SAP GUI connection through SNC for Internet Users

former_member337858 · ‎09-13-2012

Dear All,

We have following land scape:-

SAP As Abap installed on windows 2008 R2

Windows 2008 R2 Active directory server

We have requirement from our security department to enable SNC for communicating with SAP server through SAP GUI. We have activated/configured SNC to our SAP server (AS ABAP) using kerberos infrastructure by installing the following:-

Secure Login Library on our ABAP Server

Client Encryption software on our client machine running SAP GUI 7.3.

The user login in our windows 2008 R2 Active directory and are able to connect to our SAP server through SAP GUI with SNC. This setup works fine in our LAN/WAN environment where AD is accessible. But the problem arises, when some of users connect with SAP Server through our sap router machine from their homes, Field offices etc. They get the following error:-

GSS-API(maj): No credentials were supplied.

Unable to establish the security context

target="p:CN=SAP/KerberosXXX@ABC.XXX.XX

Error in SNC

Please advise the following:-

How we can enable SNC for user accessing SAP server with SAP GUI through SAP routers from their homes and from field offices where our Active Directory is not available/accessible or users which don't have our active directory account.

Kind Regards

N

martin_voros · ‎09-14-2012

Hi,

you can't. AD needs to issue a token that is accepted by SAP system for authentication. One solution is to deploy some kind of VPN solution. It's possible to set up VPN in a way that AD will be accessible to clients connected via VPN. Other option is to allow password logon for some subset of users.

Cheers,

Martin

former_member337858 · ‎09-17-2012

Martin,

Thank you for your response. Any advise regarding the solution, in which we can enable the snc for the users accessing SAP server through internet. I mean outside the LAN/WAN environment.