Chapter 16. NetWare Authentication Entries and Connections

Most administrative, printing, and file system functions require that you have an authenticated connection from AS/400 to a NetWare server running the Enhanced Integration for NetWare NLM. You can think of this as the AS/400 user logging into the server. 

To make this connection, you must have a NetWare user name and password. This connection is then used for administrative, printing, and file system requests. 

Although the NetWare user name and the AS/400 user profile should be the same in most cases, they can also differ. When they are not the same, you can simply identify the NetWare user name that you want to use to log in for a connection. AS/400 takes the user name and password and attempts to start a connection on behalf of that user. 

There are two ways to start a connection: 

  • Automatically by using NetWare authentication entries. 
  • Manually by using the STRNTWCNN command. 

Authentication Entries

You can create authentication entries to store the user name and password for each NDS tree and NetWare 3.12 server to which users require connections. When you enter a request to an NDS tree or a NetWare 3.12 server, AS/400 searches for an authentication entry for that NDS tree or NetWare 3.12 server. If one is found, AS/400 attempts to start a connection to NetWare. 

Authenticated Connections

Once AS/400 finds an authentication entry, or when you use the STRNTWCNN command, AS/400 attempts to start an authenticated connection to the server. The NetWare server receives the connection request and authenticates the user by verifying that the NetWare user name and password are valid. If they are valid, AS/400 starts the connection and forwards your administrative, printing, and file system requests to NetWare. 

If AS/400 finds an authentication entry but the password is not stored with it, you only need to specify the server to which you want to connect and the NetWare user password on the STRNTWCNN command. AS/400 uses the other information in the authentication entry, such as the NetWare user name, to issue the connection request to NetWare. 

Using the STRNTWCNN Command

You can use the STRNTWCNN command to manually start connections to NetWare. 

You should use this command whenever you need to specify: 

  • The AS/400 user profile authorized to use the connection 

  • The connection can only be used by jobs running under the specified AS/400 user profile name. 

  • The job authorized to use the connection 

  • The connection can be used either by the current job, or by any job running under the specified user profile name. 

  • The type of authentication to be performed. 

  • For example, NetWare backup services require a separate authentication in addition to a normal user login. 

See Chapter 17. "Managing NetWare Server Connections" for more information about the STRNTWCNN command and its parameters. 

Creating Authentication Entries

There are two ways to create authentication entries: 

  • Manually by using the ADDNTWAUTE command 
  • Automatically by using the CHGNWSUSRA command 
This chapter describes how to manually create authentication entries. Chapter 21. "Managing User Enrollment" describes how to automatically create authentication entries by using the CHGNWSUSRA command. When you create authentication entries automatically, the name of the AS/400 profile and NetWare object and the passwords must match on AS/400 and all the NetWare servers to which you want to connect. 

To create authentication entries, you will need to complete the following steps: 

  1. Change the QRETSVRSEC system value so your AS/400 system can save passwords in the authentication entries. 
  2. Use the ADDNTWAUTE command to create authentication entries. 
QRETSVRSEC System Value

The QRETSVRSEC system value indicates whether or not AS/400 can store passwords. The default value is 0, which means that passwords cannot be stored. You must change the QRETSVRSEC system value to 1 if you want AS/400 to save password information with the authentication entry and thus be able to start an authenticated connection to NetWare automatically. 

To change the QRETSVRSEC system value:

  1. Enter WRKSYSVAL SYSVAL(QRETSVRSEC)
  2. When the Change System Value display appears, use option 2 to change the system value.
+--------------------------------------------------------------------------------+
|                              Change System Value                               |
|                                                                                |
| System value . . . . . :   QRETSVRSEC                                          |
| Description  . . . . . :   Retain server security data                         |
|                                                                                |
|                                                                                |
| Type choice, press Enter.                                                      |
|                                                                                |
|   Retain server security                                                       |
|     data . . . . . . . .   1              0=Do not retain data                 |
|                                           1=Retain data                        |
+--------------------------------------------------------------------------------+


    Note:
    If the Retain Server Security (QRETSVRSEC) system value is set to 0, this prevents passwords from being saved even if entered in the NetWare authentication entries. However, all the other information such as the user name is stored in the authentication entries. 

    If passwords are not saved, you must start a NetWare connection manually by using the STRNTWCNN command each time you sign on and want to connect to a specific NetWare server. But if you have an authentication entry, you only need to specify the NetWare server and your password on the Start NetWare Connection display to start a connection. See "Starting a NetWare Connection" for more information. 

Using the ADDNTWAUTE Command

Use the ADDNTWAUTE command to create an authentication entry. 

Figure 16-1. ADDNTWAUTE Display
 
 

+--------------------------------------------------------------------------------+
|                       Add NetWare Aut Entry (ADDNTWAUTE)                       |
|                                                                                |
| Type choices, press Enter.                                                     |
|                                                                                |
| Server type  . . . . . . . . . . > *NDS          *NETWARE3, *NDS               |
| NDS tree . . . . . . . . . . . .   TREE1                                       |
| User profile . . . . . . . . . .   PUBS          Name, *CURRENT                |
| NDS context  . . . . . . . . . .   PUBS.ROCH.IBM                               |
|                                                                                |
|                                                                                |
|                                                                                |
| NetWare user . . . . . . . . . .   *USRPRF                                     |
|                                                                                |
|                                                                                |
| Password . . . . . . . . . . . .                                               |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                      Bottom    |
| F3=Exit   F4=Prompt   F5=Refresh   F12=Cancel   F13=How to use this display    |
| F24=More keys                                                                  |
|                                                                                |
+--------------------------------------------------------------------------------+


Note:
Although AS/400 users can have multiple NetWare user objects, they can have only one authentication entry for an AS/400 profile per NDS tree or NetWare 3.12 server. Therefore, create the authentication entry to access the NetWare user object that is used most often. 

Creating Authentication Entries--Examples

The following examples show how to create authentication entries to access an NDS tree or a NetWare 3.12 server. 

Access an NDS Tree

For NetWare 4.1, authentication entries must specify the password and the NDS context for each NDS tree to be accessed from AS/400. 

To create an authentication entry for user profile LEE to access NDS tree TREE1, enter: 

  ADDNTWAUTE SVRTYPE(*NDS) NDSTREE(TREE1) USRPRF(LEE)

  PASSWORD(password) NDSCTX(MAIN)


Access a NetWare 3.12 Server

To create an authentication entry for user profile LEE to access NetWare 3.12 server NTWSERV1, enter: 

  ADDNTWAUTE SVRTYPE(*NETWARE3) SERVER(NTWSERV1) USRPRF(LEE)

  PASSWORD(password)


Access NetWare Using a Different NetWare User Name

To access NetWare and use a different NetWare user profile than the one you are using on AS/400, use the NTWUSER parameter. For example, to create an authentication entry for user profile LEE to access NetWare 3.12 server NTWSERV1 as NetWare user ADMIN, enter: 

  ADDNTWAUTE SVRTYPE(*NETWARE3) SERVER(NTWSERV1) USRPRF(LEE)

  NTWUSER(ADMIN) PASSWORD(password)



Working with Authentication Entries

The Work with NetWare Authentication Entries (WRKNTWAUTE) command displays the authentication entries for an AS/400 profile. 

You can use this display shown in Figure 16-2, or you can use the following commands to add, change, delete, or display authentication entries for a specific AS/400 profile. 

  • ADDNTWAUTE 
  • CHGNTWAUTE 
  • DLTNTWAUTE 
  • DSPNTWAUTE 
Figure 16-2. Work with NetWare Aut Entries Display
 
 
+--------------------------------------------------------------------------------+
|                         Work with NetWare Aut Entries                          |
|                                                                                |
| User profile . . . . :   PUBS                                                  |
|                                                                                |
| Type options, press Enter.                                                     |
|   1=Add   2=Change   4=Remove   5=Display   6=Print   7=Start connection       |
|   8=Verify                                                                     |
|                                                                                |
|                                                              Server            |
| Opt     Server or NDS tree name                              type              |
|                                                                                |
|         CT_TREE                                              *NDS              |
|         IBM_TREE1                                            *NDS              |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                                |
|                                                                      Bottom    |
| Parameters or command                                                          |
| ===>                                                                           |
| F3=Exit   F4=Prompt   F5=Refresh   F9=Retrieve   F12=Cancel   F17=Position to  |
+--------------------------------------------------------------------------------+



Authentication Commands

Table 16-1. Authentication Commands
 
Enter this AS/400 command  to... 
ADDNTWAUTE  Add a NetWare authentication entry to an AS/400 profile that contains the NetWare user name and password used to connect to a NetWare 3.12 server or NDS tree. 
CHGNTWAUTE  Change a NetWare authentication entry for an AS/400 profile. 
CHGNWSA  Define the NDS context and a default set of NetWare servers and NDS trees to which AS/400 can make authenticated connections if *NWSA is specified on the CHGNWSUSRA command. 
CHGNWSUSRA  Specify a default set of NetWare servers and NDS trees to which AS/400 can make authenticated connections. 
DLTNTWAUTE  Delete a NetWare authentication entry from an AS/400 profile. 
DSPNTWAUTE  Display a NetWare authentication entry for an AS/400 profile. 
WRKNTWAUTE  Create, change, display, or remove a NetWare authentication entry, or start an authenticated connection. 


[ Top of Page | Previous Page | Next Page | Table of Contents | Index