× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2014

Re: [Bulk] RE: [Bulk] Netserver profile being disable after IPL and/or password change - CPIB682

It is used here. We are at v5r4m0. It works well.

John McKee


On Fri, Jul 11, 2014 at 3:05 PM, Steinmetz, Paul <PSteinmetz@xxxxxxxxxx>
wrote:

Mark,

MPLUS is currently monitoring for the CPIB682.
I was reviewing the possibility of adding an action to the event monitor.
I found IBM doc N1010992 - CL Program and Command to Re-Enable NetServer
Users
This doc will points to RSTNETUSRF savf, which contains the source.

Has anyone used the RSTNETUSRF command?

Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Mark S Waterbury
Sent: Friday, July 11, 2014 3:08 PM
To: Midrange Systems Technical Discussion
Subject: Re: [Bulk] RE: [Bulk] Netserver profile being disable after IPL
and/or password change - CPIB682

Paul:

I was thinking that Windows itself may have tried the password at least
once, automatically, without user intervention, depending on how the user
defined the "mapped drive" -- you can tell Windows to remember the password
and attempt to reconnect automatically whenever Windows is re-started
(boots up). So, that may have "used up" at least one attempt, before
prompting the user. Then, if the user "got it wrong"
whenever Windows subseuqently prompted the user for that password, they
may have "used up" the remaining tries.

In any case, I think that article points the way to a "solution" -- if you
can set up that program to run periodically, e.g. as a scheduled job, at
least once a day, perhaps more frequently, it seems tome that you should be
able to prevent this sort of thing.

Mark

> On 7/11/2014 2:53 PM, Steinmetz, Paul wrote:
Mark,

1) For second level text, do you mean this?
Cause . . . . . : User profile TPASKEIP exceeded the maximum number of
incorrect sign-on attempts when connecting to IBM i Support for
Windows
Network Neighborhood (IBM i NetServer). This user profile has been
disabled
for IBM i NetServer access. The latest failure was received from
workstation ::ffff:10.5.47.54 at IP address ::ffff:10.5.47.54.

2) Also, based on the message, the user exceeded the maximum number of
attempts.
However, they only keyed their password once.
Does Netserver use sysval QMAXSIGN *SEC Maximum sign-on attempts
allowed?
We are set to 3.

Paul




-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Mark S Waterbury
Sent: Friday, July 11, 2014 11:37 AM
To: Midrange Systems Technical Discussion
Subject: Re: [Bulk] Netserver profile being disable after IPL and/or
password change - CPIB682

Paul:

Look at the second-level text for that message CPIB682 for an
explanation as to how or why those NetServer user IDs are getting disabled.

See:
http://iprodeveloper.com/rpg-programming/apis-example-list-and-enable-
disabled-netserver-users

for a nice article and tool by Carsten Flensburg that addresses
this issue.

HTH,

Mark S. Waterbury

> On 7/11/2014 10:18 AM, Steinmetz, Paul wrote:
I have a group of users that use mapped drives to the IFS.
Following an IPL, System save, restricted state and/or if user changes
their password, their Netserver profile becomes disabled with a CPI8682.
Once the profile is re-enabled, every is fine, until next maint and/or
password change.

Is this normal behavior, or can anything be done to avoid these
nuisances?

Message ID . . . . . . : CPIB682
Date sent . . . . . . : 07/11/14 Time sent . . . . . . :
08:13:54

Message . . . . : User profile TPASKEIP disabled for IBM i Support for
Windows Network Neighborhood access.

Thank You
_____
Paul Steinmetz
IBM i Systems Administrator

Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071

610-826-9117 work
610-826-9188 fax
610-349-0913 cell
610-377-6012 home

psteinmetz@xxxxxxxxxx
http://www.pencor.com/

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.