× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



New v5r1 security stuff. I dare you to find it easily. This should do it.
Same access needed as for LPAR maintenance. You might need to set other
capabilities (see below)

Security Requirements
There are several Dedicated Service Tools (DST) and OS/400 security
requirements that must be met before scheduled LPAR moves will work
successfully.
·       The primary partition must have the DST password level set to use
the new V5R1 password support. To change the DST password level start from
the DST green-screen main menu and take:
      ·  Option 5. Work with DST environment
      ·  Option 6. Service tools security data
      ·  Option 6. Password level
      ·  Press Enter to confirm
·       DST user profile password must be
      ·  changed AFTER the DST password level is set to apply the new
encryption level to the DST user profile
      ·  the uppercase equivalent of the same OS/400 user profile. For
example, OS/400 user/password='BOB'/'mypass' needs DST user='BOB'/'MYPASS'
·       DST user profile needs the following capabilities:
      ·  System Partitions - Operations
      ·  System Partitions - Administration
·       OS/400 user profile needs the following special authorities:
      ·  *ALLOBJ - All object authority
      ·  *SERVICE - Service
·       OS/400 user profile must exist on the central system and the
target/endpoint system (system where the resource move will occur)
·       By default, Management Central requires the user profile used to
sign on to the central system to have the same password on each endpoint
system. For more information, see the help for the "Require password on
endpoint systems" field on the Security tab in Management Central properties.
·       LPAR resource moves are scheduled and run with the OS/400 user
profile used to access the central system.
·       The service tools server must be enabled on the target system. Here
is a summary of how to start this network service.
      ·  Run the following CL command to enable the service tool server:
ADDSRVTBLE SERVICE('as-sts') PORT(3000) PROTOCOL('tcp') TEXT('Service Tools
Server') ALIAS('AS-STS')
      ·  After the command has run you need to stop and restart TCP/IP
(ENDTCP and STRTCP respectively) before the service tool server will become
active.
      ·  Once active, the service tool server starts when TCP/IP starts
until the service table entry is removed.
      ·  Note: This server was disabled when shipped for security reasons.
You should not enable this service on a machine which still has default DST
userIDs and passwords (QSECOFR, QSRV, 11111111, or 22222222). These DST
profiles are well known and can create a possible security vulnerability
since this network service uses DST security for authentication.


At 01:16 PM 6/29/02 -0400, you wrote:
>I was wondering if anybody has had any luck with viewing the Disk Units
>in Ops Nav with the Graphical View (Start Ops Nav, open Config and
>Service, click hardware, choose disk units, and then right click All
>Disk Units and select graphical).  I am at V5R1 latest Cumulative CD,
>and every time I try, I get a message "No Service Tool Network Interface
>found at IP address myas400name" where myas400name is my as/400 machine
>name.
>
>    When I just display them in a list, I can get all hardware to
>display (even disks) when I select that from Ops nav, I can see Tape
>drives or Optical drives, but I just cant see disk drives when I select
>them individually.
>
>    I have created user profiles in DST and just cant get this to work.
>I went into privileges on DST profiles, and made sure everything (3 or 4
>pages of options) was enabled for them.
>
>     Any have a similar problem?
>
>Pete Massiello



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.