Discussion:
EIM and Active Directory
(too old to reply)
Glenn Robinson
2006-03-09 19:22:33 UTC
Permalink
Hello,

i5/OS V5R3

I installed EIM at a customer site today where they are using WIN2K3 and
AD.

When you run the NAS wizard from iNav it asks for the KDC name. In most
AD environments there isn't just one authentication server.

Is there a way in NAS to specify more than one KDC so that the iSeries
can access a 2nd KDC if the first one is down?

Thanks

Glenn
Steve Pitcher
2006-03-10 03:23:22 UTC
Permalink
Check out "Configure Secondary Kerberos server" in the V5R3 Information
Center. This may help you out.
Glenn Robinson
2006-03-10 12:53:21 UTC
Permalink
Post by Steve Pitcher
Check out "Configure Secondary Kerberos server" in the V5R3 Information
Center. This may help you out.
That's close but not sure it gives what we want.

A Windows client will authenticate to any one of the available
authentication servers in an AD topology, without having to tell it
specifically the server to use.

Looking at the info you've pointed to suggests that you have to tell the
client (iSeries) which kerberos server to use.

OK, I could set this up and then manually change the iSeries client if
the primary authentication server goes down, I was hoping for something
with a bit more intelligence, like when you specify multiple DNS server
addresses.

Maybe I'm misunderstanding this.


Glenn
Steve Pitcher
2006-03-10 14:08:18 UTC
Permalink
I think I have something more useful.

Check the infocenter for "Add a Kerberos server to a realm"

This allows you to add an additional KDC to the realm. When a
principal requests a ticket, it will check each KDC in order that you
specify.

Thanks,

Steve
Glenn Robinson
2006-03-10 17:41:37 UTC
Permalink
Post by Steve Pitcher
I think I have something more useful.
Check the infocenter for "Add a Kerberos server to a realm"
This allows you to add an additional KDC to the realm. When a
principal requests a ticket, it will check each KDC in order that you
specify.
Thanks,
Steve
Ah, that might just be it.

I'll have to have a play with that next time I'm at the customer site.

TVM

Glenn

Loading...