NetView or NetView FTP? NetView FTP was sold off to Log-On Software, Inc.
https://www.ibm.com/mysupport/s/topic/0TO0z006v6NGAQ/netview-ftp?language=en_US
On Wed, 24 Apr 2024 16:19:17 -0500, Steve Beaver wrote:
>My understanding is that IBM sold off Netview.
>
>Who did they sell it to?
>
>
Zero experience.
However, as I was reading this I seem to remember that when IBM announced their
first 10-way mainframe that Amdahl released a statement that they would never
build a mainframe with more than 8 CPU's. Their reasoning was you had
diminishing returns once you went beyond 8
For:
;DEVICE VIPA00 VIRTUAL 0
;LINK VIPAL00VIRTUAL 0 VIPA00
I think all you need is:
INTERFACE VIPAL00
DEFINE VIRTUAL
IPADDR 10.64.14.106
That is basically all we have. I don't think VIPA's have port names. I
thought portnames were used to map to TRLE definition in VTAM.
For
Robert is on the right path.
It's been decades since I used Passport. But you need to have your 3270
session setup with extended attributes enable, then setup IND$FILE options in
Passport to use Structured Field or something like that. Then you can set the
block size to the largest Passports
Ensono offers z/OS hosting.
So does Sirius, which is now part of CDW.
On Thu, 15 Feb 2024 10:39:56 +, Gadi Ben-Avi wrote:
>Hi,
>I was asked to investigate z/OS hosting.
>Can any one point me to companies that provides this type of service?
>If you've move from on premis to a hosted
Is this APPN over IP? If so, could your system be routing the IP traffic
between the other two nodes.
On Tue, 9 Jan 2024 09:07:56 -0600, Tom Longfellow
wrote:
>This is going to be difficult to explain without pictures. Here is an
>outline.
>
>I am a network node NETA.NODE1
>I have CP-CP
Some situations may require manual intervention. That that could be done
through automation.
Some situations may involve noticeable outage outage to the user.
It all depends on how it is setup and how you want to move the task.
Say you have LPARA and LPARB and task "myserver" normally
the I/O cards for the zSystems
were single board computers using either x86 or PowerPC based CPU's and running
some form of either OS2 (early on) or Linux (later on).
On Thu, 19 Oct 2023 13:36:27 -0500, Jon Perryman wrote:
>On Thu, 19 Oct 2023 06:59:43 -0500, John S. Giltner, Jr.
>wrot
There is a Share presentation called "Getting the most out of your OSA (Opens
Systems Adapter)" that does a much better job of describing how the OSA works
than I can.
On Wed, 18 Oct 2023 22:58:15 -0500, Jon Perryman wrote:
>On Wed, 18 Oct 2023 17:18:33 +, Allan Staller
>wrote:
>
the first.
>
>Youi comment about OMPROUTE is noted.
>
>Thanks
>
>On Wed, Oct 18, 2023 at 1:05 AM John S. Giltner, Jr.
>wrote:
>
>> In addition to everything Jon has stated a few other questions may help
>> figure out what needs to be done, or not done.
>>
>
In addition to everything Jon has stated a few other questions may help figure
out what needs to be done, or not done.
Are both LPARS on the same CEC?
If both LPARS are on the same CEC, do they share OSA's?
Are the IP addresses you plan to use as VIPA's in the same subnet as the OSA's
IP
It does matter. Those parameters only work when FTP is calling System SSL
directly. When using AT-TLS/pagent FTP is not involved in the SSL process so
it can't trace
I wish I had the details and could be of more help (just learning
AT-TLS/pagent) , but in one of the pagent parameters that
I have used Mocha TN3270 also. I believe the lite version limits you to 5
minutes of connect time. Not bad if you only need to make a quick change.
The purchase price for the full version is inexpensive, IIRC under $30 USD, and
once purchased you can install on multiple Android devices.
If you have OpenSSL installed you can do:
echo DONE | openssl s_client -connect ipaddress:port | openssl x509 -inform
pem -noout -text | more
Which will show you the information for the server cert that is being presented
On Sun, 27 Aug 2023 10:11:43 +0200, Peter Sylvester
wrote:
>Hi,
>
the former because it uses a single channel. Though I much
>prefer a one-shot command in any case, and 'scp' does that (and runs via
>SSH like 'sftp').
>
>Does the Co:Z server speak both SSH (for SFTP) and traditional FTP?
>
>-- R; <><
>
>
>On 7/28/23 07:34, John
I use sftp with Co:Z SFTP installed on the z/OS side. It allows access to
z/OS files as well as OMVS files. Where as OpenSSH on z/OS only allows access
to OMVS files.
Under Windows you can use WSL, Putty, Cygwin, or any other CLI sftp product. I
use Cygwin most of the time.
On Wed, 26
In a z/OS environment OSA-ICC's can be used two ways.
One way is as a z/OS system console. I know you can require a login on a
console, but I'm not sure what you may be able to see or do if you are not
logged in. I don't think you can issue commands, you may just be able to see
messages roll
In addition to the TN3720 server dropping support for System SSL the ftp server
also dropped that support and requires you to use ATTLS. The ftp client still
supports System SSL, for now.
On Sat, 17 Jun 2023 01:48:30 -0500, Brian Westerman
wrote:
>First off you are missing OA61532, that's
I don't know this for a fact nor I have ever tried it but the TCPIP profile
parameter GLOBALTCPIPDATA can be used to point to a file where your TCP.DATA
parameters are.
I don't know what would happen if you coded that parameter in your existing
PROFILE and did an OBEY against it. Not sure if
Has your sshd task always been named SSHD3? In your TCP/IP profile member do
you have another task name defined as reserving port 22?
On Fri, 26 May 2023 18:09:12 -0700, Tom Brennan
wrote:
>Can you change the port from 22 to something over 1023 for a quick test?
>
>On 5/26/2023 6:01 PM, Tom
one is using an MFT product with encryption and hand-shakes, will
>> the alternating packets between routes not cause the "connection" and
>> data xfer(s) to fail?
>>
>> I'm asking because I know just enough about Network traffic to be
>> truly dangerous -- which means I
z/OS can do load balancing if you have mutiple equal cost routes defined, one
route for each OSA and I think they could be the same route, something like:
BeginRoutes
route default = OSA_INTERFACE1
route default = OSA_INTERFACE2
ENDRoutes
You could use either
I don't know where the debug messages are documented, if they are. I know some
of these are obvious, but:
tlsmech= ATTLS - AT-TLS is providing the SSL/TSL function
tlsreuse=N - SSL session reuse is not allowed
sFTP=R - not sure, maybe ftp command specified the "-r" command?
sCC=C -
Try checking for VTAM return code x10 fdbk2 x09
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Not 100% sure, but I believe that is the data being sent to the remote side
encrypted. If I'm right then depending when it is being sent, could be a
userid, password, command, or if on the data connection data from the file
being transferred.
I don't have a whole list, but v4.10ga10 supports at least TLS V1.2 with
cipher TLS_RSA_WITH_AES_128_CBC_SHA, which is x'002F'. That is what is chosen
when I connect to our system using wc3270.
--
John Giltner
--
For
Seems you have a HSM copy. What I do is recover/restore the HSM copy to a new
name and then just copy the member from recovered/restored data set to the real
data set.
--
John G.
--
For IBM-MAIN subscribe / signoff / archive
The one from TSO profile prefix
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Yes, it uses prefix.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Seems 2 parts failed and it happened last week.
https://www.wvpublic.org/government/2022-07-21/mainframe-failure-shuts-down-dmv-dhhr-computer-systems
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email
Looking at the CSSMTP documentation it seems to imply that if you have
NODENAME=REQUIRED that you need to have DEST and DESTID the same as what you
have coded for ExtWrtName" They give the examples of:
$ADD DESTID(),DEST=
To dynamically adding it and coding the following
>Not quite, but:
>date '+get EBC-GOV-%Y/%m/%d.txt'
>
> o Why bother with "echo" of a command substitution?
> o IIRC, the OP specified slashes. (?!)
>Ex : EBC-GOV-mmdd.txt' in this mmdd should be
>replace with
> year/month/date.
My fault, did not read the whole thing. I
Actually I think he needs:
echo `date '+get EBC-GOV-%Y%m%d.txt'`
To get the format of the date he needs.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the
Should work, that is a generic way of disabling OPTIONS for Apache in any
platform.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
You must make sure the new data sets have the same CI size. If you change the
CI size, you must IPL.
https://www.ibm.com/docs/en/zos/2.3.0?topic=sets-selecting-smf-data-set-control-interval
--
For IBM-MAIN subscribe / signoff
If you are using AT-TLS, then none if the TCPIP family members are directly
involved. We are not using AT-TLS yet, but I do believe it can use ICSF.
If you are not using AT-TLS for a TCPIP application then I assume it depends on
that specific application.
I know that the TN3270 server can
Not 100% sure, but you may try lowing ServerLimit. The default is to start 1
and max (ServerLimit) is default to 18.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with
Not sure why you would need to both 20 and 21's. The 20's are for connects and
21 are for termination/disconnects. If you find a connect without a disconnect
either they are still connected or there is something wrong.
--
For
If you have access to OpenSSL you can issue the command:
echo /dev/null | openssl s_client -showcerts -connect address:port -ssl3
If SSLv3 then the 1st line returned will end with "SSL alert number 70" or "SSL
alert number 40". If it is supported you will see the certs.
You can change
Can you identify what the names may map back to? Are they IP host names,
NetBIOS computer names?
I know DB2 tries to do a reverse look-up when a remote I IP host when they
connect to it. If so, could 2 of your LPAR's be using different DNS servers
than the 3rd? Or maybe the hosts
My initial look is that you need to modify and implement the exit EMSELGNX.
You may need to use EMSEADEX.
--
John G.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu
I have to try and remember the details, but I think it has something to do with
External Groups and one of the user exits.
--
John G.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to
o all who helped.
>
>Best Regards
>Paul
>
>-Original Message-
>From: IBM Mainframe Discussion List On Behalf Of
>John S. Giltner, Jr.
>Sent: 22 April 2021 20:53
>To: IBM-MAIN@LISTSERV.UA.EDU
>Subject: Re: IBM Encryption Facility for OpenPGP
>
>Caution!
.JCL.CNTL(BBXSINIT)'
>>
>>In ibmef.conf I hav
>>
>>CIPHER_NAME AES_256
>>S2K_CIPHER_NAME AES_256
>>
>>Best Regards
>>Paul
>>
>>-Original Message-
>>From: IBM Mainframe Discussion List On Behalf Of
>>John S. Giltner
ards
>Paul
>
>-Original Message-----
>From: IBM Mainframe Discussion List On Behalf Of
>John S. Giltner, Jr.
>Sent: 22 April 2021 14:07
>To: IBM-MAIN@LISTSERV.UA.EDU
>Subject: Re: IBM Encryption Facility for OpenPGP
>
>Caution! External email. Do not open attac
What command options did you use to encrypt on the z/OS side?
I still trying to figure out some of the PGP stuff, but it looks like it
encrypted the file with a passphrase, but it also signed something within the
encrypted file with the default session key for your user-id on the z/OS side.
Not sure if it really makes a difference, but I noticed that one of the SYSOUT
classes, A I think, had COMPRESS=YES and the class K had COMPRESS=NO.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email
I've always just did:
gskstrace gsktrace.trc > gsktrace.txt
But I do generally use the gsktrace to try and figure out issues with ssl
negotiation.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email
Well in the data you sent out on the client hello I only see two x'35', on is
at byte 3,which is part of the length field. The other is at 2C which really
starts at 2B which is cipher x'0035'
In your 1st post the trace showed part of a error message that I think you were
receiving which as
It's been awhile, but it looks like the Linux server is requesting your SSL
certificate as a client, but is not passing a list of CA's that it trusts.
When the server requests the client to send it's client cert, it supposed to
tell the client what CA's is trusts. Some clients will ignore the
That is what I opened the PMR for and IBM said that FTP does not pass
GSK_V3_CIPHER_SPECS_EXPANDED to System SSL. To get any of the 4 character
ciphers you must use AT-TLS.
--
For IBM-MAIN subscribe / signoff / archive access
Could be a different issue then. We were trying to connect to a site that only
supported:
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
Which requires the use of GSK_V3_CIPHER_SPECS_EXPANDED instead of
GSK_V3_CIPHER_SPECS.
I just went through this and had a PRM with IBM. FTP will use TLSv1.2 as you
have found buy using env variables, but you are limited to the cipher specs it
supports natively. It will not honor anything you try and code with env
variables. You will need to use AT-TLS.
Peter,
We are running NVAS 2.1, but it has been a LONG time since we implemented it
and I don't remember all of the details.
Here is link to the manuals if you don't have it already:
http://publib.boulder.ibm.com/tividd/td/NetViewAccessServices2.1.html
IIRC there are 2 exits provided by IBM.
Our also goes to syslogd to the file pointed to by:
daemon.debug /path/filename
In /etc/syslog.conf
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the
What happens if you do show sysout/ddnames and show sysout/ddnames all?
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
I've reached out to SSI and asked about this.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Not that mystifying. None of those tools try and do key authentication by
default. You need to configure them to use key by telling them which key file
to use.
Never tried I/O redirection for sending files using just "ssh", so I'm not
sure. I 99% sure it would work with Cygwin, never
Oh, just as a F.Y.I, WinSCP and Putty only support using Putty's PPK file
format. Filezilla supports both Putty's PPK format and OpenSSH PEM file format.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send
Ah. I have Cygwin installed on my Windows computer and I always use command
line. In each of those you need to point to the private key file on your
Windows host.
For WinSCP edit your connection and select advanced. Look for Authentication
under SSH and point to your private key.
For Putty
It is still distributed with full source code.
Typically is new JES2 releases that require modules to be re-assembles. I
can't really remember the last time we had to re-assemble or make any changes
because of z/OS upgrades.
I think somehow you might be able to do this in RACF, but we don't.
Your public key on the Windows host needs to be added to the file
"authorized_keys". Needs to be in your home directory on the z/OS system in
the .ssh sub-directory. So if your home is "/home/lbdyck" on z/OS this would
be
Unfortunately SSI is going out of business and is dropping all support Dec. 31,
2020 and is not guaranteeing that SuperWylbur will work with 2.4 or beyond.
--
John Giltner
--
For IBM-MAIN subscribe / signoff / archive access
IIRC the problem is somebody is attempting to ssh/sftp in using a user-id that
does not exist on your system, which means the password they entered is
invalid. Is your system accessible via the public Internet? Somebody may be
attempting to break into your system.
If you don't have auth
Dennis,
I would really like to help, but we are at z/OS 2.3 and don't plan on starting
our migration to the next z/OS until early next year. Even though SSI is not
supporting z/OS 2.4 and beyond, I'm hoping to keep SuperWylbur running for
awhile.
Please contact me directly with any finding
As others have pointed out "IDCAMS" is a NetView command that calls IDCAMS.
The original intent was to allow you to automate maintenance of the VSAM files
that NetView uses without bringing down NetView. However I sure that others,
like you and me, have found other purposes for it.
We also
66 matches
Mail list logo