![]() Map an SAP BW user to an Active Directory user You can also consult the Troubleshooting section in this article. For more information on profile parameter settings, see the SAP documentation. If the server won't start, confirm that you've set the profile parameters correctly. SettingĪfter you set these profile parameters, open the SAP Management Console on the server machine and restart the SAP BW instance. The last five options enable clients to connect to the SAP BW server by using SAP Logon without having SNC configured. Set the following additional profile parameters, changing the values as required to fit your needs. Place the library in a location that the SAP BW Application Server can access. Set the snc/gssapi_lib profile parameter to. For example, Note that p: precedes the service user's UPN, as opposed to p:CN=, which precedes the UPN when you use CommonCryptoLib as the SNC library. Set the snc/identity/as profile parameter to p. In SAP Logon, sign in to your server and set the following profile parameters by using the RZ10 transaction: Switch to the Log on tab, and change the user to your SAP BW service user.Įnter the user's password, and then select OK. Set the SAP BW server's service user as the user that starts the SAP BW server service on the SAP BW server machine:įind the service corresponding to your SAP BW Application Server instance, right-click it, and then select Properties. Select Check Names to ensure you've entered the name correctly, and then select OK. Open the Computer Management program and identify the Local Admin group for your server.ĭouble-click the Local Admin group, and select Add to add your service user to the group. On the SAP BW server machine, add the service user to the Local Admin group. Give the service user access to your SAP BW Application Server: This section assumes that you've already created a service user for BW and bound a suitable SPN to it (that is, a name that begins with SAP/). If you use g圆4krb5.dll, set the SNC_LIB_64 variable to its absolute path.Ĭonfigure an SAP BW service user and enable SNC communication on the BW serverĬomplete this section if you haven't already configured your SAP BW server for SNC communication (for example, SSO) by using g圆4krb5.If you use gsskrb5.dll, set the SNC_LIB variable to its absolute path.On the client and server machines, set the SNC_LIB and SNC_LIB_64 environment variables: dll on your SAP BW server machine in a location accessible by the SAP BW server.įor more information on configuring g圆4krb5.dll for use with an SAP BW server, see SAP documentation (SAP s-user required). If your BW server hasn't already been configured for SSO using g圆4krb5.dll, put another copy of the. For testing purposes, you can also explicitly grant these permissions to both the gateway service user and the Active Directory user you use to test. We recommend granting permissions on the. Both the gateway service user and the Active Directory (AD) users that the service user will impersonate need read and execute permissions for the copy of g圆4krb5.dll. If you want to test the SSO connection with SAP GUI, also put a copy of gsskrb5.dll on your machine and set the SNC_LIB environment variable to point to it. Put g圆4krb5.dll in a location on your gateway machine that's accessible by your gateway service user. The 32-bit version is required to test with SAP GUI because SAP GUI is 32-bit only. Also, download gsskrb5.dll (the 32-bit version of the library) if you want to test the SSO connection in SAP GUI before you attempt the SSO connection through the gateway (recommended). Ensure you have at least version 1.0.11.x. That is, both the client and server must be using the same SNC library.ĭownload g圆4krb5.dll from SAP Note 2115486 (SAP s-user required). The g圆4krb5 library must be used by both the client and server to complete an SSO connection through the gateway. Set up g圆4krb5 on the gateway machine and the SAP BW server ![]() For example, you might have already configured your SAP BW server for SSO using g圆4krb5. This guide is comprehensive if you've already completed some of the described steps, you can skip them. Please remember that any failure on server A which uses g圆4krb5 is not supported, as g圆4krb5 is no longer supported by SAP and Microsoft. For example, configure g圆4krb5 for server A then sapcrypto for server B. If you want to use both libraries, please fully separate the gateway server. It’s not recommended to configure both libraries on the same gateway server as it’ll lead to a mix of libraries. Configuring both libraries(sapcrypto and g圆4krb5) on the same gateway server is an unsupported scenario.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |