Configure network authentication service on iSeries A

The stage needs to be set just so.
  1. In iSeries™ Navigator, expand iSeries A > Security.
  2. Right-click Network Authentication Service and select Configure to start the configuration wizard.
    Note: After you have configured network authentication service, this option will be Reconfigure.
  3. Review the Welcome page for information about what objects the wizard creates. Click Next.
  4. On the Specify realm information page, enter MYCO.COM in the Default realm field and select Microsoft Active Directory is used for Kerberos authentication. Click Next.
  5. On the Specify KDC information page, enter kdc1.myco.com for the Kerberos server in the KDC field and enter 88 in the Port field. Click Next.
  6. On the Specify password information page, select Yes. Enter kdc1.myco.com in the Password server field and 464 in the Port field. Click Next.
  7. On the Select keytab entries page, select i5/OS Kerberos Authentication. Click Next.
  8. On the Create i5/OS keytab entry page, enter and confirm a password. For example, iseriesa123. This password will be used when iSeries A is added to the Kerberos server.
    Note: Any and all passwords used within this scenario are for example purposes only. They should not be used during an actual configuration.
    Click Next.
  9. Optional: On the Create batch file page, select Yes to create this file, and specify the following information:
    • Batch file: Add the text iseriesa to the end of the default batch file name. For example, C:\Documents and Settings\All Users\Documents\IBM\Client Access\NASConfigiseriesa.bat.
    • Select Include password. This ensures that all passwords associated with the i5/OS™ service principal are included in the batch file. It is important to note that passwords are displayed in clear text and can be read by anyone with read access to the batch file. Therefore, it is recommended that you delete the batch file from the Kerberos server and from your PC immediately after use.
      Note: Alternatively, you can add service principals that are generated by the wizard manually to the Kerberos server. If you want to know how to manually add the i5/OS service principal to the Kerberos server, see Add i5/OS principals to the Kerberos server.
  10. On the Summary page, review the network authentication service configuration details. Click Finish.
Parent topic: Scenario: Configure network authentication service
Previous topic: Complete the planning work sheets
Next topic: Add iSeries A principal to the Kerberos server