on 06-20-2013 2:46 AM
Hi Experts,
We'd like to use SAPGUI SSO with Kerberos.
ERP is installed under AD root domain (ROOT.COM) in the forest.
Users are belongs to AD sub domain (SUBDOM.COM) in the same forest.
ERP is installed under ROOT.COM, service user is SAPService<SID>@ROOT.COM.
SNC name in user profile (SU01) is p:testuser@SUBDOM.COM
SAP Logon entry for SSO has SNC name, p:SAPService<SID>@ROOT.COM.
Then user tries to log on via the entry for SSO, the error message "No user exists with SNC name "p:testuser@SUBDOM.COM""
I guess user's SNC name should be changed but I couldn't find what should be changed.
Kindly advise what setting is missing in our environment.
best regards,
Megumi
To the best of my knowledge this is also case sensitive. You might need to put in p:Testuser@SUBDOM.COM instead of p:testuser@SUBDOM.com. The user ID should match with AD's pre-windows 2000 logon name. Atleast that this the way it works in our environment.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Tim, Salim,
Thanks to your advice, I re-set SNC name of user specifying the character of Windows logon.
Finally solved the issue!
Thank you very much.
Megumi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Please edit the user using su01 and change the SNC name in SNC tab to something like p:dummy@SUBDOM.COM. Then save this change. Next, change the SNC name to p:testuser@SUBDOM.COM and save this change. Then try to logon and see what happens ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The case and full name of the authenticated user as defined in AD is shown in the message "No user exists with SNC name". This message shows that the user has been authenticated and their SNC name is shown in this message. The SAP user is then determined by the entry in USRACL table and there needs to be an exact match.
I asked you to change, save, change again and save because there is a field in USRACL for each entry (like a checksum) which is generated when you save the entry, and I have seen an issue before where the checksum is not valid anymore so saving the entry again causes the new checksum to be generated. As you have tried this, it looks like the issue is something else.
If you have checked the name is correct and the case is correct, then I cannot think of anything else which might be wrong. Maybe you can share the screen capture showing the message you see when you try to login and also showing a screen of what the SNC tab looks like in SU01 for the user.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.