OSS

To implement SSO with the Microsoft NTLM SSP you:

1. Start the service Windows LM Security Support Provider:

a. Choose Start ¨ Programs ¨ Administrative Tools ¨ Services.

b. Select the service Windows LM Security Support Provider.

c. Choose General.

d. Change the startup type from manual to automatic.

Procedure:

1. Copy the gssntlm.dll file to the following directory on your central instance:

:\USR\SAP\\SYS\EXE\RUN

2. Set the environment variable SNC_LIB to the location of the library.

3. In the central instance profile, set the following SNC parameters:

snc/data_protection/max =1

snc/data_protection/min =1

snc/data_protection/use =1

snc/enable =1

snc/gssapi_lib = d:\USR\SAP\DEV\SYS\EXE\RUN\gssntlm.dll

snc/identity/as =p:dev\SAPServiceDEV

snc/accept_insecure_cpic =1

snc/accept_insecure_gui =1

snc/accept_insecure_rfc =1

snc/permit_insecure_start =1

snc/permit_insecure_comm =1

snc/identity/as =p:\SAPService

SAPService is the user who runs the SAP system.

is the Windows domain of this user.

Preparing SAP GUI and SAP Logon for Single Sign-On
1. Copy the gssntlm.dll file to the SAP GUI directory.

The gssntlm.dll file is located on sapserv in the directory

/general/misc/security/gssntlm

2. Set the Windows environment variable SNC_LIB on the PC where your SAP GUI runs.

The variable specifies the path to the gssntlm.dll file. You can do this using one of

the following methods:

...

Copy gssntlm.dll to a location of your choice and set the environment

variable SNC_LIB to that location, for example,

:\\gssntlm.dll

i. Right-click My Computer and choose Properties ¨ Advanced ¨

Environment Variables.

ii. In User Variables for enter the following:

Variable: SNC_LIB

Value: :\\gssntlm.dll

iii. Confirm your entries with OK.

iv. To activate the new environment variable setting, log off system and log

on again as the same user.

Copy gssntlm.dll to a directory of the default search path, for example,

%SystemRoot%\system32 and rename the file to sncgss32.dll

This is the default file name that SNC uses when SNC_LIB is neither entered on

the command line nor available in the environment.

3. Set the required logon options to activate SSO:

a. In the SAP logon window, choose Edit ¨ Advanced

The Advanced Options dialog box appears.

b. In the SNC name field, enter:

p:\SAPService

is the Windows domain that the user SAPService

belongs to.

If the system HWA is running on account SAPServiceHWA of the DEC_NT

domain, you enter:

p:DEC_NT\SAPServiceHWA

Mapping SAP System Users to Windows Users for Single Sign-On

Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

topics