05-12-2011 3:49 PM
All our users use SAP Gui single signon via the sncgss32.dll (i.e. NT LAN Manager, not Kerberos). This normally passes through their network login from their Windows PC and matches it with the SNC name in their user master record in order to log them in with the correct SAP userid. We have a user who has changed their network login, but the SAP Gui still seems to be passing through their old login. I'm wondering if it may be cached somewhere in their PC file-system ? When they access a system they haven't accessed before the new (correct) login is passed through OK.
Thanks for any help you can offer on this.
05-12-2011 4:01 PM
Andrew,
When a user logs onto windows using a domain account, their Kerberos credentials are cached in memory (not on disk). if the user's samAccountName is changed in AD and they log off and on again, then new tickets are issued and cached.
Did your user log off after changing their AD account ?
Did the samAccountName (pre-windows 2000 name) get changed, since this is the name used for the Kerberos principal name of the user.
Thanks,
Tim
05-16-2011 8:58 AM
Hello, we aren't using kerberos authentication. We use the NT Lan Manager Security Service Provider (NTLM SSP) which uses a different dll. See note 352295 for details. Thanks.
06-12-2012 3:48 AM
This problem can be fixed by asking user to change password after renamed Windows network ID. For technical details, please refer to https://cw.sdn.sap.com/cw/ideas/10783.