× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2012

RE: Software for signons on iSeries and network

Very sorry - I have always (mostly) assumed that >Help>About on my Windows software applications would give me the correct information.
Having learned otherwise I can now tell you that I am running V6R1M0 of IBM System i Access - for it is no longer called iSeries Access.
And V6R1M0 is running fine with bypass signon.
It is when I install V7R1M0 of System i Access that the bypass signon does not work.
I too have the User ID Signon Information as 'Use System I Navigator default'

So my question is whether there is something more to be done in System I Access V7R1M0 as compared to V6R1M0 that needs to be done to successfully use 'Bypass Signon'?

Paul Therrien
Ext: 551


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Monday, February 27, 2012 9:23 AM
To: Midrange Systems Technical Discussion
Subject: RE: Software for signons on iSeries and network

Please bear with the grief on the first paragraph, the next paragraph may help you, There is no iSeries Access 5.9. And I am not just going Trevor on you and saying it's now System i Access for Windows (or whatever the nom du jour is). There simply is no 5.9, period, end of story. I don't give a shirt what you see in the Help, About in 5250 emulation. That tells me nothing that I want to take the time to cross reference to some version of System i Access for windows. You're asking for free advice. I have no problem with that, but please take the time to go into IBM i Access for Windows Properties from the drill down from start, programs and tell us the version, release, and service pack level from there.

When you go into Communications, Configure, Properties what do you have for "User id sign on information"? I have mine set up to "Use System i Navigator default". I have my connection in iNav set up to use Windows user id and password - no prompting. So, if you use a separate user id or password from Windows and i then you may get issues. If your password has mixed case you will have issues (unless you do some serious reconfiguration on your i). You may find it easier to use either all upper case or all lower case.


Rob Berendt
--
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Paul Therrien" <ptherrien@xxxxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>,

Date: 02/27/2012 09:44 AM
Subject: RE: Software for signons on iSeries and network
Sent by: midrange-l-bounces@xxxxxxxxxxxx



iSeries Access V7 and Bypass Signon function not working.

This is tangential to the thread, but related, I believe.

We are using iSeries Access version 5.9 to connect to V6R1 i5OS. Works
great, we bypass the Signon screen and get right into our 5250 sessions.
I updated my pc to iSeries Access V7 and find that when the 5250 session
starts up I am stopped at the signon screen and the emulator status bar
shows a message 'Invalid Password'. I can sign on, but the automatic
signon capability seems to have gone awry.
I removed iSeries Access V7 and reinstalled version 5.9 and bypass signon
is working fine again.
Anyone have any ideas on this?
I have checked the archives, but none of the threads seem to give any
insight into this.

Paul Therrien
Orion South, Inc.
504-374-9551
800-437-7173
ptherrien@xxxxxxxxxxxxxxx

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [
mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Vern Hamberg
Sent: Sunday, February 26, 2012 11:00 PM
To: Midrange Systems Technical Discussion
Subject: Re: Software for signons on iSeries and network

I don't know, Shannon - it's a set of record or entry types for LDAP -
it's primarily used on the i. I've heard that there are implementations of
EIM for Windows and Linux, with APIs. But I've had the worst time finding
out more about that.

EIM is basically a lookup table - it has what are called user registries
- those are lists of users for a certain environment, such as Windows or
the iSeries or an application that has users with privileges for certain
functions.

I think that if you could get some user ID from something, such as OpenID
(I don't know anything about it), then you can map from that to a user in
another setting, and the APIs help you find those associations, as they
are called.

If you know Pat Botz, he wrote a lot of EIM - if not the whole thing.
He'd have ideas of its use and maybe how it fits with other mechanisms.

Regards
Vern

On 2/26/2012 6:52 PM, Shannon ODonnell wrote:
That's good to know Vern!

Does EIM also work with OpenID that companies such as Google use?

http://code.google.com/googleapps/domain/sso/saml_reference_implementa
tion.html




-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Vern Hamberg
Sent: Sunday, February 26, 2012 1:18 PM
To: Midrange Systems Technical Discussion
Subject: Re: Software for signons on iSeries and network

EIM is absolutely no extra cost - it has been a part of the OS since
V5R2. It uses the LDAP server (IBM Directory) on the iSeries/i. Kerberos
support has been around since V4-something or other.

This is a fantastic solution for single-sign-on - there is no need for
synchronizing passwords, because they are never passed around the
enterprise. Authentication is completely kerberos-based - Windows
Authentication in a Windows domain IS Kerberos. And things like 5250 and
Apache and network file shares and ODBC, even jt400 - can recognize that
Kerberos was used. Then authorization only is based on profiles. Very
cool!!

EIM is fairly easy to set up. It's essentially a lookup table - it maps,
e.g., Windows users to iSeries user profile names. No passwords are
stored.

The Kerberos support can be tricky - there be minefields out there. But
I know of a company around here, where their network guy (not an i-er) got
it all working.

Frank - if you want, I'm happy to discuss it with you - I've been
working intimately with this stuff for the last several months. Call me at
888.rjs.soft - toll-free - ask for Vern. I won't try to sell you anything,
I promise!!

Vern

On 2/26/2012 12:54 PM, Shannon ODonnell wrote:
What's the price-range on iSeries to achieve EIM?

A recurring problem we have all seen with solutions like this is that
they are priced so high their use becomes prohibitive.



-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of DrFranken
Sent: Sunday, February 26, 2012 12:44 PM
To: Midrange Systems Technical Discussion
Subject: Re: Software for signons on iSeries and network

You need single sign-on along with Enterprise Identity Mapping. This
capability eliminates IBM i passwords completely (except for admins).
The very short course is that IBM i and your active directory are
connected allowing the kerberose ticket present in your Windows session to
be passed through IBM i to active directory for validation. The UserID
sent back to IBM i from active directory is then correlated with that in
EIM and that is the user ID used on IBM i. Thus you do not need the same
userID on Windows and IBM i, you have no password on i at all, and as a
result changing your windows password doesn't have any affect whatever on
your IBM i signon because that's the only password you have.

- Larry "DrFranken" Bolhuis

On 2/26/2012 1:36 PM, fbocch2595@xxxxxxx wrote:
Hi Folks, we’re looking for software that will authenticate iSeries
signons against our active directory, and keep them in sync with a users
network password. In other words allowing automatic signon via the
network password, AND keep them in sync. The net outcome would be so that
when a user changes their network password it would also change their 400
password.

Your thoughts on this?


Thanks, Frank

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.