AS400 Single Sign On

I am trying to setup the AS400 to see my network shares and I know your account in the AS400 and Windows needs to be the same.  I can see the servers through my AS400 but not the shares on the server.  Also my windows account seems to get locked out when I try and access a server through the iSeries Navigator.  I am assuming this is due to the credentials not matching, which they are.  However I do not have the single sign on feature working for the AS400 and I am wondering if this is why I am not seeing the shares.

When I change the iSeries Navigator to use windows credentials I get an error CWBSY1040 Windows logon credentials are unavailable.  I am not sure what to do with this, and I can not seem to find an answer anywhere.  The AS400 is set to *VERIFY for the QRMTSIGN.  Any ideas?
diesel1218Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gary PattersonVP Technology / Senior Consultant Commented:
What OS version on both systems?
diesel1218Author Commented:
For the servers? I have windows shares on mainly Server 2008

I believe we are running iSeries 5.3 or 5.4

My PC is a windows 7 machine.
Gary PattersonVP Technology / Senior Consultant Commented:
When dealing with V5R2 and later IBM i releases, and relatively recent versions of Windows, including Windows 7 and Windows Server 2008, implementing Enterprise Identity Mapping (EIM) is the best alternative.  EIM is the IBM AS/400  / iSeries / i technology for enabling single-sign-on.  EIM allows you to associate a Windows ID with an IBM i ID, with no ID name restrictions, and no need to synchronize passwords.  With EIM, the IBM i "trusts" Windows authentication.

http://www.redbooks.ibm.com/abstracts/sg246975.html

Without EIM, you're just going to have issues.  You have to synchronize ID names and passwords.  You're going to have to deal with the occasional disabled user ID.  Traditionally, as Microsoft has changed share security and authentication schemes, shares suddenly stop working after upgrades, etc.  Do yourself a favor and implement EIM if you can.

If not, then you're going to need to understand the version-specific needs of each Windows system, and the limitations of each IBM i OS version.  IBM i NetServer is the IBM i feature that enables Windows file and print sharing (SMB/CIFS).  There is a long list of considerations and restrictions when using NetServer with Windows 7 and Windows 2008.  Here's the IBM Technote on Netserver and Win 7 / Win 2008:

http://www-01.ibm.com/support/docview.wss?uid=nas8N1018525

One last note:  V5R3 has been out of support for quite a while.  If this is your release, you may have a difficult time integrating such an old version of IBM i with newer versions of Windows.  Technote above only deals with V5R4 and later.

Another useful technote:

http://www-01.ibm.com/support/docview.wss?uid=nas8N1016520

Hope that helps.

- Gary

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IBM System i

From novice to tech pro — start learning today.