Solved

How can I have windows reconnect to a mapped AS400 drive at reboot?

Posted on 2007-11-30
26
927 Views
Last Modified: 2013-12-19
I have been reading through similar tickets and if the answer is there, I apologize, but I don't quite understand what they've been saying.

v5r3 iseries folder to map to:  \\OUR400\INTRANET
PCs all with XP SP2, on a workgroup called, amazingly, WORKGROUP

I can map this on a machine to "W:" and enter the user's AS400 id/pw under "Connect using a different username"  
The windows name/pw do not match the AS400 id/pws as the windows ids are not employee specific, but the as400 ids are.

In Firefox, I then want to give each user a bookmark for "w:\main.html" so they can reach our little intranet website.
This works fine until the system is rebooted.

After reboot, clicking the bookmark gives: "File not found."  Opening My Computer shows the drive is disconnected.  Doubleclicking brings up "incorrect user name and password" prompting again.  The prompt is PCNAME\AS400ID.  If the user's AS400 pw is re-entered the connection comes back up without issue.

I have no problem doing this but it would fly over the head of my users and I'm trying to make this invisible to them.

The users connect to the AS400 using iSeries Access for Windows.  They do not use Navigator, nor would they know what to do with it.

Is there a way to do this at all?  I don't want to buy new hardware or software, but if I can set something up as a script during windows login or something on the AS400 side, I'm willing to try it.    I feel like I can work within both systems well, but for this kind of networking communication, I feel like an absolute beginner..  

Thank you!
0
Comment
Question by:Elizabeth
  • 9
  • 6
  • 6
  • +1
26 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
ummm... do you know that you have an option on windows while you mapping a network share...
0
 

Author Comment

by:Elizabeth
Comment Utility
Yes sorry I forgot to mention that.  When I map a drive I always choose reconnect at login, otherwise I wouldn't bother mapping it.
That has been checked off and it does not reconnect at login. Hence my confusion about this whole setup.
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
ebbhitch:

If the Windows userids do _not_ match the AS/400 user profile names, then you might want to test the use of "guest" access.

Create a NetServer 'guest' profile and give *PUBLIC *RW rights to your /INTRANET directory. Create your HTML page in that directory and ensure that *PUBLIC has *RX rights to it as well.

When you then create the share out to the workgroup, any of your users can map to it without needing to login. Any other share should require actual authority so that 'guest' access is disallowed if someone learns ways to probe elsewhere. Also, any userids that _do_ match should be prompted for password (unless those also match, in which case there wouldn't be a prompt anyway).

Tom
0
 
LVL 2

Expert Comment

by:h11
Comment Utility
you could also create a batch file ant put  it in the all users startup group that would do the mapping for you and set the user name and password also. I will need to connect to my office to get you an example.  That I use all the time for this.
0
 
LVL 2

Expert Comment

by:h11
Comment Utility
Here is the example

cls
echo off
net use z: /delete

net use z: \\computername\share /user:computername\user password /y

save this as a bat file and copy it to "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"

now when ever the users log in it will run this bat file and map z: drive for you.
0
 

Author Comment

by:Elizabeth
Comment Utility
Thank you everyone!  I will give this a shot on Monday morning when I get into the office. I'll update this question with how it goes.  Thanks!
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
> net use z: \\computername\share /user:computername\user password /y
> save this as a bat file and copy it to "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"

i think it is not recommended to put NET USE command with credentials in ALL USERS' Startup folder. actually it would not work if you put %USERNAME% in the batch file as the user's password could not be passed through.
0
 
LVL 2

Expert Comment

by:h11
Comment Utility
I know this command works I use it all the time.  I also complile the bat file so the users can not see the password for this.  
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
so what's the variable to pass the password? %PASSWORD%? i am stuck. :-)

or users have to input their password as the bat starts?

or no password is needed because the users are domain users?
0
 
LVL 2

Expert Comment

by:h11
Comment Utility
By putting this in a batch program.  it will call it,  all you have is your user name and password
user name joe and password 12345 /y if it the password is more than 15 characters.


net use z: \\computer1\share /user:joe\user 12345 /y

0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
> net use z: \\computer1\share /user:joe\user 12345 /y

the question is: how can you put password 12345 in the batch that will be called by different domain users? as i mentioned, username can be passed to the BAT through %USERNAME%, how about the password?
0
 
LVL 2

Expert Comment

by:h11
Comment Utility
the password is called also in the example it is 12345

0
 

Author Comment

by:Elizabeth
Comment Utility
I was going to test this out, but I just realized...I'm not working with a domain, only a workgroup so it would be one bat file per PC that would involve manually updating everytime a user's AS400 password changes.  

I think I need to take a look at the 'guest' access setup on the AS400 side instead that tliotta suggested.  Keep discussing the domain alternative solution though if you want, I'm sure it will help others looking for this sort of thing.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 2

Expert Comment

by:h11
Comment Utility
Just create an account on server with the user you want and password you want.  Then give that user access to the share and create your bat. I do not think you will change the user if all they are accessing is a book mark file.  Once you do this on the computers your done.  You could also just run a bat file to copy it to all your computers for you. let me know. Also if you think it would be easier to do the guest access give it a try.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
> the password is called also in the example it is 12345

so the password cannot put in a variable, you have to put each user's password (e.g. 12345) in the batch. therefore you cannot make a batch file for all users, you have to write a batch for each user.

> so it would be one bat file per PC that would involve manually updating everytime a user's AS400 password

yes, if you use the above approach. that would be a pain if number of client PCs is more than 20.
0
 

Author Comment

by:Elizabeth
Comment Utility
on the AS400 server you mean?  We don't allow most of the regular users to have multiple sessions logged in so creating one account/password to share won't be a solution for us.  I think the guest access not requiring logins and just allowing viewing access would be what we need.
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
ebbhitch:

A NetServer 'guest' profile is similar to the use of a .bat file that connects with a shared profile. I.e., it is in fact an actual *USRPRF (user profile) object. It does, however, have significant differences in implementation. No .bat file nor NET USE command is needed for example. Also, it only needs a password if the system print server is used because the print server itself requires a password.

Plenty of info is available on the web. Starting with some IBM basics:

http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzahl/rzahltipguest.htm
and
http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzahl/rzahlsmbnoprint.htm

A very useful discussion:

http://www.systeminetwork.com/isnetforums/archive/index.php?t-42583.html

Lots more will be found by googling [netserver guest profile password] and similar search terms.

Tom
0
 

Author Comment

by:Elizabeth
Comment Utility
Thank you Tom. I took a quick scan through the discussion and it looks highly useful.  It said that XP should be able to get into a shared drive without a guest user setup, and yet that's not how my system is working so I'm taking a closer look at this.

When I look in Operations Navigator, there are two folder breakdowns to reference the same location..

Integrated File Systems Folder
   - root
         -intra  (sharing as INTRANET, has *Public RW access setup)
                    (Turning this on originally made the folder below appear)
   - QNTC
         -OURAS400
           -INTRANET (no extra permissions listed)

In OPS Permissions for -intra
If I check off all permissions boxes for the Public Group, the computer sees the share in My Network Places, has access to the folder, and can pull up the webpage.
If only Read/Write are checked off, I can see the \\OURAS400\INTRANET folder, but when I doubleclick it, I get 'access denied'
If Read/Write/Execute are checked off, I can see the share, get into the first folder, pull up the web page, but the images do not appear (they are in a subfolder).

I don't understand why the Execute value would be required, but this may allow our end users to bookmark this network share and access the website?

Am I overlooking something with this?  Should this be a third solution or would I still need to set up a guest user?  The guest user, as I understand, would be for mapping the drive, but if My Network Places always can see this folder, that would be the same thing, wouldn't it?

I greatly appreciate your patience with me on this. I feel like I almost have all the pieces together, there are just so many..  Thanks!
0
 

Author Comment

by:Elizabeth
Comment Utility
Apparently I spoke too soon.  I logged off the PC and logged back in and then could no longer see the Intranet folder without getting prompted for a User/PW.  I must have provided a user/pw a while back during other testing scenarios with this pc.   So I guess I will still need to setup a guest user. I'm back to looking at the articles provided.  Thanks.
0
 
LVL 27

Accepted Solution

by:
tliotta earned 500 total points
Comment Utility
ebbhitch:

In order to use NetServer 'guest' support, two elements are required from the beginning:

1. A 'guest' profile must exist and be enabled. It's probably good practice _not_ to give it a name such as GUEST or NETGUEST, etc., but it usually doesn't matter.

2. The NetServer TCP/IP server must be configured to _allow_ and/or _use_ 'guest' support. NetServer is the AS/400 server for its participation in Windows Network Neighborhood. It's what allows the AS/400 to be seen in the network by Windows Explorer.

To configure NetServer for this: Drill down in OpsNav through My Connections-> [as400servername]-> Network-> Servers-> TCP/IP.

In the list of TCP/IP servers, right-click the NetServer entry and select Properties. On the Advanced tab, click [Next start] if a 'guest' is not already shown. In the Advanced Next Start window, enter the profile you created. Click [Ok]. Click [Ok] in the Properties window.

Then, right-click the NetServer entry agian and select Stop. You might need to refresh that list a time or two to see that its status shows stopped. Then right-click and select 'Reset and Start' to bring the new settings into force.

That should get you to a good starting point.

Once NetServer is ready, you probably should start a PC fresh to ensure there are no cached connections. After normal Windows networking starts, see if a drive can be mapped by drilling through Windows Explorer into the server name that's exported by NetServer. (You might make a note of that when viewing NetServer properties above.)

Use a fresh-start PC and do the test with a Windows user that doesn't match any AS/400 user.

Results will guide further questions.

Tom
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
Just saw your reply after posting. Post back if further questions come up.

Tom
0
 

Author Comment

by:Elizabeth
Comment Utility
Thank you Tom! That's incredibly clear!  
I will give this a try tomorrow, but will restarting the NetServer have a negative effect on users who are connected already into the systems via the emulator?
It doesn't sound like it should, but it'd be a rude surprise if I didn't check first. :)
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
ebbhitch:

Restarting NetServer will have an effect... but it's never been great enough or never was long enough that I've ever seen anyone have trouble. NetServer isn't the actual file or print server. Practically speaking, it just talks to Windows Explorer. Someone might see the AS/400 server name disappear from "My Network Places" for a few seconds, for example.

Tom
0
 

Author Comment

by:Elizabeth
Comment Utility
Thank you for the help!  I got this setup and it's working just perfectly.

Guest user was setup (requires no privileges of any sort be given to the user) as 'webview'
I was able to assign this user as the guest and restart Netserver.

I rebooted one of the user's PCs.
There is a small lag when opening up the iSeries on the Network Neighborhood view, but it would show me the subfolders and I was able to map W: to the INTRANET folder.   I told it to reconnect at login as webview as well.
The bookmarked page popped up in Firefox.

I then rebooted the PC again, went straight to Firefox and was still able to pull up the webpage without any 'page not found' or 'unable to connect to network drives' error messages.

Thank you very much for all the details!  Getting this to finally work is a huge relief.
0
 

Author Closing Comment

by:Elizabeth
Comment Utility
Again just incredibly huge thanks for your patience and detailed explanations!
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
Glad to have helped. Added minor note... V5R3 is not the current version of i5/OS, but it's still supported. If you have IBM software maintenance, moving up to V5R4 is a good idea. That brings me to the question of your Windows network setup which you've indicated as a 'workgroup' rather than a 'domain'.

Note that your AS/400 can act as a logon server. There are a lot of Windows support capabilities that you _might_ want to explore. Certainly, they'll never be up to the complete Microsoft implementations unless you install a Windows server inside of your AS/400 (and even then it almost has to lag behind what a true PC server box might do.) But the future should include consideration of a tighter integration.

For example, you _might_ consider the potential for Single-SignOn to eliminate the need for passwords being maintained at all for your AS/400 users. (That means the "need" for it. You can still use passwords for any user profiles as you choose.)

Lots of stuff to explore around NetServer and other server capabilities.

Tom
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now