cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SNC name for AD sub domain users

Go to solution
Former Member

on ‎06-20-2013 2:46 AM

0 Kudos

Hi Experts,

We'd like to use SAPGUI SSO with Kerberos.

ERP is installed under AD root domain (ROOT.COM) in the forest.

Users are belongs to AD sub domain (SUBDOM.COM) in the same forest.

ERP is installed under ROOT.COM, service user is SAPService<SID>@ROOT.COM.

SNC name in user profile (SU01) is p:testuser@SUBDOM.COM

SAP Logon entry for SSO has SNC name, p:SAPService<SID>@ROOT.COM.

Then user tries to log on via the entry for SSO, the error message "No user exists with SNC name "p:testuser@SUBDOM.COM""

I guess user's SNC name should be changed but I couldn't find what should be changed.

Kindly advise what setting is missing in our environment.

best regards,

Megumi

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member82556
Participant
‎06-20-2013 11:03 PM
0 Kudos

To the best of my knowledge this is also case sensitive.  You might need to put in p:Testuser@SUBDOM.COM instead of p:testuser@SUBDOM.com.  The user ID should match with AD's pre-windows 2000 logon name.  Atleast that this the way it works in our environment.

Show replies
Show replies
Former Member
‎06-21-2013 12:27 PM
0 Kudos

Salim,

To determine what case is used for user ID and domain, I used environment variable with "set" command.

And set ID and domain name as USERDNSDOMAIN and USERNAME.

But still doesn't work.

How do you determine what case is used for id and domain name in AD?

Megumi

Answers (2)

Answers (2)

Former Member
‎06-27-2013 10:00 AM
0 Kudos

Tim, Salim,

Thanks to your advice, I re-set SNC name of user specifying the character of Windows logon.

Finally solved the issue!

Thank you very much.

Megumi

Show replies
Show replies
Former Member
‎06-28-2016 3:15 PM
0 Kudos

Hi Megumi,

We are facing same scenario,

Can you please let me know when you say 're-set SNC name of user specifying the cheracter of Windows logon',  what exactly it means ?  what needs to be changed ?

Regards,

Kunal Salunkhe

former_member82556
Participant
‎06-28-2016 3:53 PM
0 Kudos

It means the SNC field is upper/lower case sensitive.  The UserID must exactly match the Windows 2000 login name in Active Directory, and the domain name should be in upper case.

tim_alsop
Active Contributor
‎06-20-2013 7:19 AM
0 Kudos

Please edit the user using su01 and change the SNC name in SNC tab to something like p:dummy@SUBDOM.COM. Then save this change. Next, change the SNC name to p:testuser@SUBDOM.COM and save this change. Then try to logon and see what happens ?

Show replies
Show replies
Former Member
‎06-20-2013 8:09 AM
0 Kudos

Tim,

I'm sorry I don't understand what you mean.

Just change SNC name to another non-existent one and set it back to original?

What will be tried?

Megumi

tim_alsop
Active Contributor
‎06-20-2013 2:19 PM
0 Kudos

yes, please change the SNC name to something wrong, save the change, then change it to correct value, and save - then test. When saving the entry a value is generated and stored in the USRACL table, and I think this is why it is not working.

Former Member
‎06-21-2013 12:20 PM
0 Kudos

I tried to change and save wrong data and set correct value and save, as you wrote.

Unfortunately, that didn't work though I can find the entry for the user in the USRACL.

Do you have any othe idea to check or try?

Megumi

tim_alsop
Active Contributor
‎06-21-2013 1:55 PM
0 Kudos

The case and full name of the authenticated user as defined in AD is shown in the message "No user exists with SNC name". This message shows that the user has been authenticated and their SNC name is shown in this message. The SAP user is then determined by the entry in USRACL table and there needs to be an exact match.

I asked you to change, save, change again and save because there is a field in USRACL for each entry (like a checksum) which is generated when you save the entry, and I have seen an issue before where the checksum is not valid anymore so saving the entry again causes the new checksum to be generated. As you have tried this, it looks like the issue is something else.

If you have checked the name is correct and the case is correct, then I cannot think of anything else which might be wrong. Maybe you can share the screen capture showing the message you see when you try to login and also showing a screen of what the SNC tab looks like in SU01 for the user.

Ask a Question