IBM i NetServer security: Guest versus nonguest

Typically you can access IBM® i NetServer by using a user profile. The guest profile will be used when the requested ID (as sent by Windows or Samba) is not found.

The guest user profile allows the file and print sharing by users who otherwise would not require a user profile.

When using IBM i NetServer, normal user profiles and passwords apply. By default, only users with valid user profiles and passwords can access resources on the system. Windows 2000, Windows XP, and Windows Server 2003 offer the option to select a different user ID. If the passwords do not match, you will see a password window. Windows can optionally be set to remember the password.

A user profile is disabled from using IBM i NetServer when the user has tried to access IBM i NetServer a number of times with an incorrect password. The system value name QMAXSIGN specifies how many unpermitted access attempts disable a user profile. The Windows operating system will try to access IBM i NetServer again when access is denied. So it might appear that the QMAXSIGN limit is reached before the number of times actually tried by the client. If the user profile does become disabled for IBM i NetServer, you can use several methods to re-enable the user profile.

If a user profile is not found that matches the user ID that is used to access IBM i NetServer, you can use an optionally configurable guest user profile. This guest, created by the IBM i administrator who has *SECADM special authority, should only have a password if guest print sharing is being used, and must not have any special authorities. The guest user profile allows file and print sharing by users who otherwise would not require a user profile.

Note: The guest user profile must have a password if it is to be used for accessing print shares because the network print server requires one.