cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

In NWA, start and stop services asking for OS user password

Go to solution
former_member522541
Explorer

on ‎09-14-2017 4:23 PM

0 Kudos

Hello Friends,

Since migration from Windows to Linux, I'm facing issue. System is asking for OS Credentials when I am trying to go into start and stop in NWA.

It is not clear that this is default behavior of Linux.

Best regards,

Moreshwar

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member189220
Active Contributor
‎09-24-2017 9:36 AM
0 Kudos

SAP Security was implemented even stronger, and now the previously available SAPControl Web methods are no longer available without authorization.

SAPControl is operating as Linux/UNIX deamon and as Windows service.

In both cases, it is an OS level module which requires specific OS level credentials to be provided. For more details, check the relevant SAP Note 1439348 and SAP Note 927637.

One possible workaround is to make SAPControl Web methods accessible ...

1. Change the protection level to "DEFAULT" instead of "SDEFAULT".
Execute: service/protectedwebmethods = DEFAULT

2. Restart the service. Execute:
/usr/sap/<SID>/<Instance>/exe>sapcontrol -nr <instance number> -function RestartService
or
<Drive>:\usr\sap\<SID>\<Instance>\exe>sapcontrol -nr <instance number> -function RestartService

3. If you now call the "GetInstanceProperties" Web method, it should return much smaller list with protected methods than before. Execute:
<Drive>:\usr\sap\<SID>\<Instance>\exe>sapcontrol -nr <instance number> -function GetInstanceProperties

Yet, please keep in mind that the above workaround decrease the security level of SAP Instance Agent (SAPControl) web service interface!

Show replies
Show replies

Answers (5)

Answers (5)

former_member522541
Explorer
‎10-13-2017 6:49 AM

Hello All,

We can disable it by changing parameter "service/protectedwebmethods" to NONE but it is not recommended.

Best regards,

Moreshwar

Show replies
Show replies
former_member522541
Explorer
‎09-25-2017 8:57 AM

Hi Milen,

Thanks a lot for information you shared. I will try to implement this workaround and will get back to you.

Best regards,

Moreshwar

Show replies
Show replies
Former Member
‎09-26-2017 7:37 PM
0 Kudos

Hi Moreshwar,

To answer your main question, This is default behavior of NWA. Whenever we try to start/stop system from NWA, It asks for sidadm credentials.

Thanks,

Shivam

Show replies
Show replies
former_member522541
Explorer
‎09-22-2017 5:59 PM
0 Kudos

Hey Isaías,

Thanks for your reply!

Nothing was changed during migration.

Is it normal behavior of systems running on Linux?

Best regards,

Moreshwar

Show replies
Show replies
isaias_freitas
Advisor
Advisor
‎09-15-2017 1:39 PM
0 Kudos

Hello Moreshwar,

During the migration, was anything else changed?

Like SAP upgrade, SAP kernel update / upgrade, ...

I made a test at an internal test system here (running on Linux), and it asks for the OS credentials.

Best regards,

Isaías

Show replies
Show replies
Ask a Question