Enabling QNTC file system for Network Authentication Service
The QNTC file system enables System i™ platform access to Common Integrated File System (CIFS) servers that support the Kerberos V5 authentication protocol.
Rather than using a LAN manager type password to authenticate with each server, a properly configured System i platform will now be able to access supported CIFS servers with a single logon transaction.
To enable the Network Authentication Service (NAS) for use with QNTC, configure these items:
- Network Authentication Service (NAS)
- Enterprise Identity Mapping (EIM)
Once the above items have been configured, you can then enable a user to use NAS with the QNTC file system. The following steps are needed to allow a user to take advantage of the QNTC NAS support.
- The user's i5/OS® user profile must have the local password management parameter, LCLPWDMGT, set to *NO. By specifying *NO, the user will not have a password to the server and will not be able to sign on to a 5250 session. The only access to the server will be through NAS-enabled applications, such as iSeries™ Navigator or iSeries Access 5250 Display Emulator.
If the user specifies *YES, the password will be managed by the server and the user will be authenticated without NAS.
- You must have a Kerberos ticket and an iSeries Navigator connection.
- The Kerberos ticket for the System i platform you are using must be forwardable. To make a ticket forwardable, follow these steps:
- Access the Active Directory Users and Computers tool on the KDC for your NAS realm.
- Select users.
- Select the name that corresponds to the service principal name.
- Select Properties.
- Select the Account tab.
- Select Account is trusted for delegation.
Parent topic:
iSeries NetClient file system (QNTC)
Related information
Network authentication service
Enterprise Identity Mapping (EIM)