Complete the planning work sheets

The following planning work sheets are tailored to fit this scenario based on the general single signon planning worksheets. These planning work sheets demonstrate the information that you need to gather and the decisions you need to make to prepare for this scenario. To ensure a successful implementation, you must be able to answer Yes to all prerequisite items in the work sheet and you should gather all the information necessary to complete the work sheets before you perform any configuration tasks.

Table 1. Propagate network authentication service and EIM - prerequisite work sheet
Prerequisite work sheet Answers
Is your iSeries™ V5R3 (5722-SS1) or later for the following systems:
  • iSeries MC1
  • iSeries A
  • iSeries B
  • iSeries C
 Yes
Have you applied the latest program temporary fixes (PTFs)? Yes
For iSeries D, is your iSeries V5R2 (5722-SS1) or later? Yes
For iSeries D, have you applied the latest program temporary fixes (PTFs), including the following:
  • SI08977
  • SI08979
 Yes
Are the following options and licensed products installed on all your iSeries systems?
  • iSeries Host Servers (5722-SS1 Option 12)
  • iSeries (5722-XE1)
  • Cryptographic Access Provider (5722-AC3) for V5R2 or V5R3 systems
 Yes
Is i5/OS™ V5R3 or later iSeries (5722-XE1) installed on the administrator's PC? Yes
Is i5/OS V5R3 or later iSeries Navigator installed on the administrator's PC?
  • Is the Network subcomponent of iSeries Navigator installed on the administrator's PC?
  • Is the Security subcomponent of iSeries Navigator installed on the administrator's PC?
 Yes
Have you installed the latest IBMe(logo) server iSeries Access for Windows® service pack? For the latest service pack see iSeries Accesslink outside the Information Center. Yes
Do you have *SECADM, *ALLOBJ, and *IOSYSCFG special authorities? Yes
Do you have one of the following systems acting as the Kerberos server? If yes, specify which system.
  1. Microsoft® Windows 2000 Server
    Note: Microsoft Windows 2000 Server uses Kerberos authentication as its default security mechanism.
  2. Windows (R) Server 2003
  3. i5/OS PASE (V5R3 or later)
  4. AIX® server
  5. zSeries®
 Yes, Windows 2000 Server
For Windows 2000 Server and Windows (R) Server 2003, do you have Windows Support Tools (which provides the ktpass tool) installed? Yes
Is the iSeries system time within 5 minutes of the system time on the Kerberos server? If not see Synchronize system times. Yes
Table 2. Propagate network authentication service and EIM - planning work sheet
Planning work sheet for propagating the network authentication service and EIM configurations from iSeries A to iSeries B and iSeries C Answers
What is the name of the system group? MyCo system group
Which systems will be included in this system group? iSeries B, iSeries C
Which system is the model system? iSeries A
Which functions do you plan to propagate to this system group? Network authentication service and Enterprise Identity Mapping (EIM)
Which type of keytab entries do you want to add to the keytab file for the target systems? i5/OS Kerberos Authentication
What are the passwords that are associated with each of the service principals for the model and target systems?
Note: Any and all passwords specified in this scenario are for example purposes only. To prevent a compromise to your system or network security, you should never use these passwords as part of your own configuration.

Password for the principals for
iSeries A, B, and C: iseriesa123
Password for the principal for
iSeries D: iseriesd123
Which user do you want to use to connect to the domain controller?

User type: Distinguished name and password
Distinguished name: cn=administrator
Password: mycopwd
Parent topic: Scenario: Propagate network authentication service and EIM across multiple systems
Next topic: Create a system group