StarQuest Technical Documents

Security Problem with Client Access for UNIX

Last Update: May 19, 1998
Product: Client Access for UNIX
Operating System: All
Article ID: SQV00CA008

Abstract

When initially trying to connect to an AS/400 host after installing Client Access for UNIX OS, you may receive an error 216: Security Problem. This can be caused by several problems. The host socket servers on the AS/400 are typically involved.

Solution

All products in the Client Access family that use TCP/IP communicate with the AS/400 through the host socket servers. As these are prestarted AS/400 jobs, they need to have an associated user. IBM has associated the user profile QUSER with these jobs. You will receive a Security Problem message if

• the QUSER account is disabled,
• QUSER has no available storage, or
• the QUSER account has an expired password.

If you have first started the host socket servers and you can ping them all (as described in the Client Access help file under Troubleshooting), then check the QUSER user profile on the AS/400.

To check the status of the QUSER profile:

1. On the AS/400 command line, type wrkusrprf QUSER
2. Enter 5 in the OPT column next to QUSER.
3. Make sure that the following attributes are set properly:
   
   • Status should be *ENABLED
   • Set password to expired should be *NO
   • Maximum Storage Allowed should be *NOMAX or greater than Storage Used
   • Storage Used

If you notice that there is a value for Date Password Expires, then the password has expired, and it needs to be set again. Also make sure to check the value Password expiration interval. The system value for password expiration may be a couple of months. You may want to change the value for the QUSER account from *SYSVAL to something different, such as *NOMAX, or set a reminder to change the QUSER account password before it expires.

This screen shows a sample output of the WRKUSRPRF output.

If there are no problems with the QUSER account, check the JOBLOG on the AS/400.