This section describes how to enable Active Directory authentication prompting from the Single Sign-on for SAP module.
To enable Active Directory authentication prompting from the Single Sign-on for SAP module
Change the following registry values from 0 to 1:
On 32-bit machines: HKEY_LOCAL_MACHINE\Software\Quest Software\SSO for SAP\Always Prompt.
On 64-bit machines: HKEY_LOCAL_MACHINE\Software\Wow6432Node\Quest Software\SSO for SAP\Always Prompt.
To use SAPlpd with SNC, you must provide the SAPlpd system on the front-end desktop with the local library path and identity information.
To configure SAPlpd on the front-end system
If it does not exist yet, create a SAPLPD.INI file in the Windows directory.
Add the following section to the SAPLPD.INI file:
[snc] enable=1 identity/lpd=<SNC-Name_of_saplpd> gssapi_lib=<drive>:\path\to\your\snclib.dll
NOTE: You can omit the gssapi_lib= entry when you have the environment variable (SNC_LIB) configured as a system environment variable.
The identity/lpd variable, <SNC-Name_of_saplpd>, is in the SNC form of the user logged in and running SAPlpd. You must use this format: u:samaccountname@realm, where samaccountname is the SAM account name of the currently logged in user and realm is the Active Directory domain name.
NOTE: You can also add these settings to the WIN.INI file if you do not want to create the SAPLPD.INI file.
Run SAPlpd.
A window appears, listing the output from the SAPlpd startup:
From the SAPLOPD.LOG – SAPLPD window, select the Options > Secured Connections menu item.
On the Secured connection dialog, select the Use if possible and Privacy protection of data options, then click Add new connection to go to the Access Control List maintenance for SAPlpd.
On the Authorized connections dialog, in the Last authenticated connection initiator field, enter the SNC-name of the application servers that will be transferring print jobs to this SAPlpd using SNC.
This is the value of the snc/identity/as key from the instance profile on the Safeguard Authentication Services-enabled SAP Server. See Enabling SNC on the SAP server.
Click Authorize to add this name to the list of authorized connection initiators.
Close all open SAPlpd dialogs by clicking their respective OKbuttons.
Your front-end desktop is now configured to securely connect.
You can use SAPlpd with SNC by configuring SAPlpd on the SAP server.
To configure SAPlpd on the SAP server
Create a new output device (Printer) by navigating to Configuration > Output devices from the Spool Administration screen.
You can apply these same settings to an existing device.
Click the Device Attributes tab.
Enter the appropriate information:
Output Device
Short name
Device Type
Spool Server
To populate the Spool Server field, press F4 or click 
Click the Access Method tab.
Set the Host Spool Access Method to S: Print Using SAP Protocol.
Enter the host name of the printer.
Enter the host name of the front-end system as the Destination host.
Select the Do Not Query Host Spooler for Output Status option.
Select the Security tab and select a level of security:
Only Authentication
Integrity Protection
Privacy Protection
To set SNC as required, change Security Mode to Only Use Secure Transfer.
In the Identity of the Remote SAPlpd for the Security System field, enter the SNC name in the following format:
u:samaccountname@realm
This is the Active Directory user who will be logged in when using this instance of SAPlpd.
Save the changes and exit the Spool Administration screens.
You can check if SAPlpd is still running by testing the printer connection.
To test the printer connection and verify that SAPlpd is still running
From the list of output devices, click the Printer icon or navigate to System > List > Print.
On the Print Screen List dialog, select the SNC-enabled output device that you just created, then change the Time of Print to Print out immediately.
Click Continue or 
You can track the status and progress.
© ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center
