Q

A security problem with NetServer

I have researched 'NetServer'. I feel I have a security problem with NetServer. I cannot see my system QS105DRLM in the MicroSoft Windows Neighborhood. I can ping the machine. Ops Nav shows the NETSERVER started. I have reset Qserver Subsystem, Reset My Signon ID's and the Quest ID, restarted both Qserver & NetServer. I am Running 4.5 with security level 40 in place. I checked and have ordered and installed all PTF I can find related to NETSERVER. I have repeated the setup with a 170 using op system 4.4 security 30 and a 170 op system 4.3 security 30. Both of these systems will show the machine in my network neighborhood and will let me see the resources thru OPS NAV. When I use NBTSTAT -a QS105DRLM (MY NETSERVER NAME entered in LMHOST file) I get an indication the machine is there, but the status is 00> whereas 4.4 170 has a status of 20>. Can you get for me the files and library's security settings for level 40 to allow NETSERVER to broadcast its name to the Network Neighborhood and the setting to allow me to see the computer? I also cannot see my QS105DRLM from my domain controller(WINS Server) nor any other PC in my Domain. If you can't help, where can I go next to try to resolve this problem? I cannot do a LVLCHECK, See the AS/400 to load Client Access EXPRESS, or setup our PCs to use the AS/400 printing services now available thru NETSERVER. I need all of this to be able to use Windows 2000 on our PC network.

You have obviously done some homework, so here goes. You could have one of two (actually three) possible problems. One possible problem is using policies on the Windows Network. This could have been set up by a previous administrator, programmer or configuration user. If you have a directory in the root called /Policies, then you should search for policies in the AS/400 System Security manual located in the AS/400 library. It will contain details of how the policies and policy files are used by Windows-based machines.

The second possible problem is that normally a user profile must be set up as a guest for the Network Neighborhood to operate on a security level above 30. The book doesn't say that it is dependant on the level, but I moved one of my systems from 30 to 40 and had to create the guest profile for me to see my AS/400. Details for the setup required for CA/400 on Win95/NT (Also applies to CA/Express) are found here.

The unnamed third problem is Microsoft and Windows 2000. There isn't a solution to this problem, but the workarounds above should do it. Windows 2000 is not compliant with LDAP standards. If a call is made from a non-Microsoft system (contained in the call) to initiate LDAP services, Windows 2000 does not supply all of the required objects to establish the connection. This has been documented and posted at a number of sites. Although most say Microsoft denies that this is the case, one site actually posted the data streams showing the denial of access to certain objects.

This was first published in April 2001

Dig deeper on Past Releases

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchEnterpriseLinux

SearchDataCenter

Close