Hello All,
I've been struggling trying to get SSO working in our little network. It
seems like very step is met with a new error.
After solving my latest problem while trying to log in using the Access
Client Solutions (I had SEC_E_TARGET_UNKNOWN on one PC but not on the
other), I ran into this:
MSGSY1018 - Kerberos credentials could not be mapped to user on system
*KERBEROS rc=59
CPD3E3F - Network Authentication Service error X'00000003' occurred.)
Major status code X'00000003' and minor status code X'00000017' were
received while processing the qsy_EIMGetTargetForKerberos function for a
Network Authentication Service operation. The following are common major
status code errors: -- Major status code X'00000001' = User profile
associated with the kerberos request is disabled. -- Major status code
X'00000002' = User profile associated with the kerberos request is a system
user profile. -- Major status code X'00000003' = Enterprise Identity Mapping
(EIM) is not configured. -- Major status code X'00000004' = Kerberos
principal to user profile association is not defined by Enterprise Identity
Mapping (EIM). -- Major status code X'00000005' = Association for target
user profile defined multiple times by Enterprise Identity Mapping (EIM). --
Major status code X'00000006' = Target user profile defined by Enterprise
Identity Mapping (EIM) association does not exist. -- Major status code
X'00000007' = User profile to Kerberos principal association is not defined
by Enterprise Identity Mapping (EIM). -- Major status code X'00070000' = No
credentials available in the keytab file or user credential cache. Recovery
. . . : Give the error message and reason code to the system administrator
for correction of the problem, or, for reporting to IBM service. See
members KRB5 and GSSAPI in file H in library QSYSINC for the meaning of the
major and minor status codes not listed in this
I've been following this to configure and have done so now more than a
couple of times to see if I made any errors in the configuration:
https://mediacenter.ibm.com/media/Configure+Single+Sign-on+using+Kerberos+on
+IBM+i.+Part+1+Network+Authentication+Service/1_92i8tf5u
I found something with a similar problem but their solutions didn't work.
https://www.ibm.com/support/pages/message-cpd3e3f-fqkrbspi-tqkrbspi-network-
authentication-service-error-x00000003-occurred-when-mapping-netserver-netwo
rk-drive-using-kerberos
Anyone have an idea on where I should be looking?
As an Amazon Associate we earn from qualifying purchases.