Completing the planning work sheets

 

Before configuring network authentication service, complete these planning work sheets.

All answers on the prerequisite work sheet should be Yes before you proceed with network authentication service setup.

Table 1. Prerequisite work sheet
Questions Answers
Is your i5/OS® V5R3, or later (5722-SS1)? Yes
Are the following licensed programs installed on System A:

  • i5/OS Host Servers (5722-SS1 Option 12)

  • Qshell Interpreter (5722-SS1 Option 30)

  • iSeries™ Access for Windows® (5722-XE1)

  • Network Authentication Enablement (5722-NAE) if you are using i5/OS V5R4, or later

  • Cryptographic Access Provider (5722-AC3) if you are running i5/OS V5R3
Yes
Have you installed Windows 2000 on your PCs? Yes
Is iSeries Access for Windows (5722-XE1) installed on the administrator's PC? Yes
Have you installed iSeries Navigator on the administrator's PC?

  • Is the Security subcomponent of iSeries Navigator installed on the administrator's PC?

  • Is the Network subcomponent of iSeries Navigator installed on the administrator's PC?

Yes
Yes
Yes

Have you installed the latest iSeries Access for Windows service pack? See iSeries Access for the latest service pack. Yes
Do you have *SECADM, *ALLOBJ, and *IOSYSCFG special authorities? Yes
Do you have one of the following installed on the secure system that will act as a Kerberos server? If so, which one?

  1. Windows 2000 Server

  2. Windows Server 2003

  3. AIX® Server

  4. i5/OS PASE (V5R3 or later)

  5. z/OS®
Yes, Windows 2000 Server
Are all your PCs in your network configured in a Windows 2000 domain?

A Windows 2000 domain is similar to a Kerberos realm. Microsoft® Active Directory uses Kerberos authentication as its default security mechanism.

Yes
Have you applied the latest program temporary fixes (PTFs)? Yes
Is the System i™ system time within five minutes of the Kerberos server's system time? If not, see Synchronizing system times. Yes

Table 2. Network authentication service planning work sheet
Questions Answers
What is the name of the Kerberos default realm to which your system will belong?

A Windows 2000 domain is similar to a Kerberos realm. Microsoft Active Directory uses Kerberos authentication as its default security mechanism.

MYCO.COM
Are you using Microsoft Active Directory? Yes
What is the Kerberos server for this Kerberos default realm? What is the port on which the Kerberos server listens?

KDC: kdc1.myco.com
Port: 88

This is the default port for the Kerberos server.

Do you want to configure a password server for this default realm? If yes, answer the following questions:

What is name of the password server for this Kerberos server?
What is the port on which the password server listens?

Yes

Password server:kdc1.myco.com
Port: 464

This is the default port for the password server.

For which services do you want to create keytab entries?

  • i5/OS Kerberos Authentication

  • LDAP

  • iSeries IBM® HTTP Server

  • iSeries NetServer™
i5/OS Kerberos Authentication
What is the password that you want to use for your i5/OS service principals?

All passwords used within this scenario are for example purposes only. They should not be used during an actual configuration.

systema123
Do you want to create a batch file to automate adding the service principals to Microsoft Active Directory? Yes
What are the i5/OS user profiles names for John Day and Sharon Jones?

JOHND
SHARONJ

 

Parent topic:

Scenario: Configuring network authentication service
Next topic: Configuring network authentication service on System A