05-29-2007 2:15 PM
Hello,
We`re trying to configure SSO for SAPGUI(Windows) via Kerberos. Our infrastructure consists of two domains with a bilateral trust between them. After several tests we concluded that the SAP-system is only looking in his own domain for authentication of the user and not in the other domain. Examples:
1. When we logon with a user in same domain as the SAP-system. SSO is working.
2. When we logon with a user from the other domain to the domain of the SAP-system. SSO is not working.
The ADS(Windows 2003 domain) is not in the same domain as the SAP-systems and we`re using SAPGUI 710. The server that we`re using for our test is a Windows 2000 server in a Windows 2003 domain.
Any ideas?
Kind Regards,
Michael Plein
05-29-2007 3:21 PM
Hi,
You should have the same version of domain controller.
Ex:
You can't have the following infrastructure .
SAP systems are in windows 2003 domain ...
User are logged on to windows 2000 domain ....
Regards
Ben
05-29-2007 3:21 PM
Hi,
You should have the same version of domain controller.
Ex:
You can't have the following infrastructure .
SAP systems are in windows 2003 domain ...
User are logged on to windows 2000 domain ....
Regards
Ben
05-29-2007 3:31 PM
Hey Ben,
Thank you for your reaction.
There`s a slight difference in your answer and the situation we have i think.
Both the domains are 2003 but the the SAP-server is running on Windows 2000 Server. Does this give any problems?
Regards,
Michael
05-29-2007 3:46 PM
05-29-2007 3:48 PM
05-29-2007 3:30 PM
Michael,
If you would like a solution to this problem, where the Windows server(s) running SAP are joined to a different domain, or even not joined to a domain - the company I represent (CyberSafe Limited) has a product which will meet your needs. We provide SAP SNC certified GSS-API libraries, which we sell to customers running SAP on UNIX or Linux, and we also have same libraries for Windows. SAP customers typically use our product on Windows servers when they have a mixture of Windows and UNIX servers in their landscape and are looking for a solution from one vendor for both platforms, or if they have a domain trust problem like you have.
I can arrange a free evaluation of our product, and provide you with price details if you contact me offline. This has to be offline because discussing vendor specifics like this should not be on SDN.
Thanks,
Tim