cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

R/3 installation local/domain differences

Former Member

on ‎08-24-2006 4:40 PM

0 Kudos

Hi,

Client wanted to Implement ECC6 Landscape installation on Windows. My question is during installation which method recomenadable Local/Domain .

If it is local how the transport" \usr\sap\trans "directory would be shared from across dev,qa,and prod systems.

In Unix we can use NFS mounts .what about windows if i install local installation.

For domain installation they need to create a user with domain admin rights . also can create domian groups.

Which method recomenadable .Since client is fully secured , Also let me know what are the ports need to open to communicate between the systems (dev/qa/prod) and fronend users.

Thanks in advance,

kristene

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎08-24-2006 6:03 PM
0 Kudos

Hi NPC,

You mean if do local installation , can not integrate single sign on , etc later that .

- Kristene

Show replies
Show replies
Former Member
‎08-28-2006 8:24 AM
0 Kudos

yes.

single sign on (using the kerberos adapter) needs a domain structure to allow the server processes to authenticate the Windows Desktop users as member of a domain.

regards

Peter

Former Member
‎08-24-2006 5:02 PM
0 Kudos

Hi,

My colliques said , we can go local installation also. Same like in UNIX installation.

Is there any problem if i install local installation menthod.

- Kristene

Show replies
Show replies
Former Member
‎08-24-2006 5:30 PM
0 Kudos

Hi

I do not advise a local installation. If you do this you do indeed have an installation like a Unix system - no centralized operating system user account management. This is one of the very good features of SAP on Windows. Also features such as SAPGUI single sign on do not work with local accounts (SAPGUI can logon automatically using your Windows logon details to authenticate you - look in the install guide for "kerberos"

I do not advise installing using local accounts and then changing to domain accounts later. SAPInst sets some environment variables for the service accounts during the installation.

I strongly recommend you ask you AD team to either (A) create the accounts for you before the installation or (B) ask them to make a container in the AD that you can administer yourself.

NPC

Rudi_Wiesmayr
Active Participant
‎08-25-2006 7:45 AM
0 Kudos

I agree that you SHOULD DO a domain installation.

As I mentioned, the "workaround version" described in the InstGuides are helpful. After some additional work everything is fine...

To set the environment variables, SAP has provided NTREG2ENV and NTENV2REG...

Kind regards, Rudi

Former Member
‎08-28-2006 8:22 AM
0 Kudos

there are some more things to do to switch local users to domain users. In fact a local user - even he has the same username is a different user with different environment, different Windows User group membership.

In older version of R/3 software it was easier to swtich manually from local to domain users.

But still in this environment it's a lot of more things than only switching environment:

- Group Membership in Domain Groups

- Registry values

- Security settings on the file system

But meanwhile (Kernel version 700) SAPServiceSID is no longer member of the local Administrators an this needs also special security settings on services, Registry keys and and and...

Therefore it is no good idea to advice to install locally and switching manually to domain users.

Peter

Rudi_Wiesmayr
Active Participant
‎08-24-2006 4:54 PM
0 Kudos

Hi!

If I understand you right, you only are not allowed to use a domain admin user.

This is no problem for a "domain installation".

There is a chapter for this situation in the installation guides. Just follow the instructions, install locally and then switch everything from the local users to the domain users.

Sharing the trans tree is no problem. Just give the system users the permissions and that 's it.

We do this always this way, as we face the same restriction.

HTH

Rudi

Show replies
Show replies
Former Member
‎08-24-2006 4:49 PM
0 Kudos

Hello Kristene,

Always install SAP in a Domain. You may want to talk to your Active Directory team regarding their domain structure to select the most appropriate domain if your customer is using a multi-domain architecture.

The ECC 6.0 installation guide and the Netweaver 2004s installation guides have a section on "How to install SAP if you do not have domain admin access". It is explained in detail. Basically you get your AD team to create the accounts prior to your installation.

I would recommend you AD team create a new container and delegate control of the container to the Basis team. You should create all your service accounts in this container.

If you want to determine which ports to open - you can look at the windows\system32\drivers\etc\services file. This applies only for ABAP based systems, not Java. If you ask you security team to open 3200-3600, 4800-4801 and 40080-49980 this usually will work.

Good luck

NPC

Show replies
Show replies
Ask a Question