on 08-02-2014 10:58 AM
Hi Gurus,
We are in a sort of sticky situation. Our ECC landscape is migrating from Windows 2008 R2 to Linux 64 bit, however our BI and other landscapes continue to be on windows 2008 R2 and we have SSO configured on both the environments.
Our unmigrated Windows Servers are accessed from SAP GUI via SSO [ gxntlm64.dll] NTLM , so correspondingly our environment variable on the frontend is SNC_LIB=c:\windows\system32\sncgss32.dll
My front end laptop's OS is windows 7 64 bit, but as the SAP GUI is a 32 bit application , the .dll file is placed within the system32 folder.
For our migrated SAP systems on Linux machines, I have configured the SSO via kerberos GSS-API v2 via MIT kerberos V5 , so on the front end , I have placed the environment variable SNC_LIB=C:\windows\sysWow64\gsskrb5.dll for the SSO to work.
I have read that for the SAP GUI [which is a 32 bit application] to access to access a 64 bit .dll , we must place them inside the sysWOW folder.This is done and works correctly as desired as well.
Herein is the problem, my landscape requires the SSO for migrated and unmigrated systems to work in parallel i.e. to the unmigrated windows based SAP systems [ based on 32 bit NTLM] along with the migrated server on Linux [ via kerberos 64 bit .dll] , there are Bex /query analyzers involved as well.
I can only seem to get either the SSO via kerberos or the SSO via NTLM working at one time . i.e. if I place the parameter to gsskrb5.dll, the regular SSO to windows based servers via NTLM stops working and vice versa.
Is there a way, in which my systems on linux can also have SSO along with the SSO for windows based systems from the same GUI.
Regards
Prashant Vijaydas
Hi,
This is easy to solve.
First, I wanted to explain that SAP GUI is 32-bit so you need a 32-bit SNC library on the workstations where SAP GUI is installed. If your SAP system on Windows is 64-bit then you need a 64-bit SNC library on the Windows server, and if your SAP system on Linux is 64-bit, you need a 64-bit SNC library on Linux.
Since it is not possible to have more than one SNC library on a Workstation at the same time, and not possible to configure more than one SNC library on the SAP systems, you have to make sure that the SNC library on the workstation uses the same protocol when authenticating users to Windows systems as it does when authenticating users when they logon to Linux systems. I suggest you use Kerberos instead of NTLM for both Windows and Linux, and then you won't need to change SNC_LIB variable to switch between them.
In summary, since your Windows systems are currently using NTLM library, you should change these to use Kerberos and then you can use a Kerberos library on the Workstations to logon to both Linux and Windows systems.
Thanks
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.