× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2013

IFS mapped drive issues

Gary,

Good link for reference. Does explain what happens when a user changes their password.
IPL'd over the weekend for PTF apply.
Same IFS mapped drive issue for same user.
I remote assistance in to watch and actually see the issue.
2 mapped drives to qdls working.
3'rd simply kept trying to connect, however, never actually errorred out.
Had the user delete the 2 QDLS, create one new one to QDLS
I'm wondering if there is a QDLS limit for mapped drives.


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Gary Thompson
Sent: Saturday, June 08, 2013 10:44 AM
To: Midrange Systems Technical Discussion
Subject: RE: IFS mapped drive issues

Paul,
This link to an IT Jungle article may help explain "caching the password", and it has a link to an IBM site.

http://www.itjungle.com/fhg/fhg111506-story03.html


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Steinmetz, Paul
Sent: Friday, June 07, 2013 6:33 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: IFS mapped drive issues

Had issue today again, user had to change their AS/400 password, mapped drives failed, user was disabled, fixed using go nets.
I think this all boils down to authentication issues.
It appears the IFS mapped drives may be caching the password, when password changes, the mapped drive is trying to authenticate with the old password, account is then disabled with netserver.
Sometimes, it is as simple as reenabling the usrprofile.
Other times, resolutions are varied.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Wednesday, June 05, 2013 11:57 AM
To: Midrange Systems Technical Discussion
Subject: RE: IFS mapped drive issues

Yes, third party packages make it harder to implement things like program only access in which the only way to access data is by programs which adopt authority. Thus handling the security of multiple databases. When we had the BBU's the people handling customer X's data could not see customer Y's data. We had plants dedicated to particular large customers.
Or, even of more concern, they buy from each other. You sure didn't want
01 being able to see the cost of an item produced by 02 and sold to 01 at the profit margin.
I feel your pain.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>,
Date: 06/05/2013 11:48 AM
Subject: RE: IFS mapped drive issues
Sent by: midrange-l-bounces@xxxxxxxxxxxx



I wish that was an option.
Each DB is for a different subsidiary, security, tax, audit other factors.
Also, they are all 3rd party packages, need to abide by those requirements.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [
mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Wednesday, June 05, 2013 11:43 AM
To: Midrange Systems Technical Discussion
Subject: RE: IFS mapped drive issues

If the databases are owned by different group profiles, and you're concerned about new objects each user may create getting the right group profile assigned, this can be an issue.
We ended up consolidating databases. The business was ripe for it.
Instead of Dilbert's BBU's (battling business units) they were all consolidated into one happy company.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>,
Date: 06/05/2013 10:35 AM
Subject: RE: IFS mapped drive issues
Sent by: midrange-l-bounces@xxxxxxxxxxxx



Multiple signons for multiple dbs.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [
mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Wednesday, June 05, 2013 10:33 AM
To: Midrange Systems Technical Discussion
Subject: RE: IFS mapped drive issues

Is this because one PC may be shared between several users?
Or, is this because one PC user may have mutiple IBM i signon's? For example SUSAN may have SUSAN01 for database 01 and SUSAN02 for database 02. We used to have this crud.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>,
Date: 06/05/2013 12:28 AM
Subject: RE: IFS mapped drive issues
Sent by: midrange-l-bounces@xxxxxxxxxxxx



One Windows user may have 3,4,5,6 iSeries accounts, they cannot match. We


run many different apps, each requiring separate accounts for login.
If we had only one iSeries app, I agree, they could then match.
I setup and tested Enterprise Identity Mapping (EIM) along with Kerberos,
again, if we only had one app, this could work.

I am going to revisit Net Use, see if I can it to work for IFS

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [
mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Tuesday, June 04, 2013 11:34 PM
To: Midrange Systems Technical Discussion
Subject: RE: IFS mapped drive issues

<snip>
None of our Windows accounts equal our iSeries accounts.
</snip>
I disagree with this philosophy. Both Windows, and IBM i, should have
their security taken seriously. Critical data is stored on both. Done
right, then it's no great risk to have them be the same. Done REALLY
right and it could actually be MORE secure to have them the same. Like
SSO with biometrics.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.