This is a replicated copy of AS/400 and NetWare: Together the better since V3R7. It is provided for completeness and avoid "broken" link.
AS/400 Starter Kit
CL Style Guide
Cobol Style Guide
RPG Style Guide
NEWS & ANALYSIS
BOOKS & EDUCATION
AS/400 and NetWare: Better Together Since V3R7
More than 50 percent of AS/400 customers use Novell NetWare servers on a LAN for file serving, print serving, and application deployment, according to an informal IBM survey. Network administrators and users in these companies face the challenge of accessing databases and applications scattered among AS/400(s) and NetWare servers. Administrators must deal with two separate environments, coordinating AS/400 and NetWare user IDs and passwords and managing AS/400 and NetWare printer resources. Fortunately, OS/400 offers solutions for these network administration challenges in the OS/400 Enhanced Integration for Novell NetWare licensed program. Shops with AS/400s running V3R7 or V4 and with servers running NetWare 3.12, 4.1, or IntranetWare (NetWare 4.11) can use the Enhanced Integration product. Let's explore the product's features and how they make AS/400- NetWare coexistence easier.
Enhanced Integration Overview
Enhanced Integration for NetWare, introduced in September 1996, includes a client part - a licensed program (V3R7: 5716-SS1, Option 25; V4R1: 5769-SS1, feature 2246) that runs on the AS/400 - and a server part - a NetWare loadable module (NLM) that runs on a NetWare server. Enhanced Integration for NetWare can run on an AS/400 with or without an Integrated PC Server (IPCS). The product costs about $1,000 per NetWare server. The client and server parts use IPX for communications. The NLM is installed as other NLMs are through the NetWare console and requires about 2 MB of server memory (the amount of memory depends, to some extent, on the number of connections you use).
Once the NLM is loaded on the server, it advertises the Enhanced Integration function on the IPX network using the Service Advertising Protocol (a NetWare protocol that informs client PCs what services are available on a network). No configuration is required on the NetWare server, only on the AS/400, and all functions are started automatically with one command at the NetWare server console (load sys:as4nw/as4nw312.nlm for NetWare 3.12; load sys:as4nw/as4nw410.nlm for NetWare 4.1x).
Enhanced Integration for NetWare comprises the following functional components:
・i> QNETWARE file system - the "subtree" under the Integrated File System (IFS) root file system that provides access to all NetWare servers running the Enhanced Integration NLM.
・i> NetWare server authentication entry - the OS/400 user profile for NetWare user security and authentication.
・i> NetWare server administration commands - a set of commands that enable remote NetWare network administration on the AS/400.
・i> Print support - a function that lets you easily configure an AS/400 to use remote NetWare printers.
Let's examine these components and how they make it easier to integrate AS/400s and NetWare networks.
Resource Sharing via QNETWARE
AS/400 users access NetWare resources via the QNETWARE file system. QNETWARE is automatically mounted under the IFS when Enhanced Integration for NetWare is installed (Figure 1). The QNETWARE file system provides access to NetWare files, directories, and Novell Directory Service (NDS) objects.
You can use the MOUNT command on the AS/400 to mount a specific volume or directory from a NetWare server or NDS tree. (Mounting makes a remote system's resources available for a local system to use. For more information about the MOUNT command, see "NFS Enables AS/400-Unix File Serving," March 1997.) The following command shows how to mount NetWare directory SINN/TEST in volume LOTUS on server NWSSVR over AS/400 directory /temp1:
MOUNT TYPE(*NETWARE) +
You can also use the QNETWARE file system to store data in stream files (i.e., files, such as PC files, that store data in a continuous stream rather than in fixed-structure files such as AS/400 physical files) using the CPYTOSTMF (Copy to Stream File) command.
You can seamlessly view NetWare servers' data from the AS/400 and access NetWare and AS/400 data using QNETWARE and other IFS file systems, as in Figure 2a, which shows a Client Access view of QNETWARE, and Figure 2b, which shows an AS/400 "green-screen" view of QNETWARE. In the Figure 2a window's left pane are the QNETWARE objects, including NDS trees and NetWare 3.12 servers. The right pane shows objects (servers, directories, or files), that reside in the object selected in the left pane.
You can copy an AS/400 file to or from a NetWare server with an OS/400 copy command, such as COPY, CPYTOSTMF, or CPYFRMSTMF (Copy from Stream File). (For more information about CPYTOSTMF and the other OS/400 copy commands, see "Managing Integrated File System Data," November 1997.) You can also use File Transfer Protocol (FTP) to transfer files to and from the QNETWARE file system. In addition, you can use the CPY (Copy Object) command and shared folders to move data from one NetWare server to another.
Another way to access stream file data on NetWare servers is to write an AS/400 application using the IFS APIs. You can use standard C APIs such as open(), write(), and close() to open a file, write data to a file, or close a file on a NetWare server from the AS/400. Alternatively, you could write a CL program to copy a database file member to a stream file via the CPYTOSTMF command using the QNETWARE file system. After mapping a drive on a NetWare PC client, you could access the data via a spreadsheet application, such as Microsoft Excel. If you have an AS/400 Web server, you can write a Common Gateway Interface (CGI) program that gives Internet or intranet users realtime access to data in a NetWare network.
User authentication is a fundamental part of the Enhanced Integration for NetWare product, ensuring that only authorized AS/400 users can access NetWare services. Most NetWare file system, remote server administration, and printing functions require users to have an authenticated connection from the AS/400 to a NetWare server running the Enhanced Integration NLM. To establish an authenticated connection to a NetWare server from an AS/400, a NetWare user employs a unique authentication entry (i.e., user profile) that's been set up on the AS/400.
A user's authentication entry consists of a NetWare user name and password. To reduce administration overhead, network administrators should normally keep a user's NetWare user name and AS/400 user profile the same. However, you can opt to map a different NetWare user name to an AS/400 user profile.
Figure 3 shows the NetWare authentication entry for AS/400 user profile CARMEN. As you can see, this user has access to NDS trees COMP_TREE and TEST_TREE and NetWare servers NETW312A and NETW312B. To create an authentication entry for user profile SINN to access NDS tree TREE1, you'd enter the following:
ADDNTWAUTE SVRTYPE(*NDS) +
After this one-time setup, the user authentication information is stored in the AS/400 user profile. Although a user's NetWare password is normally stored with the AS/400 user profile and authentication entry, an AS/400 administrator can choose not to store passwords in the authentication entry by using the QRETSVRSEC (retain server security data) system value (the default value is 0; to stop password storage, change the QRETSVRSEC value to 1).
Once a user has an authentication entry, he or she is not required to log on explicitly to a tree or server. That is, the user logs on to NetWare only once, even though the AS/400 may verify the user via the authentication entry more than once, depending on what servers/shared resources the user asks to use. However, an administrator needs to create an authentication entry for each NDS tree or NetWare 3.1x server the user is authorized to use. When a user requests access to a file system or to AS/400-NetWare integrated printing, the AS/400 attempts to start a connection to the requested server using the information in the authentication entry. This greatly simplifies a user's connection to the network, particularly an AS/400 user who isn't familiar with NetWare.
If an authentication entry does not exist for the tree or server being requested, the AS/400 user must explicitly start a connection to that tree/server (i.e., sign on manually). The user also must start a connection if his or her authentication entry specifies *PROMPT, which forces the user to enter a valid password each time he or she requests a connection to a tree or server.
Enhanced Integration for NetWare lets you execute from the AS/400 basic NetWare server administration commands for remote NetWare servers. You can use the Enhanced Integration commands to query the status of a NetWare server, manage authenticated connections, and manage NetWare volumes from an AS/400. For example, you use the WRKNWSSTS (Work with Network Server Status) command to determine NetWare server status; Figure 4 shows the command prompt displayed after you enter WRKNWSSTS with *NETWARE at the AS/400 command line. The WRKNWSSTS command shows the status and location of all NetWare servers on the network and provides options to work with connections, storage, and volumes.
Another administration command is STRNTWCNN (Start NetWare Connection), which lets you enter authentication information (NetWare user ID and password) from the authentication entry or specify a preferred server for NetWare operations that may otherwise use a different server, as in Figure 5. If your NetWare network is organized by NDS tree, NetWare will pick a default server in the NDS tree to sign on to if no server is specified on the STRNTWCNN command. Another method for giving administrators more control over individual servers is to write a CL program that controls the starting and ending of NetWare operations on specified servers in the network. This could be a standalone program, or you could add it to your QSTRUP program.
You can also manage NetWare server volumes from the AS/400 using the WRKNTWVOL (Work with NetWare Volumes) command; Figure 6 shows the command prompt. Volumes are the basic storage units of a NetWare server. The WRKNTWVOL command improves remote server administration by letting an administrator display, create, change, or delete NetWare server volumes from the AS/400.
Another useful administration feature is the ability to enroll AS/400 users and groups (by AS/400 user profiles) on NetWare servers and synchronize user passwords between the AS/400 and NetWare servers. You use the CHGNWSUSRA (Change NWS User Attributes) command to specify a user or group profile that will be enrolled in the NetWare directory or on a NetWare 3.12 server. If you want to enroll a user in multiple trees and/or servers, you can use systemwide network server attributes to simplify enrollment. For example, the following command enrolls user profile SINN on the NDS trees and NetWare 3.12 servers defined in the network server attributes:
CHGNWSUSRA USRPRF(SINN) +
When an OS/400 group profile is enrolled in a NetWare network with the PRPGRPMBR (propagate group members) parameter set to *ALL, all user profiles in that group are enrolled on the network and put in the new group. The following command enrolls group profile FINANCE and all its group members on NetWare 3.12 server NWS312:
CHGNWSUSRA USRPRF(FINANCE) +
When a user is enrolled in the network, an AS/400 authentication entry is created, simplifying the administration of user profile objects. When users change their passwords on the AS/400, the password in the authentication entry and on the NetWare server are changed simultaneously. However, if you change a password from a NetWare server, the change is not synchronized to the AS/400 user profile.
You can monitor user and group enrollment and password synchronization across multiple trees and servers using the WRKNWSENR (Work with NWS User Enrollment) command (Figure 7). If password synchronization has been successful, the status is marked as current on the Work with NWS User Enrollment screen. In the event of a failure - for example, a server is down when password synchronization was attempted - an error message is displayed. In that case, the system will periodically retry to synchronize passwords, or the operator can attempt to synchronize passwords manually.
Network Print Sharing
The Enhanced Integration for NetWare AS/400-NetWare printing function lets you route AS/400 printed output to a printer queue controlled by a NetWare server. Once you've configured an AS/400 output queue with the remote printer queue matching the NetWare printer queue name, you select the target NetWare print queue and its NDS context or server. A remote printer writer is then started, which lets the AS/400 send printing for authenticated users to the NetWare print queue. On the NetWare server, no special configuration is required other than configuring the normal NetWare print queue. To remove the print job from the AS/400 output queue as soon as it's transferred to the NetWare print queue, you should specify the *NOWAIT parameter on the output queue. Without this parameter, the job remains in the AS/400 output queue until it has been printed on the NetWare server.
AS/400 users sending printing to a NetWare server must be properly authenticated. For each entry on the output queue, the AS/400 checks the user profile for a connection to the NetWare server and, if a connection doesn't exist, uses the user's authentication entry to start a connection. You can also manually start a connection to the NetWare server with the STRNTWCNN command, specifying the *ANY parameter to let print jobs use the connection.
The AS/400-NetWare print function uses OS/400's Host Print Transform to translate the print data stream from EBCDIC to ASCII. You can choose from a list of common target PC printers to specify on the output queue. The AS/400-NetWare print function can translate between a number of printer languages, such as Advanced Function Printing (AFP) to Printer Control Language (PCL).
Where to Learn More
The Enhanced Integration for NetWare product makes it much easier for the AS/400 and NetWare servers to share resources and simplifies administration of the two platforms. You can obtain additional information about Enhanced Integration for NetWare from the product home page atibm.com/netware. Also see Integrating AS/400 with Novell NetWare (V3R7: SC41-4124; V4R1: SC41-5124).
Richard Sinn is a freelance writer, a software engineer at IBM Rochester, and a part-time Internet computing instructor with the University of Minnesota. You can contact him at email@example.com.
You are at an AS400Network.com site.