![]() |
Frequently Asked Questions about using OS/400 Integration Products for NetWare. |
User enrollment - Questions Setup
User and group propagation
Group-specific propagation
Miscellaneous enrollment topics
Pentium Integrated PC Server - Questions
General topics - Answers
ADDIPXCCT CCTNAME(SNAPCCT02) LIND(NWSDNAME01) IPXNETNBR(12345678) FRAMETYPE(*SNAP) LOAD ROUTE NAME=QFP_TOK_1_TSP DEF GBR MBR RSP=AR TIME=20
To access the server from RCONSOLE before it shows up in the list, bring up RCONSOLE, press the INSERT key and type in the IPX internal network number. This can be found on the AS/400 by using the WRKIPXD CL command and using option 5 to display the IPX description created for your server (if you used the INSNTWSVR command to install your NetWare server, the IPX description is the same as your NetWare server name).
The resolution is to rename ICM_SPX.NLM on the server. This does not affect the NetWare for SAA: AS/400 edition IPX/SNA gateway. In the absence of ICM_SPX.NLM, CSLSTUB.NLM will load the functionality of all other modules is maintained. See Novell's Technical Information Document (TID) #2917279 for more details.
The Enhanced Integration for NetWare NLM runs on a NetWare 4.10, NetWare 4.11 or NetWare 3.12 server and provides NetWare services for AS/400 operators and users when OS/400 Enhanced Integration for Novell NetWare is installed. The NetWare 4.10 or NetWare 4.11 server can be an Integrated PC Server (FSIOP) or a PC-based server. The NetWare 3.12 server must be PC-based server. This NLM provides for simplification of user management tasks with user profile propagation, allows AS/400 users to access NetWare file systems, and supports printing to NetWare-managed printers. See the product description for more information on OS/400 Enhanced Integration for Novell NetWare. The name of the NetWare 4.1x Enhanced Integration for NetWare NLM is AS4NW410. (This NLM runs on either NetWare 4.10 or 4.11 servers.) The name of the NetWare 3.12 Enhanced Integration for NetWare NLM is AS4NW312. The latest NLMs can be downloaded from the download page.
The configuration status is displayed when you issue the command: WRKCFGSTS CFGTYPE(*NWS) The NWS status is displayed when you issue the command: WRKNWSSTS SVRTYPE(*NETWARE) A configuration status of Active indicates that the device drivers are loaded and operational. A NWS status of Active indicates that the OS/2 Administration Application has been loaded and is communicating with the monitor job for that server.
To submit a command to the NetWare server: SBMNWSCMD SVRTYPE(*NETWARE) CMDTYPE(*NETWARE) the submitter of the command must have operator rights for the server. To grant operator rights: SBMNWSCMD SVRTYPE(*NETWARE) CMDTYPE(*LCLNTW) from the AS/400 that holds the Integrated PC Server's NetWare NWSD configuration object.
to verify that the server reached the Active state.
> SBMNWSCMD CMD(TIME) SERVER(MYSERVER) SVRTYPE(*NETWARE) CMDTYPE(*OS2) Current time is: 11:52:54.85 Enter the new time: Command submitted to network server MYSERVER. > SBMNWSCMD CMD(VOLUMES) SERVER(MYSERVER) SVRTYPE(*NETWARE) CMDTYPE(*LCLNTW) MYSERVER:VOLUMES Mounted Volumes Name Spaces Flags SYS DOS Cp Sa Command submitted to network server MYSERVER.
If you are using NetWare 4.11, BTRIEVE.NLM version 6.10f is included and works fine. Back to the top.
> SBMNWSCMD CMD(TIME) SERVER(MYSERVER)SVRTYPE(*NETWARE) CMDTYPE(*OS2) > SBMNWSCMD CMD(VOLUMES) SERVER(MYSERVER) SVRTYPE(*NETWARE) CMDTYPE(*LCLNTW) MYSERVER:VOLUMES Mounted Volumes Name Spaces Flags SYS DOS Cp Sa Command submitted to network server MYSERVER The system volume (SYS:) either is not mounted or does not exist.(INSTALL-4.1-269) Command submitted to network server MYSERVER.
An alternative to this process which does not include re-installing NetWare and running the INSNTWSVR command again is:
If you do not currently have NetWare 4.10 installed on your Integrated PC Server, you can follow the documented install process except use the NetWare 4.11 CDROM instead of the NetWare 4.10 CDROM.
If the error during the workstation install is :
View the QFP.LOG file and error QFPWSP2 QFP_READERROR C:\QFPTMP\qfpntwcp.err, rc=4 should also be contained in the file. See informational APAR II09535 for V3R2 for the list of PTFs needed for NetWare 4.11.
Ensure you have the NetWare 4.11 CD or the IntranetWare CD in the CDROM drive, or you are specifying a path to a NetWare 4.11 CDROM image. You can verify the path name to the CDROM by using the WRKLNK command. For example, if the NetWare 4.11 CD is in the CDROM device on the AS/400, enter WRKLNK OBJ('/QOPT'), then use option 5 to display the volume name. If the volume name is NW411, then for the parameter NTWSRCDIR on the INSNTWSVR command, you would enter '/QOPT/NW411'.
|
Back to the
top.
Setup
to give the AS/400 QNETWARE user profile the same password as your NetWare QNETWARE user. If you use different passwords, you will have to use authentication entries which will be explained later. If you find that authentication entries are necessary, you can just leave the AS/400 QNETWARE user profile password as *NONE and the password in the authentication entry will be used instead.
ADDNTWAUTE SVRTYPE(*NDS) NDSTREE(tree_name) USRPRF(QNETWARE) NDSCTX(context) NTWUSER (QNETWARE) PASSWORD(password) or on a 3.12 server: ADDNTWAUTE SVRTYPE(*NETWARE3) SERVER (server_name) USRPRF(QNETWARE) NTWUSER(QNETWARE) PASSWORD(password) This is all that must be done to allow propagation to proceed. Note that for successful propagation, you must have both USRPRF and NTWUSER set to QNETWARE. That is, the user on both the AS/400 and on the NetWare server must be named QNETWARE. During enrollment, the AS/400 logs into the specified tree or server with the QNETWARE user, and first checks the information in the authentication entry. If there is no authentication entry, it then checks the password for the QNETWARE user profile itself. For this reason, the AS/400 QNETWARE user profile can have a password of *NONE if authentication entries are used. How can I determine if the users are being propagated properly; where are the error codes displayed? Use the WRKNWSENR command to display the Work with NWS User Enrollment screen. This lists the users that are enrolled in your various trees and servers. By default it lists each user, and you can display the groups that each user belongs to by pressing F10. This screen is very helpful when determining the various problems that arise, and any error codes are displayed here.
I'm trying to propagate users for the first time, and I get a 3401 error. Why? This is occurs when the AS/400 is unable to find the QNETWARE user on the server or tree. You should check that:
I'm trying to propagate users for the first time, and I get a 6004 error. Why? This is caused when the AS/400 has found a QNETWARE user, but cannot login to the server or tree with it. Check that: I'm trying to propagate users for the first time, and I get a 245 error. Why? This is caused when a valid connection is found, but enrollment is not completed. Make sure that the QNETWARE user on the NetWare server has authority to create users. This usually means in having a security equivalence of SUPERVISOR in 3.12 servers, or of ADMIN in NDS trees. I'm trying to propagate users for the first time, and I get a 6000 error. Why? This is probably due to either mistyping a NDS tree name, or somehow not being able to connect to the specified tree. Verify that the NDS tree name is specified correctly in the authentication entry. I'm trying to propagate users for the first time, and I get a 601 error. Why? Verify that the user context for the NDS tree is correct. I'm trying to propagate users for the first time, and I get a 613 error. This is usually caused by a problem with the Profile Object that is specified with the CHGNWSUSRA command. Verify that the name is spelled correctly, and that the object exists in NetWare. User and group propagation Why don't the user profiles on the AS/400 change when I make changes on the NetWare server? The AS/400 user enrollment is often referred to as synchronization, which can be misleading. Currently the user enrollment is designed for AS/400 administrators to do NetWare administration from their console. Because of this all calls are one-way only: from the AS/400 to the NetWare server. Any changes made on the NetWare server are not propagated to the AS/400.
Yes. If you create a user or a group with the NetWare SYSCON or NWADMIN commands, the AS/400 will not be aware of them. You can do anything you could normally do from NetWare with these users, but none of the enhanced function on the AS/400 will be available to them. If a user is created on the AS/400 with the same name as a user on the NetWare server, and is then enrolled on that server, a merge is done of the two users. The user will be a member of the groups that both servers specify, but if any conflicts arise (different passwords, text, etc.) the AS/400 data will automatically be used. If that user is then removed from the AS/400 enrollment, the user will still be there because it was created from the NetWare server, not the AS/400. Group-specific propagation I enrolled a group with several users, but the users were not created on the NetWare server. What could be wrong? You probably enrolled the group without specifying PRPGRPMBR(*ALL) -- that's Propagate Group Members -- on the CHGNWSUSRA command. The default is to not propagate any of the users when the group is enrolled. I enrolled a group and when I used WRKNWSENR, it gave a 6011 error. Why? 6011 means invalid password. This usually occurs when the CHGNWSUSRA command is issued for a group profile without specifying PRFTYPE(*GROUP). The default is *USER, and so when you propagate your group without changing the default, you tell the AS/400 that it is a user. How can I display users within groups on the WRKNWSENR display? Issue the WRKNWSENR command and specify PRFTYPE(*GROUP). Miscellaneous enrollment topics I just removed a server, and am now trying to delete all the users that were on the server, but they are now all at *DLTFAIL. How can I get rid of all these errors, because the server's not really even there any more? Probably the best solution to this is to stop enrollment from the server before you take it down. If this is not viable, your next option is to use WRKNWSENR and do an option '4' next to every user or group marked as *UPDFAIL. This will stop the AS/400 from propagating the user or group, but will not cause any changes on the server. I've been doing enrollment for awhile now, and all of a sudden I'm getting 245 errors everywhere. Why? This means that we have a valid connection, but can no longer do propagation. This usually means that something happened to the QNETWARE user on the NetWare server. The most likely cause is that the password expired, in which case you can just reset the password on the NetWare server. If for some reason the QNETWARE user has been deleted, just recreating the user will not quite be enough. After you create a new user and set it up as described above, you should use the WRKNTWCNN command to remove the current connection to the client, and then let the AS/400 automatically start a new connection to the new QNETWARE user. When I select option 16 on the WRKNWSENR display to look at error details, why are replacement symbols(&1, &2, etc.) displayed instead of the actual values? This is how it is supposed to work. To look at the error message with all the replacement text, you must look in the QNETWARE job log. QNETWARE, besides being the name of a user profile, is a batch job that runs in the QSYSWRK subsystem that sends the propagation requests to the server. To look at the job, type WRKJOB JOB(QNETWARE), select the specific job with option '1', then look at the job log with option '10'. At this point you should see >> CALL QFPNTWE/QFPANTWJ. Just press F10, and this will show you the detailed job log. Press F1 on a specific message and the error message from the WRKNWSENR screen will be displayed, but with the replacement text included. What is QRETSVRSEC and how can it be changed? If you run DSPSYSVAL SYSVAL(QRETSVRSEC), this will display the "Retain
server security data" system value, or QRETSVRSEC. This value determines
whether passwords are stored in the system or not. Concerning user enrollment,
it means that if it is set to 0, passwords will not be saved on the system,
and whenever a propagation change is made from the AS/400, it will not
go through until the user has logged in, or the password has been reset.
Setting the value (with CHGSYSVAL SYSVAL(QRETSVRSEC) ) will actively remove
all passwords on the system, so changing it from 1 to 0 and back to 1 will
result in all the passwords being removed and propagation ending until
users' passwords are re-entered.
Back to the top.
Basic functions will be provided by the monitor job when:
You can restart the monitor job which will cause it to attempt to recontact the NLM. This is useful if the NLM was loaded after the monitor job had already failed in its attempt to contact it or if a communication failure occurred that resulted in a loss of contact with the NLM. To restart the monitor job, issue the command WRKNWSSTS SVRTYPE(*NETWARE) and select option 14 (Restart server). This will cause the monitor job for the *NETWARE server to be restarted. If there is already a monitor job that is running, it will be ended by the new job.
The monitor job is submitted using the QGPL/QBATCH job description. This job description's default message logging level is LOG(4 00 *NONE) which will not produce a joblog. Change the QGPL/QBATCH job description using the command: CHGJOBD JOBD(QGPL/QBATCH) LOG(4 00 *SECLVL) This will cause the joblog for the monitor job to be retained after the job ends.
When there is an update to the Rconsole screen, NetWare notifies an OS/2 process running on the Integrated PC Server. This process will in turn report the information to the monitor job. Since it cannot be determined how much of the Rconsole screen has changed, the entire screen image is processed. Currently, a message is sent containing the server name only to separate each screen of Rconsole data. In a future release, this message will be sent with the server name and a row of asterisks (instead of blanks) to help further differentiate each Rconsole screen that is processed. Back to the top.
QNetWare file system - Answers
The QNetWare file system provides access to NetWare files, directories, and NetWare Directory Services (NDS) objects through the AS/400 integrated file system (IFS).
You can use the QNetWare file system to:
Of course! In addition to the Integrated File System commands and menus, OS/400 provides API programs that enable ILE C/400 programs to perform functions on files and directories in all file systems, including the QNetWare file system. The Integrated File System API support is useful for integrating the AS/400 database with Enhanced Integration for NetWare data. Be aware that there are some additional considerations to using the Integrated File System API programs to access the QNetWare file system compared to other file systems. To write ILE C/400 programs to use the QNetWare file system see the AS/400 System API Reference V3R7, SC41-4801-01, for a detailed description of each API program. See AS/400 ILE Concepts V3R7, SC41-4606-01, ILE C/400 V3R7.0 Programmer's Guide, SC09-2069-01, and ILE C/400 V3R7.0 Programmer's Reference, SC09-2070-01, for more information about ILE and ILE C/400.
For improved performance, this list of servers is updated periodically rather than dynamically. To force the entire list of servers to be updated, enter the command: CALL QFPNTWE/QFPZCTL PARM(*UPDSRVL)
Verify that the user either has a connection started to the NetWare server or has an authentication entry defined for the NetWare server or NDS tree.
For NetWare 3.12, verify the user exists in the NetWare Bindery for the server. For NetWare 4.1x, verify the user exists in the NDS tree and that the NDS context is correct. The user's context must be set either to the context the user exists in or to the job context, or the system context must be set to the correct context.
Try one of the following:
MKDIR DIR(dir-name) DTAAUT(*NONE) OBJAUT(*NONE)
For NetWare 3.12, verify that each user authorized to the file and the owner of the file exist in the NetWare Bindery for the server. For NetWare 4.1, verify that each user authorized to the file and the owner of the file exist in the NDS tree and that their NDS context is correct. The user's context must be set either to the context the user exists in or to the job context, or the system context must be set to the correct context. You can use the DSPAUT command to display the authorized users and owner of a file.
Users may want to check the NDS context if they experience problems such as authorizing other users to files or directories or moving a file using the MOV command. To display or change the current context: use the DSPNWSUSRA or CHGNWSUSRA commands use the DSPNDSCTX or CHGNDSCTX commands use the DSPNWSA or CHGNWSA commands Back to the top.
Connections - Answers
Authentication entries can get added a couple of ways. One is by using AS/400 user enrollment. This is explained in Chapter 20 - Managing User Enrollment in the Integrating AS/400 with Novell NetWare publication. Another way is to manually add NetWare authentication entries using the WRKNTWAUTE command and selecting option 1. Once you have authentication entries, the AS/400 will automatically authenticate to a NetWare 3.12 server or an NDS tree.
After the value has been changed, the authentication entries can be updated with the correct password using the WRKNTWAUTE CL command.
Usually this error is a result of not having an authentication for the server or tree that is specified in the FPE0215 error message. You must have an authentication entry so the AS/400 can automatically authenticate to a NetWare server. You can manually authenticate to a NetWare server or NDS tree by using the STRNTWCNN command, but that connection is only valid for that session until you sign off. Authentication entries can get added a couple of ways. One is by using
AS/400 user enrollment. This is explained in Chapter 20 - Managing User
Enrollment in the Integrating AS/400
with Novell NetWare publication. Another way is to manually add
NetWare authentication entries using the WRKNTWAUTE command and
using option 1. Once the authentication entries are created, the AS/400
will automatically authenticate to a NetWare 3.12 server or an NDS tree.
Back to the top.
Volumes - Answers
If you do not have the Enhanced Integration for NetWare NLM running on your Integrated PC Server, then you need to use the RCONSOLE utility LOAD INSTALL and select "Disk options" to create a NetWare disk partition. You could do this even if the Enhanced Integration for NetWare NLM is running on your server. Once the disk has a NetWare partition on it, you can then run the CRTNTWVOL or CHGNTWVOL CL commands and specify the storage space name or device number.
To grant operator rights:
The WRKNTWVOL and DSPNTWVOL commands display information about existing volumes. You must have operator rights to the server before you can create, change or delete volume(s). To grant operator rights: Back to the top.
NetWare tape support - Answers
The following tape drives have been tested extensively:
No, this is currently not supported. You can only allocate one AS/400 tape drive to use from the Integrated PC Server at a time.
These are "blank tape" or "BOT encountered" errors. They are caused by SBACKUP and ARCserve positioning the tape. They can be ignored. |
Use the following AS/400 command to prevent the tape device from unloading when the device is varied off:
This error message will occur if you are using a 1/2" cartridge tape drive (ie. 3590, 3570) with NetWare tape support for OS/400, and load the tape immediately before you ALLOCATE or DEALLOCATE the drive from the NetWare console (RCONSOLE). This error will cause the tape drive to hang and it won't be useable from AS/400 or NetWare. To recover the tape drive you must vary off the NetWare server where you attempted to ALLOCATE or DEALLOCATE the drive. To assure that this error does not occur, follow these steps when you are ready to ALLOCATE the tape drive: Back to the top.
SAV/RST - Answers
The buffers allocated on a NetWare server while saving or restoring data using AS.400 SAV or RST commands can be adjusted in one of two ways:
For example, on a NetWare 4.10 server, to use 4 buffers, each 512K in length, type:
The purpose of placing a local network server in a Restricted state is to limit access of the QNetWare file system during a save or restore operation. Only local connections will be granted while the network server is in this state. To place your network server in a Restricted state you must end the monitor job associated with the NWSD. This requires that Enhanced Integration for NetWare (option 25) is installed and the Enhanced Integration for NetWare NLM is running on the server. The monitor job must be in successful communication with the NLM in order to enter Restricted state. After ending the monitor job, display the network server status: WRKNWSSTS SVRTYPE(*NETWARE)to confirm that the server is in a Restricted state. You can also display messages in QSYSOPR and the monitor job log to determine if any problems occurred while placing the server in a Restricted state.
|
Back to the top.
Pentium Integrated PC Server - Answers
If you create a new server (NWSD) after the correct level of V3R7 or V3R2 is installed, you do not need to do anything special to enable the Pentium Integrated PC Server. If you have an existing server (NWSD) on your AS/400 system, you need to change the resource name associated with the server after you install the new Pentium Integrated PC Server. For *NETWARE type NWSDs, you will also need to update some configuration files. See Informational APAR II09535 for V3R2 or II09667 for V3R7 for these additional steps.
If you use the same NWSD that had been used for the 6616 Pentium Integrated PC Server, simply change the resource name to that of the 6506 Integrated PC Server. Otherwise, create a new NWSD specifying the resource name of the 6506 Integrated PC Server along with the other required and optional parameters.
You can dump the memory of OS/2 and the NetWare operating systems. This might be necessary if an SRC of 6506 6224 is reported by an Integrated PC Server. This error indicates that OS/2 running in the Integrated PC Server has detected a fatal fault. You would only create a dump if requested by IBM or Novell service. To link a dump disk to the server, you must vary off the network server description, then issue one of the following commands from a user profile with *ALLOBJ special authority: For an OS/2 dump, issue the following AS/400 command: CALL QSYS/QFPDMPSS PARM(nwsdname *LINK 'size')
CALL QSYS/QFPDMPSS PARM(nwsdname *LINKNW 'size')
After you have linked the storage space, vary on the NWSD and try to reproduce the failure. When a dump occurs, it is written to the storage space. See Memory Dump in
Integrating
AS/400 with Novell NetWare V3R7, SC41-4124-01 for more information.
Back to the top. |