IBM i NetServer

1. Start Operations Navigator. Expand the iSeries computer and click on File Systems.
2. Click on Manage IBM i NetServer Shares in the taskpad to open the IBM i NetServer window.
3. Select Properties and click the Next Start button.
4. Ensure the correct domain name is given. This is the domain to which IBM i NetServer provides logon services. This domain cannot already be serviced by another Logon Server, such as Microsoft Windows® NT Primary Domain Controller (PDC).
5. Change the Logon Server Role from None to Server. Click OK.
6. To provide proper Master Browsing support, ensure that the Host Announce Inverval value on the Advanced tab of Properties is set to 720 seconds (12 minutes).
7. If WINS is being used in the network, ensure that the proper WINS server IP addresses are entered on the WINS Configuration tab in AS/400 Properties.
8. Click OK to save the settings.
9. End and restart IBM i NetServer.
10. Check for conflict messages in the QSYSOPR message queue, especially the first time IBM i NetServer is started as a Logon Server. A conflict message indicates that another machine in the network is already providing certain logon services. The conflict message ID is CPIB687 with reason codes 2 to 4.

Home directories come in two flavors: those that are shared individually and those that are shared together as a set. To give individually shared home directories to users, for each user, create a file share using the user name. For example, the share name SANDY would correspond to user SANDY and the shared directory could be \pc_home\sandy.

However, the easiest way to get started with home directories is to share them as a whole set. Each user's home directory is specified in their iSeries user profile.

Use the DSPUSRPRF USER command to see a user's profile. Page down near the bottom to see the Home directory value. Use the following example steps to use /home for home directories:

1. By default, iSeries home directories are in /home. Ensure that this is the parent home directory for all users logging onto the iSeries domain.
2. Ensure that the individual user directories exist in the /home directory and have appropriate authorities. If not, create them with proper authorities. For example, create /home/sandy so that user SANDY has *RW access, but everyone else is *EXCLUDE (except administrators).
3. Share /home as HOME. Sharing the parent with the same name as the directory allows the Windows 95/98 clients to properly locate a user's home directory.

The NETLOGON share is created automatically when you start IBM i NetServer as a Logon Server for the first time. Normally this share is for the /QIBM/UserData/OS400/NetServer/NetLogon directory on the iSeries.

Inside this directory, you can place logon scripts, Windows system policy files, and default user profiles.

Logon scripts are MSDOS batch files (.BAT) that are get downloaded and run during logon. To create a default logon script:

1. Place the MSDOS commands in a text file.
2. Name the text file QZLSDEFT.BAT. You may also create script files to be run for certain users or users that are members of a primary group. See the System i and i5/OS Information Center for logon script details.
3. Copy the file into the NETLOGON share. Note: By default, the NETLOGON share is read-only, so you must temporarily change this before copying files into it.
4. Optional: End and restart IBM i NetServer.
   Note: This is only necessary if you are providing other logon scripts besides QZLSDEFT.BAT and users have already made connections. Alternaltively, a CHGUSRPRF USER command could be done if USER.BAT is being provided.

Note: Not all PC clients can interpret environment variables
(like %homeshare%) used in logon scripts. The environment variable may not be supported by the operating system (like Windows 9x), or the logon script may be run before the environment is fully initialized.

Policy files contain registry settings that restrict users from performing certain functions. They are created with the Microsoft Policy Editor (poledit.exe). The files are named CONFIG.POL and NTCONFIG.POL for Windows 9x and NT/2000/XP clients respectively.

Windows 98/Me

These clients to not require the installation of any additional software. Configure them for domain logon as follows:

1. Right-click on "Network Neighborhood" and select Properties.
2. Select the Client for Microsoft Networks component and click Properties.
3. Check the Log on to Windows NT domain box. In the Windows NT domain field, type the name of the IBM i NetServer domain.
4. Review the Network logon options to specify whether to restore network connections during logon or wait until you access them (Quick logon).
5. Click OK. Click OK again to save. You are asked to reboot the client.
   NOTE: By default, Windows 9x/Me clients attempt to upload/download the user's profile from the Logon Server (in the user's home directory). This allows for roaming user profile support. Refer to the Information Center documentation on how to disable this function.
6. After the reboot, you should be prompted for your logon information. Type in the user, password and (optionally) domain for IBM i NetServer and complete the logon.

Windows NT/2000/XP Professional

These clients must be workstations (not servers), and they require the installation of additional software. Note: Windows Server 2003 is not a workstation as is not supported as a logon client.

1. Install the IBM Networks Primary Logon Client (PLC) software. Click the link for more information about this software component and to download it directly to your PC.
2. Once installed, the PC brings up the PLC logon prompt. Type your iSeries user name and password. Type in the IBM i NetServer domain in the domain field.
3. Click the appropriate button to perform the logon operation. You may see warning messages popup. An example message is that your roaming profile could not be retrieved from the server. See notes below for additional considerations.

Important notes

• If the user has a profile on the PC, the passord for that user profile must match the password for the corresponding user profile on the iSeries machine. Guest users cannot log on.
• If the logon attempt reports that the logon server cannot be found or is unavailable, check to ensure that the logon client is on the same TCP/IP subnet (same network segment) as the logon server. This is the supported configuration. If they are not on the same subnet and WINS is being used, then try making the client a member of a workgroup that is DIFFERENT than the domain being serviced by the logon server. To change the workgroup from Windows NT, right click My Network Neighborhood, select Properties, and go to the Network Identification tab. From Windows 2000, select Control Panel-->System-->Network Identification tab ("Computer Name" tab in Windows XP).
• The system time between the server and logon client machines should be kept in sync. Substancially different time settings can cause inconsistent behavior when downloading user profiles.
• Take care when loging on as the same user from different workstations. Remote profiles are saved back to the server when a user logs off, so the last instance of a user to log off will have their profile overwrite the previous one.
• Windows NT clients have the capability of connecting a drive directly to the user's home directory during logon, by requesting that the Logon Server temporarily share the individual user's home directory. Windows NT looks for this support unless you choose to configure individual home directory shares. When a home directory is shared temporarily for access by the user logging on, a CPIB688 message is sent to the QSYSOPR message queue describing the occurrence.

• Primary Logon Client
• PLC registration & download
• Info MSGCPIB687
• IBM i Information Center

• Troubleshooting the browser