friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahq_5.4.0.1/rzahqtuapi.htm

86 lines
5.6 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-13" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>User enrollment authorization problems</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<a name="rzahqtuapi"></a>
<h3 id="rzahqtuapi">User enrollment authorization problems</h3>
<p>If you get an error (NTA0282) that indicates insufficient authorization
to create and update integrated server users, take action as appropriate.</p>
<ul>
<li>If you are trying to enroll users and groups to a domain for the first
time, ensure that you set up a QAS400NT user ID to provide the necessary
authorization. The topic, <a href="rzahqsuepi.htm#rzahqsuepi">The QAS400NT user</a>, tells you how. Also ensure
that the user is configured as a traditional user, which means that the user
must specify an iSeries&trade; password and have local password management enabled.
See <a href="rzahqencco.htm#rzahqencco">Types of user configurations</a>.</li>
<li>If you have been successfully enrolling users and groups for awhile, check
to see if the i5/OS password for the QAS400NT user has expired. When the
QAS400NT user password expires, the account on the integrated server also
expires. To correct this situation, do the following.
<ol type="1">
<li>Enable the integrated server account.
<p><span class="bold">On a domain
controller:</span></p>
<ol type="a">
<li>Open <span class="bold">Start</span> &mdash;> <span class="bold">Programs</span> &mdash;> <span class="bold">Administrative Tools</span>.</li>
<li>Select <span class="bold">Active Directory Users and Computers</span>.</li>
<li>Right-click <span class="bold">Users</span>, then double-click <span class="bold">QAS400NT</span>.</li>
<li>Click on the <span class="bold">Account</span> tab at the top of the <span class="bold">User Properties</span> window.</li>
<li>Change the <span class="bold">Account expires</span> date to a date in the
future and click <span class="bold">Never</span>.</li></ol>
<p><span class="bold">On a local integrated Windows server:</span></p>
<ol type="a">
<li>Open <span class="bold">Start</span>, <span class="bold">Programs</span>, <span class="bold">Administrative Tools</span>.</li>
<li>Select <span class="bold">Computer Management</span>.</li>
<li>Expand <span class="bold">System Tools</span>; then expand <span class="bold">Local Users and Groups</span>.</li>
<li>Right-click <span class="bold">QAS400NT</span> from the list.</li>
<li>Click on the <span class="bold">Account</span> tab at the top of the <span class="bold">User Properties</span> window.</li>
<li>Change the <span class="bold">Account expires</span> date to a date in the
future and click <span class="bold">Never</span>.</li></ol></li>
<li>On i5/OS, use the Change user profile (CHGUSRPRF) or Change password (CHGPWD)
command to change the QAS400NT user password.</li>
<li>Restart the iSeries User Administration Service.
<ol type="a">
<li>Click on <span class="bold">Start</span>, then <span class="bold">Programs</span>,
then <span class="bold">Administrative Tools</span>, then <span class="bold">Component
Services</span>.</li>
<li>Click on <span class="bold">Services</span>.</li>
<li>Click on <span class="bold">iSeries User Administration</span>, then right-click <span class="bold">Stop</span> to stop the service.</li>
<li>Click on <span class="bold">iSeries User Administration</span>, then right-click <span class="bold">Start</span> to restart the service.</li></ol></li></ol>
<p>Restarting the service automatically retries the enrollment of the
users and groups.</p>
<p>To avoid this problem, be sure to change the QAS400NT
password periodically on your i5/OS system to prevent the password from expiring.</p>
<p>If you have more than one iSeries with multiple integrated servers
that participate in a Windows domain, you can minimize password expiration
problems by implementing the steps described here: <a href="rzahqsuepi.htm#rzahqsuepi">The QAS400NT user</a>.</p></li>
<li>If the problem still persists, check the technical information databases
at the IBM&reg;
<img src="eserver.gif" alt="IBM branded eserver" /><a href="http://www.ibm.com/eserver/iseries/support/"> iSeries Support Web page</a>
<img src="www.gif" alt="Link outside Information Center." />. If you cannot find the solution there, contact
your technical support provider.</li></ul>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink