Comm-Base 32-bit P=5AC T=A1C
SVR:connect Entry
09/04/2009 11.53.57.74 Comm-Base 32-bit P=5AC T=A1C
TCP:connect Entry
09/04/2009 11.53.57.74 Comm-Base 32-bit P=5AC T=A1C
PiCoParms Dump: systemName: iSeries ipAddressLookupMode: 0 portLookupMode:
0 sslEnabled: 0 ipAddrOverride: callback: 0x12A454 pSecurity: 0xBF4E60
timeout: 30 rcvThread: 0 flowStartServer: 0 workQ: 0 serverID: 0xE009
remotePort: 8476 perfType: 0 service: 8 serviceName: as-signon
recvCacheSize: 0 sendCacheSize: 0 sendThreshHold: 0 sendMaxCount: 0
flushSendsAll: 1 wsSendBufferSize: 4294967295 wsRecvBufferSize: 4294967295
nagleEnabled: 0 keepAlivesEnabled: 0 bindRandom: 0 sendTimeout: 0
recvTimeout: 0 sendMaxSize: 2147483647
09/04/2009 11.53.57.74 Comm-Base 32-bit P=5AC T=A1C
Richiesta connessione per l'applicazione server: as-signon
09/04/2009 11.53.57.74 Comm-Base 32-bit P=5AC T=A1C
TCP:checkWinsock Entry
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
CWBCO1009 - Provider comunicazioni: WinSock 2.0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:checkWinsock Exit rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:gethostipaddress Entry
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
Contenuti correnti della memoria cache indirizzi: [10.220.0.18]
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C IP Addr
cache timestamp: Thu Apr 09 11:53:47 2009.
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
CWBCO1039 - Modalità ricerca indirizzo remoto in uso: Utilizza sempre la
ricerca dinamica
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:getHostByName Entry
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
CWBCO1041 - Ricerca dinamica degli indirizzi per il sistema iSeries in
corso
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:getHostByName Exit rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C Updating
IP Address cache: 10.220.0.18
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
CWBCO1044 - Indirizzo remoto 10.220.0.18
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:gethostipaddress Exit rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:getHostPort Entry
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
CWBCO1040 - Modalità ricerca porta remota in uso: Utilizza sempre il mapper
server
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:connectPort Entry
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:connectionAttempt Entry
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C TCP:opts
Entry
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP_NODELAY:1 rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
SO_LINGER:1 timeout=60 seconds rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
SO_SNDBUF:8192 rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
SO_RCVBUF:8192 rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
SO_KEEPALIVE:0 rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
SO_SNDTIMEO:0 rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
SO_RCVTIMEO:0 rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C TCP:opts
Exit rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
Tentativo di connessione in corso...
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
CWBCO1045 - Indirizzo locale 10.220.1.20:2030
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
Collegato a as-svrmap (10.220.0.18:449)
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:connectionAttempt Exit rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:connectPort Exit rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
Connessione riuscita al server mapper iSeries
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:sendNow Entry
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C send:10
as-signon.
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C sent:10
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:sendNow Exit rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:receiveNow Entry
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
receiveNow:5
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
received:5 +..!.
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:receiveNow Exit rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
CWBCO1022 - Verrà utilizzata la porta remota 8476
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:getHostPort Exit rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:connectPort Entry
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP:connectionAttempt Entry
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C TCP:opts
Entry
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
TCP_NODELAY:1 rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
SO_LINGER:1 timeout=60 seconds rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
SO_SNDBUF:8192 rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
SO_RCVBUF:8192 rc=0
09/04/2009 11.53.57.76 Comm-Base 32-bit P=5AC T=A1C
SO_KEEPALIVE:0 rc=0
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
SO_SNDTIMEO:0 rc=0
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
SO_RCVTIMEO:0 rc=0
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C TCP:opts
Exit rc=0
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
Tentativo di connessione in corso...
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
CWBCO1045 - Indirizzo locale 10.220.1.20:2031
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
Collegato a as-signon (10.220.0.18:8476)
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
TCP:connectionAttempt Exit rc=0
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
TCP:connectPort Exit rc=0
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
TCP:connect Exit rc=0
09/04/2009 11.53.57.77 Comm-SPI 32-bit P=5AC T=A1C
cwbCO_GenerateSeed Entry
09/04/2009 11.53.57.77 Comm-SPI 32-bit P=5AC T=A1C
cwbCO_GenerateSeed Exit rc=0
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
SVR:connect Exit rc=0
09/04/2009 11.53.57.77 Security 32-bit P=5AC T=A1C 2:
sock::buildExchangeAttrSignonRQ cp=clientVersion 1
09/04/2009 11.53.57.77 Security 32-bit P=5AC T=A1C 2:
sock::buildExchangeAttrSignonRQ cp=clientLevel 2
09/04/2009 11.53.57.77 Security 32-bit P=5AC T=A1C 2:
sock::exchangeAttrSignon send
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C TCP:send
Entry
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
TCP:sendNow Entry
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C send:52
...4..à ..........p..........................Dç#<X .
73656E64 3A353220 00000034
0000E009
00000000 00000000 00007003
0000000A
11010000 00010000 00081102
00020000
000E1103 9044E723 3C58A007
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C sent:52
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
TCP:sendNow Exit rc=0
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C TCP:send
Exit rc=0
09/04/2009 11.53.57.77 Security 32-bit P=5AC T=A1C 2:
sock::exchangeAttrSignon reply
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
TCP:receive Entry
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
atLeast:20 atMost:1125
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
TCP:receiveNow Entry
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
receiveNow:1125
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
received:94 ...^..à
..........ð.............................Ü¡7].Äßô.................øùôùõöaØäâÅÙaØéâÖâÉÇÕ

72656365 69766564 3A393420
0000005E
0000E009 00000000 00000000
0004F003
00000000 0000000A 11010005
04000000
00081102 00030000 000E1103
DCA1375D
1FC4DFF4 00000007 11190000
00001F11
1F000000 00F8F9F4 F9F5F661
D8E4E2C5
D961D8E9 E2D6E2C9 C7D5
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
TCP:receiveNow Exit rc=0
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
TCP:receive Exit rc=0
09/04/2009 11.53.57.77 Security 32-bit P=5AC T=A1C 2:
sock::parseRCs primary rc=0x0 secondary rc=0x0
09/04/2009 11.53.57.77 Security 32-bit P=5AC T=A1C 2:
sock::parseExchangeAttrSignonRP cp=serverVRM 0x50400
09/04/2009 11.53.57.77 Security 32-bit P=5AC T=A1C 2:
sock::parseExchangeAttrSignonRP cp=serverLevel 3
09/04/2009 11.53.57.77 Security 32-bit P=5AC T=A1C 2:
sock::parseExchangeAttrSignonRP cp=serverPwdLevel 0
09/04/2009 11.53.57.77 Security 32-bit P=5AC T=A1C 2:
sock::parseExchangeAttrSignonRP cp=qualifiedJobName 894956/QUSER/QZSOSIGN
09/04/2009 11.53.57.77 Security 32-bit P=5AC T=A1C 2:
sock::buildKerbTicketRQ cp=kerbTicket
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
TCP:getHostByAddr Entry
09/04/2009 11.53.57.77 Comm-Base 32-bit P=5AC T=A1C
CWBCO1041 - Ricerca dinamica degli indirizzi per il sistema 10.220.0.18 in
corso
09/04/2009 11.53.57.79 Comm-Base 32-bit P=5AC T=A1C fqn:
iSeries.dominio.net
09/04/2009 11.53.57.79 Comm-Base 32-bit P=5AC T=A1C
TCP:getHostByAddr Exit rc=0
09/04/2009 11.53.57.79 Security 32-bit P=5AC T=A1C
kerb::Kerberos security package found, max token size=12000
09/04/2009 11.53.57.79 Security 32-bit P=5AC T=A1C
kerb::AcquireCredentialsHandle() rc=0
09/04/2009 11.53.57.79 Security 32-bit P=5AC T=A1C
kerb::ServicePrincipalName=krbsvr400/iSeries.dominio.net
09/04/2009 11.53.57.90 Security 32-bit P=5AC T=A1C
kerb::InitializeSecurityContext() rc=0 ticketLen=2703 context=0x803
09/04/2009 11.53.57.90 Security 32-bit P=5AC T=A1C 2:
sock::buildGetSignonRQ cp=funcReg 3
09/04/2009 11.53.57.90 Security 32-bit P=5AC T=A1C 2:
sock::buildGetSignonRQ cp=clientCCSID 13488
09/04/2009 11.53.57.90 Security 32-bit P=5AC T=A1C 2:
sock::getSignonInfo send
09/04/2009 11.53.57.90 Comm-Base 32-bit P=5AC T=A1C TCP:send
Entry
09/04/2009 11.53.57.90 Comm-Base 32-bit P=5AC T=A1C
TCP:sendNow Entry
09/04/2009 11.53.57.90 Comm-Base 32-bit P=5AC T=A1C
send:2747 ...»..à ..........p........`,.<. *?H?÷......n,.z0,.v
....¡....¢.... ...£,.'a,.Z0,.S ....¡...GFOR
73656E64 3A323734 37200000
0ABB0000
E0090000 00000000 00000001
70040500
000A9511 1560820A 8B06092A
864886F7
12010202 01006E82 0A7A3082
0A76A003
020105A1 0302010E A2070305
00200000
00A38204 92618204 8E308204
8AA00302
0105A10E 1B0C4746 4F52
09/04/2009 11.53.57.90 Comm-Base 32-bit P=5AC T=A1C
sent:2747
09/04/2009 11.53.57.90 Comm-Base 32-bit P=5AC T=A1C
TCP:sendNow Exit rc=0
09/04/2009 11.53.57.90 Comm-Base 32-bit P=5AC T=A1C TCP:send
Exit rc=0
09/04/2009 11.53.57.90 Security 32-bit P=5AC T=A1C 2:
sock::getSignonInfo reply
09/04/2009 11.53.57.90 Comm-Base 32-bit P=5AC T=A1C
TCP:receive Entry
09/04/2009 11.53.57.90 Comm-Base 32-bit P=5AC T=A1C
atLeast:20 atMost:1309
09/04/2009 11.53.57.90 Comm-Base 32-bit P=5AC T=A1C
TCP:receiveNow Entry
09/04/2009 11.53.57.90 Comm-Base 32-bit P=5AC T=A1C
receiveNow:1309
09/04/2009 11.53.57.93 Comm-Base 32-bit P=5AC T=A1C
received:24 ......à ..........ð.....
72656365 69766564 3A323420
00000018
0000E009 00000000 00000000
0004F004
00020001
09/04/2009 11.53.57.93 Comm-Base 32-bit P=5AC T=A1C
TCP:receiveNow Exit rc=0
09/04/2009 11.53.57.93 Comm-Base 32-bit P=5AC T=A1C
TCP:receive Exit rc=0
09/04/2009 11.53.57.93 Security 32-bit P=5AC T=A1C 2:
sock::parseRCs primary rc=0x2 secondary rc=0x1
09/04/2009 11.53.57.93 Comm-Base 32-bit P=5AC T=A1C
SVR:disconnect Entry
09/04/2009 11.53.57.93 Comm-Base 32-bit P=5AC T=A1C TCP:send
Entry
09/04/2009 11.53.57.93 Comm-Base 32-bit P=5AC T=A1C
TCP:sendNow Entry
09/04/2009 11.53.57.93 Comm-Base 32-bit P=5AC T=A1C send:20
......à ..........p.
73656E64 3A323020 00000014
0000E009
00000000 00000000 00007006
09/04/2009 11.53.57.93 Comm-Base 32-bit P=5AC T=A1C sent:20
09/04/2009 11.53.57.93 Comm-Base 32-bit P=5AC T=A1C
TCP:sendNow Exit rc=0
09/04/2009 11.53.57.93 Comm-Base 32-bit P=5AC T=A1C TCP:send
Exit rc=0
09/04/2009 11.53.57.93 Comm-Base 32-bit P=5AC T=A1C
TCP:disconnect Entry
09/04/2009 11.53.57.93 Comm-Base 32-bit P=5AC T=A1C
discType:0
09/04/2009 11.53.58.04 Comm-Base 32-bit P=5AC T=A1C
TCP:disconnect Exit rc=0
09/04/2009 11.53.58.04 Comm-Base 32-bit P=5AC T=A1C rcvList:

09/04/2009 11.53.58.04 Comm-Base 32-bit P=5AC T=A1C
SVR:disconnect Exit rc=0
09/04/2009 11.53.58.04 Security 32-bit P=5AC T=A1C 2:
sock::validateSignonInfoW Exit rc=8058
09/04/2009 11.53.58.04 Security 32-bit P=5AC T=A1C 2:
sec::validateW Exit rc=8058
09/04/2009 11.53.58.04 Security 32-bit P=5AC T=AC0 2:
sec::errorPopupW rc=8058
09/04/2009 11.53.58.04 Comm-API 32-bit P=5AC T=AC0
cwbCO_RcToMsg2W Entry
09/04/2009 11.53.58.04 Comm-API 32-bit P=5AC T=AC0
cwbCO_RcToMsg2W Exit rc=0
09/04/2009 11.54.05.08 NLS 32-bit P=FD0 T=234 NL
GetANSICodePage cp=1252
09/04/2009 11.54.05.08 NLS 32-bit P=FD0 T=234 NL
GetCodePage cp=850
09/04/2009 11.54.19.30 NLS 32-bit P=710 T=F94
cwbNL_FindFirstLang Entry
09/04/2009 11.54.19.30 NLS 32-bit P=710 T=F94
cwbNL_FindFirstLang Exit rc=0
09/04/2009 11.54.19.30 NLS 32-bit P=710 T=F94
cwbNL_FindNextLang Entry
09/04/2009 11.54.19.30 NLS 32-bit P=710 T=F94
cwbNL_FindNextLang Exit rc=18
09/04/2009 11.54.20.66 NLS 32-bit P=710 T=F94
cwbNL_FindFirstLang Entry
09/04/2009 11.54.20.66 NLS 32-bit P=710 T=F94
cwbNL_FindFirstLang Exit rc=0
09/04/2009 11.54.20.66 NLS 32-bit P=710 T=F94
cwbNL_FindNextLang Entry
09/04/2009 11.54.20.66 NLS 32-bit P=710 T=F94
cwbNL_FindNextLang Exit rc=18
09/04/2009 11.54.20.68 NLS 32-bit P=710 T=F94
cwbNL_FindFirstLang Entry
09/04/2009 11.54.20.68 NLS 32-bit P=710 T=F94
cwbNL_FindFirstLang Exit rc=0
09/04/2009 11.54.20.68 NLS 32-bit P=710 T=F94
cwbNL_FindNextLang Entry
09/04/2009 11.54.20.68 NLS 32-bit P=710 T=F94
cwbNL_FindNextLang Exit rc=18

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.