friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakh_5.4.0.1/rzakhpdns.htm

386 lines
22 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Host name resolution considerations" />
<meta name="abstract" content="Ensure that Kerberos authentication and host name resolution work properly with your Kerberos enabled applications by verifying that your PCs and your iSeries servers resolve the same host name for the system on which the service application resides." />
<meta name="description" content="Ensure that Kerberos authentication and host name resolution work properly with your Kerberos enabled applications by verifying that your PCs and your iSeries servers resolve the same host name for the system on which the service application resides." />
<meta name="DC.Relation" scheme="URI" content="rzakhplan.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhpprin.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhplanwrkshts.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakhpdns" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Host name resolution considerations</title>
</head>
<body>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<div class="nested0" id="rzakhpdns"><a name="rzakhpdns"><!-- --></a><h1 class="topictitle1">Host name resolution considerations</h1>
<div><p>Ensure that Kerberos authentication and host name resolution work
properly with your Kerberos enabled applications by verifying that your PCs
and your iSeries™ servers
resolve the same host name for the system on which the service application
resides. </p>
<p>In a Kerberos environment, both the client and the server use some method
of host name resolution to determine the host name for the system on which
a particular application or service resides. If the iSeries servers and the PCs use a Domain
Name System (DNS) server, it is important that they use the same DNS server
to perform host name resolution or, if they use more than one DNS server,
that the host names are the same on both DNS servers. If your iSeries system
or PC resolve host names locally (from a local host table or file) they might
resolve a host name that is different than the corresponding host name recorded
on the DNS server. This might cause network authentication service to fail.</p>
<p>To ensure that Kerberos authentication and host name resolution work properly
with your Kerberos enabled applications, you must verify that your PCs and
your iSeries servers
resolve the same host name for the system on which the service application
resides. In the following example, this system is called iSeries A.</p>
<p>The following instructions demonstrate how to determine whether the PCs
and iSeries systems
resolve the same name for iSeries A. Refer to the example work sheets as you
follow the instructions.</p>
<p>You can enter your own information in the blank work sheets when you perform
these steps for your Kerberos realm.</p>
<div class="p">This graphic illustrates the system files and records that contain host
name information in the following example.<div class="note"><span class="notetitle">Note:</span> The IP address 10.1.1.1 represents
a public IP address. This address is for example purposes only.</div>
</div>
<br /><img src="rzakh515.gif" alt="Host resolution considerations" /><br /><p><strong>Details</strong></p>
<p><strong>DNS server</strong></p>
<ul><li>Contains data resource records that indicate that IP address <tt>10.1.1.1</tt> correlates
to host name <tt>iseriesa.myco.com</tt>, the IP address and host name for iSeries A.</li>
<li>May be used by the PC, iSeries A, or both for host resolution.<div class="note"><span class="notetitle">Note:</span> This
example demonstrates one DNS server. However, your network may use more than
one DNS server. For example, your PC may use one DNS server to resolve host
names and your iSeries server
may use a different DNS server. You need to determine how many DNS servers
your realm is using for host resolution and adapt this information to your
situation.</div>
</li>
</ul>
<p><strong>PC</strong></p>
<ul><li>Runs Windows<sup>®</sup> 2000 operating system.</li>
<li>Represents both the PC used to administer network authentication service
and the PC used by a user with no special authorities for his routine tasks.</li>
<li>Contains the <tt>hosts</tt> file which indicates that IP address <tt>10.1.1.1</tt> correlates
to host name<tt> iseriesa.myco.com</tt>.<div class="note"><span class="notetitle">Note:</span> You can find the hosts file
in these folders:<ul><li>Windows 2000
operating system: <span class="filepath">C:\WINNT\system32\drivers\etc\hosts</span></li>
<li>Windows XP
operating system: <span class="filepath">C:\WINDOWS\system32\drivers\etc\hosts</span></li>
</ul>
</div>
</li>
</ul>
<p><strong>iSeries A</strong></p>
<ul><li>Runs i5/OS™ Version
5 Release 3 (V5R3).</li>
<li>Contains a service application that you need to access using network authentication
service (Kerberos authentication).</li>
<li>Within the CFGTCP (Configure TCP) menu, options 10 and 12 indicate the
following information for iSeries A:<ul><li>Option 10 (Work with TCP/IP host table entries):<ul><li><span class="uicontrol">Internet Address</span>: <tt>10.1.1.1</tt></li>
<li><span class="uicontrol">Host Name</span>: <tt>iseriesa.myco.com</tt></li>
</ul>
</li>
<li>Option 12 (Change TCP/IP domain information):<ul><li><span class="uicontrol">Host name</span>: <tt>iseriesa</tt></li>
<li><span class="uicontrol">Domain name</span>: <tt>myco.com</tt></li>
<li><span class="uicontrol">Host name search priority</span>: <tt>*LOCAL</tt> or <tt>*REMOTE</tt><div class="note"><span class="notetitle">Note:</span> The <em>Host
name search priority</em> parameter indicates either *LOCAL or *REMOTE depending
on how your network administrator configured TCP/IP to perform host resolution
on the server.</div>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Example: PC host name resolution work sheet</caption><thead align="left"><tr><th colspan="3" valign="top" id="d0e185">On the PC, determine the
host name for iSeries A</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="18.06020066889632%" headers="d0e185 "><strong>Step</strong></td>
<td valign="top" width="40.802675585284284%" headers="d0e185 "><strong>Source</strong></td>
<td valign="top" width="41.1371237458194%" headers="d0e185 "><strong>Host name</strong></td>
</tr>
<tr><td valign="top" width="18.06020066889632%" headers="d0e185 ">1.a.1</td>
<td valign="top" width="40.802675585284284%" headers="d0e185 ">PC hosts file</td>
<td valign="top" width="41.1371237458194%" headers="d0e185 ">iseriesa.myco.com</td>
</tr>
<tr><td valign="top" width="18.06020066889632%" headers="d0e185 ">1.b.1</td>
<td valign="top" width="40.802675585284284%" headers="d0e185 ">DNS server</td>
<td valign="top" width="41.1371237458194%" headers="d0e185 ">iseriesa.myco.com</td>
</tr>
</tbody>
</table>
</div>
<p> </p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 2. Example: iSeries host name resolution work sheet</caption><thead align="left"><tr><th colspan="3" valign="top" id="d0e229">On iSeries A, determine the host name for iSeries A</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="17.78523489932886%" headers="d0e229 "><strong>Step</strong></td>
<td valign="top" width="40.939597315436245%" headers="d0e229 "><strong>Source</strong></td>
<td valign="top" width="41.2751677852349%" headers="d0e229 "><strong>Host name</strong></td>
</tr>
<tr><td valign="top" width="17.78523489932886%" headers="d0e229 ">2.a.2</td>
<td valign="top" width="40.939597315436245%" headers="d0e229 "><p>iSeries A<br />
CFGTCP option 12 </p>
</td>
<td valign="top" width="41.2751677852349%" headers="d0e229 "><p><span class="uicontrol">Host name</span>: <tt>iseriesa</tt><br />
<span class="uicontrol">Domain name</span>: <tt>myco.com</tt></p>
</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e229 "><div class="note"><span class="notetitle">Note:</span> <em>Host name search priority</em> value: <tt>*LOCAL</tt> or <tt>*REMOTE</tt></div>
</td>
</tr>
<tr><td valign="top" width="17.78523489932886%" headers="d0e229 ">2.b.2</td>
<td valign="top" width="40.939597315436245%" headers="d0e229 "><p>iSeries A<br />
CFGTCP option 10 </p>
</td>
<td valign="top" width="41.2751677852349%" headers="d0e229 ">iseriesa.myco.com</td>
</tr>
<tr><td valign="top" width="17.78523489932886%" headers="d0e229 ">2.c.1</td>
<td valign="top" width="40.939597315436245%" headers="d0e229 ">DNS server</td>
<td valign="top" width="41.2751677852349%" headers="d0e229 ">iseriesa.myco.com</td>
</tr>
</tbody>
</table>
</div>
<p> </p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 3. Example: Matching host names work sheet</caption><thead align="left"><tr><th colspan="2" valign="top" id="d0e303">These three host names must
match exactly</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e303 "><strong>Step</strong></td>
<td valign="top" headers="d0e303 "><strong>Host name</strong></td>
</tr>
<tr><td valign="top" headers="d0e303 ">Step 1</td>
<td valign="top" headers="d0e303 ">iseriesa.myco.com</td>
</tr>
<tr><td valign="top" headers="d0e303 ">Step 2.a.2</td>
<td valign="top" headers="d0e303 "><p>iseriesa<br />
myco.com</p>
</td>
</tr>
<tr><td valign="top" headers="d0e303 ">2d</td>
<td valign="top" headers="d0e303 ">iserisa.myco.com</td>
</tr>
</tbody>
</table>
</div>
<p> </p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 4. PC host name resolution work sheet</caption><thead align="left"><tr><th colspan="3" valign="top" id="d0e340">On the PC, determine the
host name for the iSeries server</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="18.06020066889632%" headers="d0e340 "><strong>Step</strong></td>
<td valign="top" width="40.802675585284284%" headers="d0e340 "><strong>Source</strong></td>
<td valign="top" width="41.1371237458194%" headers="d0e340 "><strong>Host name</strong></td>
</tr>
<tr><td valign="top" width="18.06020066889632%" headers="d0e340 ">1.a.1</td>
<td valign="top" width="40.802675585284284%" headers="d0e340 ">PC hosts file</td>
<td valign="top" width="41.1371237458194%" headers="d0e340 ">&nbsp;</td>
</tr>
<tr><td valign="top" width="18.06020066889632%" headers="d0e340 ">1.b.1</td>
<td valign="top" width="40.802675585284284%" headers="d0e340 ">DNS server</td>
<td valign="top" width="41.1371237458194%" headers="d0e340 ">&nbsp;</td>
</tr>
</tbody>
</table>
</div>
<p> </p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 5. iSeries host
name resolution work sheet</caption><thead align="left"><tr><th colspan="3" valign="top" id="d0e381">On your iSeries server,
determine the host name for the iSeries</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="17.78523489932886%" headers="d0e381 "><strong>Step</strong></td>
<td valign="top" width="40.939597315436245%" headers="d0e381 "><strong>Source</strong></td>
<td valign="top" width="41.2751677852349%" headers="d0e381 "><strong>Host name</strong></td>
</tr>
<tr><td valign="top" width="17.78523489932886%" headers="d0e381 ">2.a.2</td>
<td valign="top" width="40.939597315436245%" headers="d0e381 "><p>iSeries<br />
CFGTCP option 12 </p>
</td>
<td valign="top" width="41.2751677852349%" headers="d0e381 "><p><span class="uicontrol">Host name</span>: <br />
<span class="uicontrol">Domain name</span>: </p>
</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e381 ">Note <em>Host name search priority</em> value: <tt>*LOCAL</tt> or <tt>*REMOTE</tt></td>
</tr>
<tr><td valign="top" width="17.78523489932886%" headers="d0e381 ">2.b.2</td>
<td valign="top" width="40.939597315436245%" headers="d0e381 "><p>iSeries<br />
CFGTCP option 10 </p>
</td>
<td valign="top" width="41.2751677852349%" headers="d0e381 ">&nbsp;</td>
</tr>
<tr><td valign="top" width="17.78523489932886%" headers="d0e381 ">2.c.1</td>
<td valign="top" width="40.939597315436245%" headers="d0e381 ">DNS server</td>
<td valign="top" width="41.2751677852349%" headers="d0e381 ">&nbsp;</td>
</tr>
</tbody>
</table>
</div>
<p> </p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 6. Matching host names work sheet</caption><thead align="left"><tr><th colspan="2" valign="top" id="d0e447">These three host names must
match exactly</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e447 "><strong>Step</strong></td>
<td valign="top" headers="d0e447 "><strong>Host name</strong></td>
</tr>
<tr><td valign="top" headers="d0e447 ">Step 1</td>
<td valign="top" headers="d0e447 ">&nbsp;</td>
</tr>
<tr><td valign="top" headers="d0e447 ">Step 2.a.2</td>
<td valign="top" headers="d0e447 ">&nbsp;</td>
</tr>
<tr><td valign="top" headers="d0e447 ">2d</td>
<td valign="top" headers="d0e447 ">&nbsp;</td>
</tr>
</tbody>
</table>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhplan.htm" title="Before implementing network authentication service or a Kerberos solution on your network it is essential to complete the necessary planning tasks.">Plan network authentication service</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzakhpprin.htm" title="Plan for principal names in your Kerberos network.">Plan principal names</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzakhplanwrkshts.htm" title="To successfully configure network authentication service, you must understand the requirements and complete the necessary planning steps.">Network authentication service planning work sheets</a></div>
</div>
</div></div>
<div class="nested0" xml:lang="en-us" id="rzakhpdnsres"><a name="rzakhpdnsres"><!-- --></a><h1 class="topictitle1">Resolve your host names</h1>
<div><p>Verify that your PCs and your iSeries servers resolve the same host
name.</p>
<div class="p">Use the previous example work sheets as reference for resolving host
names. To verify that the PCs and iSeries systems are resolving the same
host name for iSeries A,
follow these steps:</div>
<ol><li class="stepexpand"><span>From the PC, determine the fully qualified TCP/IP host name for iSeries A.</span> <div class="note"><span class="notetitle">Note:</span> Depending on how you manage your network, you may want to do this
on other PCs that are joining the single signon environment.</div>
<ol type="a"><li class="substepexpand"><span>In Windows Explorer on the PC, open the <tt>hosts</tt> file
from one of these locations:</span> <ul><li>Windows 2000
operating system: <span class="filepath">C:\WINNT\system32\drivers\etc\hosts</span></li>
<li>Windows XP
operating system: <span class="filepath">C:\WINDOWS\system32\drivers\etc\hosts</span></li>
</ul>
<div class="note"><span class="notetitle">Note:</span> If the <tt>hosts</tt> file does not exist on the PC, then your
PC may be using a DNS server to resolve host names. In that case, skip to
Step 1b.</div>
<ol type="i"><li>On the work sheet, write down the first host name entry for iSeries A,
noting the uppercase or lowercase characters. For example, <tt>iseriesa.myco.com</tt>.<div class="note"><span class="notetitle">Note:</span> If
the hosts file does not contain an entry for iSeries A, then your PC may be using
a DNS server to resolve host names. In that case, see Step 1b.</div>
</li>
</ol>
</li>
<li class="substepexpand"><span>Use NSLOOKUP to query the DNS server.</span> <div class="note"><span class="notetitle">Note:</span> Skip
this step if you found a host name entry in the PC's <tt>hosts</tt> file,
and proceed to Step 2. (The <tt>hosts</tt> file takes precedence over DNS
servers when the operating system resolves host names for the PC.)</div>
<ol type="i"><li>At a command prompt, type <tt>NSLOOKUP</tt> and press Enter. At the NSLOOKUP
prompt, type <tt>10.1.1.1</tt> to query the DNS server for iSeries A.
Write down the host name returned by the DNS server, noting the uppercase
or lowercase characters. For example, <tt>iseriesa.myco.com</tt>.</li>
<li>At the NSLOOKUP prompt, type <tt>iseriesa.myco.com</tt>. This must be
the host name returned by the DNS server in the previous step. Verify that
the DNS server returns the IP address that you expect. For example, <tt>10.1.1.1</tt>. <div class="note"><span class="notetitle">Note:</span> If
NSLOOKUP does not return the expected results, your DNS configuration is incomplete.
For example, if NSLOOKUP returns an IP address that is different than the
address you entered in Step 1.b.1, you need to contact the DNS administrator
to resolve this problem before you can continue with the next steps.</div>
</li>
</ol>
</li>
</ol>
</li>
<li class="stepexpand"><span>From iSeries A,
determine its fully qualified TCP/IP host name.</span><ol type="a"><li class="substepexpand"><span>TCP/IP domain information</span> <ol type="i"><li>At the command prompt, type <tt>CFGTCP</tt> and select Option 12 (Change
TCP/IP domain).</li>
<li>Write down the values for the <em>Host name</em> parameter and the <em>Domain
name</em> parameter, noting the uppercase or lowercase characters. For example:<ul><li><span class="uicontrol">Host name</span>: <tt>iseriesa</tt></li>
<li><span class="uicontrol">Domain name</span>: <tt>myco.com</tt></li>
</ul>
</li>
<li>Write down the value for the <em>Host name search priority</em> parameter.<ul><li><tt>*LOCAL</tt> - The operating system searches the local host table (equivalent
of <tt>hosts</tt> file on the PC) first. If there is not a matching entry
in the host table and you have configured a DNS server, the operating system
then searches your DNS server.</li>
<li><tt>*REMOTE</tt> - The operating system searches the DNS server first.
If there is not a matching entry in the DNS server, the operating system then
searches the local host table.</li>
</ul>
</li>
</ol>
</li>
<li class="substepexpand"><span>TCP/IP host table</span> <ol type="i"><li>At the command prompt, type <tt>CFGTCP</tt> and select Option 10 (Work
with TCP/IP Host Table Entries).</li>
<li>Write down the value in the <em>Host Name</em> column that corresponds to iSeries A
(IP address 10.1.1.1), noting the uppercase or lowercase characters. For example, <tt>iseriesa.myco.com</tt>.<div class="note"><span class="notetitle">Note:</span> If
you do not find an entry for iSeries A in the host table, proceed to the next
step.</div>
</li>
</ol>
</li>
<li class="substepexpand"><span>DNS server</span> <ol type="i"><li>At a command prompt, type <tt>NSLOOKUP</tt> and press Enter. At the NSLOOKUP
prompt, type <tt>10.1.1.1</tt> to query the DNS server for iSeries A.
Write down the host name returned by the DNS server, noting the uppercase
or lowercase characters. For example, <tt>iseriesa.myco.com</tt>.</li>
<li>At the NSLOOKUP prompt, type <tt>iseriesa.myco.com</tt>. This must be
the host name returned by the DNS server in the previous step. Verify that
the DNS server returns the IP address that you expect. For example, <tt>10.1.1.1</tt>. <div class="note"><span class="notetitle">Note:</span> If
NSLOOKUP does not return the expected results, your DNS configuration is incomplete.
For example, if NSLOOKUP returns an IP address that is different than the
address you entered in Step 2.c.1, you need to contact the DNS administrator
to resolve this problem before you can continue with the next steps.</div>
</li>
</ol>
</li>
<li class="substepexpand"><span>Determine which host name value for iSeries A to keep, based on its TCP/IP
configuration.</span> <ul><li>If the value for the <em>Host name search priority</em> parameter is <tt>*LOCAL</tt>,
keep the entry noted from the local host table (Step 2.b.2).</li>
<li>If the value for the <em>Host name search priority</em> parameter is <tt>*REMOTE</tt>,
keep the entry noted from the DNS server (Step 2.c.1).</li>
<li>If only one of these sources contains an entry for iSeries A, keep that entry.</li>
</ul>
</li>
</ol>
</li>
<li class="stepexpand"><span>Compare the results from these steps:</span><ol type="a"><li class="substepexpand"><span>Step 1 - Name that the PC uses for iSeries A.</span> <div class="note"><span class="notetitle">Note:</span> If you found
an entry for iSeries A
in the PC's hosts file, use that entry. Otherwise, use the entry from the
DNS server.</div>
</li>
<li class="substepexpand"><span>Step 2.a.2 - Name that iSeries A calls itself within its TCP/IP
configuration.</span></li>
<li class="substepexpand"><span>Step 2d - Name that iSeries A calls itself based on host
name resolution.</span></li>
</ol>
All three of these entries must match exactly, including uppercase
and lowercase characters. If the results do not exactly match, you will receive
an error message indicating that a keytab entry cannot be found.</li>
</ol>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink