Analyzing client interface problems
When analyzing problems with client interfaces, consider
the following:
- DCAS uses the TCP/IP protocol to communicate with its clients, the TN3270 middle-tier servers. Verify that the z/OS® Communications Server products VTAM® and TCP/IP have been started and are active. To verify network connectivity to a client, try pinging that client.
- The DCAS uses RACF® services
to obtain a user ID given a digital certificate.
- Verify the certificate has been defined properly to RACF. Use the following commands:
SETROPTS CLASSACT(DIGTCERT) SETROPTS RACLIST(DIGTCERT) REFRESH PERMIT IRR.DIGTCERT.function CLASS(FACILITY) ID(dcasid) ACCESS(CONTROL) RACDCERT ID(userid) ADD('certificate dataset name') TRUST
- Verify that the user ID associated with the DCAS has permission
to access certificates. Use the following RACF commands:
SETOPTS CLASSACT(DIGTCERT) SETROPTS RACLIST(DIGTCERT) REFRESH PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(dcasid) ACCESS(CONTROL)
- The DCAS uses RACF services
to obtain a PassTicket for an associated application ID. Verify that
the RACF PTKTDATA profile
for the application ID has been defined properly. The ID must match
the ID specified on the workstation client. For HOD V5, this is the
name specified in the Express® Logon Application ID pop-up window. It might not be the same name
specified on the USSMSG10. For applications such as TSO, specifying
the application ID can be difficult since the profile name has special RACF considerations. See the z/OS Security Server RACF Security Administrator's Guide.
Use these commands to verify the RACF PTKTDATA profile:
SETROPTS CLASSACT(PTKTDATA) RDEFINE profile PTKTDATA SSIGNON() SETROPTS RACLIST(PTKTDATA) REFRESH
- Verify the certificate has been defined properly to RACF. Use the following commands: