× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Hello All,



I've been struggling trying to get SSO working in our little network. It
seems like very step is met with a new error.



After solving my latest problem while trying to log in using the Access
Client Solutions (I had SEC_E_TARGET_UNKNOWN on one PC but not on the
other), I ran into this:



MSGSY1018 - Kerberos credentials could not be mapped to user on system
*KERBEROS rc=59

CPD3E3F - Network Authentication Service error X'00000003' occurred.)



Major status code X'00000003' and minor status code X'00000017' were
received while processing the qsy_EIMGetTargetForKerberos function for a
Network Authentication Service operation. The following are common major
status code errors: -- Major status code X'00000001' = User profile
associated with the kerberos request is disabled. -- Major status code
X'00000002' = User profile associated with the kerberos request is a system
user profile. -- Major status code X'00000003' = Enterprise Identity Mapping
(EIM) is not configured. -- Major status code X'00000004' = Kerberos
principal to user profile association is not defined by Enterprise Identity
Mapping (EIM). -- Major status code X'00000005' = Association for target
user profile defined multiple times by Enterprise Identity Mapping (EIM). --
Major status code X'00000006' = Target user profile defined by Enterprise
Identity Mapping (EIM) association does not exist. -- Major status code
X'00000007' = User profile to Kerberos principal association is not defined
by Enterprise Identity Mapping (EIM). -- Major status code X'00070000' = No
credentials available in the keytab file or user credential cache. Recovery
. . . : Give the error message and reason code to the system administrator
for correction of the problem, or, for reporting to IBM service. See
members KRB5 and GSSAPI in file H in library QSYSINC for the meaning of the
major and minor status codes not listed in this



I've been following this to configure and have done so now more than a
couple of times to see if I made any errors in the configuration:

https://mediacenter.ibm.com/media/Configure+Single+Sign-on+using+Kerberos+on
+IBM+i.+Part+1+Network+Authentication+Service/1_92i8tf5u



I found something with a similar problem but their solutions didn't work.

https://www.ibm.com/support/pages/message-cpd3e3f-fqkrbspi-tqkrbspi-network-
authentication-service-error-x00000003-occurred-when-mapping-netserver-netwo
rk-drive-using-kerberos



Anyone have an idea on where I should be looking?




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.