friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahq_5.4.0.1/rzahqsuepi.htm

147 lines
9.0 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-13" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>The QAS400NT user</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<a name="rzahqsuepi"></a>
<h2 id="rzahqsuepi">The QAS400NT user</h2>
<p>You need to set up the QAS400NT user in order to successfully enroll an i5/OS&trade; user or group profile on a domain or local server in the following cases:</p>
<ul>
<li>You are enrolling on a domain through a member server.</li>
<li> You are enrolling on a local server using a template which specifies
a home directory path, as is discussed in the section <a href="rzahqhomdtemp.htm#rzahqhomdtemp">Specify a home directory in a template</a>).</li>
<li> You are enrolling on a domain through an i5/OS partition which contains both domain
controllers and member servers on the same domain.</li></ul><p class="indatacontent"> You do not need to set up the QAS400NT user in order to successfully
enroll an i5/OS user or group profile on a domain or local server in the following
cases:</p>
<ul>
<li>You are enrolling on a domain through an i5/OS partition which contains a domain controller
but no member servers on the same domain.</li>
<li> You are enrolling on a local server (or locally on a member server) using
a template which does not specify a home directory path.</li></ul><p class="indatacontent"> If you need to set up the QAS400NT user, follow these steps:</p>
<ol type="1">
<li> Create the QAS400NT user profile on i5/OS with User class *USER. Take note of the
password because you need it in the next step. Make sure that the password
complies with the rules for Windows passwords if you are enrolling on a domain.
See <a href="rzahqpasswdconsids.htm#rzahqpasswdconsids">Password considerations</a>.</li>
<li>Create the QAS400NT user account on the Windows console of the integrated
Windows server you are enrolling through. Note that the i5/OS user profile
password and Windows user account password must be the same for the QAS400NT
user.
<ol type="a">
<li>Setting up QAS400NT on a domain controller
<p>On the domain controller
of the domain you are setting up enrollment for, create the QAS400NT user
account as follows:</p>
<ol type="i">
<li>From the integrated server console
<ol type="1">
<li>
<ul>
<li>In Windows 2000 Server click <span class="bold">Start &ndash;> Programs &ndash;>
Administrative Tools &ndash;> Computer Management &ndash;> Local Users and
Groups</span>.</li>
<li>In Windows Server 2003 click <span class="bold">Start &ndash;> Programs &ndash;>
Administrative Tools &ndash;> Computer Management &ndash;> System Tools &ndash;>
Local Users and Groups</span>.</li></ul></li>
<li>Select <span class="bold">System Tools &ndash;> Local Users and Groups</span>.</li></ol></li>
<li>Right-click the <span class="bold">Users</span> folder (or the folder that
the user belongs to), and select <span class="bold">New &mdash;> User</span>...</li>
<li>Enter the following settings:
<pre class="xmp">Full name: qas400nt
User logon name: qas400nt</pre></li>
<li>Click Next. Enter the following settings:
<pre class="xmp">Password: (the same password as you used for QAS400NT on i5/OS)
Deselect: User must change password at next logon
Select: User cannot change password
Select: Password never expires</pre></li>
<li>Click Next, then Finish</li>
<li>Right click the QAS400NT user icon and select Properties.</li>
<li>Click the <span class="bold">Member Of</span> tab and then Add.</li>
<li>Enter <tt>Domain Admins</tt> in the box and click OK,
then OK again. This gives the QAS400NT user account sufficient rights to create
users.</li></ol></li>
<li>Setting up QAS400NT on a local server
<p>On the local server (or member
server if you are enrolling locally) you are setting up enrollment for, create
the QAS400NT user account as follows:</p>
<ol type="i">
<li>From the integrated server console
<ul>
<li>In Windows 2000 Server click <span class="bold">Start &mdash;> Programs &mdash;>
Administrative Tools &mdash;> Computer Management &mdash;> Local Users and
Groups</span>.</li>
<li>In Windows Server 2003 click <span class="bold">Start &mdash;> Programs &mdash;>
Administrative Tools &mdash;> Computer Management &mdash;> System Tools &mdash;>
Local Users and Groups</span>.</li></ul></li>
<li>Right-click the <span class="bold">Users</span> folder, and select <span class="bold">New User....</span></li>
<li>Enter the following settings:
<pre class="xmp">User name: qas400nt
Full name: qas400nt
Password: (the same password as you used for QAS400NT on i5/OS)
Deselect: User must change password at next logon
Select: User cannot change password
Select: Password never expires</pre></li>
<li>Click Create, then Close.</li>
<li>Right click the QAS400NT user icon and select Properties.</li>
<li>Click the Member Of tab and then Add.</li>
<li>Enter Administrators in the box and click OK, then OK again. This gives
the QAS400NT user account rights to the User Administration Service.</li></ol></li></ol></li>
<li>Enroll the i5/OS QAS400NT user profile on the domain or local server
using iSeries&trade; Navigator or the CHGNWSUSRA command. Refer to: <a href="rzahqenspi.htm#rzahqenspi">Enroll a single i5/OS user to the Windows environment using iSeries Navigator</a>,
for a description of how to do this. Do not try to use a template when enrolling
QAS400NT.</li>
<li>Use iSeries Navigator or the WRKNWSENR command to confirm that QAS400NT has
been successfully enrolled. You may now enroll i5/OS user profiles through domain controllers
or member servers on the domain.</li></ol><p class="indatacontent">Notes:</p>
<ul>
<li>You may change the QAS400NT password from i5/OS since it is now an enrolled user.</li>
<li> If there are multiple integrated servers that belong to different domains
on a single i5/OS partition, you must set up QAS400NT for each domain. All QAS400NT
user accounts must have the same password as the i5/OS user profile. Alternatively, consider
using Active Directory or trust relationships between domains, and enroll
users on only a single domain.</li>
<li> If you have multiple i5/OS partitions and multiple integrated servers,
QAS400NT passwords on different i5/OS partitions can be different as long as
each domain does not contain integrated servers on more than one i5/OS partition.
The rule is, all i5/OS QAS400NT user profiles and corresponding Windows
user accounts must have the same password for a single domain.</li>
<li> Be sure not to delete the QAS400NT user profile on i5/OS, or let the
password expire. To minimize the risk of the QAS400NT password expiring on
one of multiple i5/OS partitions on the same Windows domain, it is recommended
that you allow only one i5/OS partition to propagate changes to the QAS400NT user
profile. Refer to <a href="rzahqpreventingenrollment.htm#rzahqpreventingenrollment">Preventing enrollment and propagation to an integrated Windows server</a>, for a description
of how to do this.</li>
<li> If you have multiple i5/OS partitions, each with an integrated Windows
server on the same domain, failing to keep the QAS400NT password synchronized
across all i5/OS partitions can cause enrollment problems. To minimize this problem,
it is recommended that you limit propagation of changes to the QAS400NT password
to just one i5/OS partition, but still allow other partitions to keep sufficient
authority to enroll users. Then, failure to change a password on one of the
other partitions prevents user enrollment from that partition only. Refer
to <a href="rzahqpreventingenrollment.htm#rzahqpreventingenrollment">Preventing enrollment and propagation to an integrated Windows server</a>, for a description of how to do
this.</li></ul>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink