on 07-17-2007 9:50 AM
Hi!
How to delete the DDIC and SAP* entries in the database "Oracle".
I have the problem, to install the SAP system due to change the default password to tha master password. I have changed the both passwords for DDIC and SAP* to the master password manually.
BUT, I receive the error during the installation "Name or password is incorrect".
with the report "runRADDBDIF".
Thank you!
regards
Forgive the vagueness with regards to any details, it's been several months:
I had this happen due to a hostname problem during an SAP install (ECC 6.0). I ended up somehow locking out DDIC and SAP* while trying to log in via the GUI to fix DDIC's password (this was after a majority of the install had finished and the GUI would actually come up).
The end solution was to delete the SAP* and DDIC users out of the USR02 table and stop the system and re-run the install. (It was smart enough to pick up where it had left off). There was some parameter in one of the profiles that I had to change related to the SAP* default user/password combo when it's missing from the USR02 table, I can't recall it at the moment, but remember the default being opposite to what in prior releases had been the less-secure setting (I'm sure another Basis person could tell you easily what parameter that is)).
Hope this somewhat helps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Michael,
the parameter you are talking about is probably this one:
login/no_automatic_user_sapstar = 0
If set to "0", there is a hardcoded password for the user SAP* if there is no entry for SAP* in USR02. The password is "pass". This parameter is usually used if you do a client copy, you need to log on to the new client to start the copy using this user.
Remove this parameter and restart the system as soon as it is not needed any more -- it is a security risk.
See SAP note 68048 for more details.
Best regards,
Elmar.
Yes, that is the parameter I was trying to recall, and I agree this is a security risk to leave it changed, however it proved useful as a temporary change so we had not locked out SAP* and DDIC in the installation process and have to start all over. Once the installation is done, you'd want to change it back.
I also forgot to mention, after deleting SAP* (or DDIC), you have to stop the installation/SAP system because the user is in the user context area of memory even though it is gone out of USR02.
Hi Axel,
the error in step "run RADDBDIF" is not always related to wrong passwords (the error message gives a wrong hint here...).
There are some other reasons which could cause the same error:
- write failed to /usr/sap/trans
- network problems, hostname inconsistency,...
Please check that /usr/sap/trans is writable for your SAP system, also check your network settings (ping <hostname> should ping the IP-Adress, not 127.0.0.x; ping <IP-Address> should resolve to the proper hostname).
Check the log files from your installation (dev_rfc, sapinst_dev.log) and post them here.
Best regards,
Elmar.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
<i>> I have modified the .hosts-file and changed the entry to the localhost.</i>
What exactly did you change? "ping <hostname>" should not ping 127.0.0.x, hostname should return only the hostname (without domain).
<i>> The error I am getting is "User not authorized" Unable to open RFC-connection.</i>
- This is a different error than the one you posted initially, isn't it? Can you post sapinst_dev.log (last ~30 lines), dev_rfc etc. here?
See also oss note 9631.
Best regards,
Elmar.
Message was edited by:
Elmar Billen
Hi!
My problem is I have changed the default password to the master password and again to the default password, in order ot avoid the error "RFC connection..."
Now the sapinst would like to change the default password to the master password and failed, because in is not possible to create the same password again.
How to proceed?
Can I create another user and copy it to DDIC an SAP*?
Thank you
This is controlled by the parameter login/password_history_size, which has the default value 5.
So if you try to change the password 5 times to a different value, you should be able to reuse the default password as well as the master password.
Note: you'll have to log on as DDIC each time you set the password and change the password there - passwords set in the SU01 do not change the password history.
But I don't expect this will fix the root cause for the failed RFC step during your installation...
Best regards,
Elmar.
Message was edited by:
Elmar Billen
Message was edited by:
Elmar Billen
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.