Ref: 11640097
Title: Tips for Setting Admin Accounts on LAN Manager 2.0 Servers
Date: 12/13/90

Copyright 3Com Corporation, 1991.  All rights reserved.

In LAN Manager 2.0, a peer server has its own accounts database (NET.ACC)
and backup and member servers have their own NET.ACC until they actually
come up and receive the NET.ACC of the primary server.  The multiple NET.ACC
files, combined with LAN Manager 2.0's password expiration feature, require
special procedures during installation of peer servers and backup or member
servers in a domain.

For example, when you reach the password expiration date on your primary
server in your domain, you must change your password.  Afterwards, the
password is no longer valid for your peer server.  You have two choices to
solve the problem:  you can stop your workstation, set the domain= statement
to domain, start the workstation, change the password, stop the workstation,
change the domain= statement to your actual domain name, and start the
workstation again.  Or, you can define an admin privilege account for your
peer server that does not also exist on the primary server for the domain.

You can also have problems when you add a backup or member server to the
network after having changed the primary server's admin password to something
other than "password".  The first time you log onto the local server you are
setting up, you must be user "admin" with password "password".  However,
that logon is rejected because that account is no longer valid on the
primary.  Specifically, if you try to log on with a valid username and an
invalid password, no username or password is locked into the redirector,
unlike in LAN Manager 1.1, where the username and password are placed in the
redirector.  Hence, you cannot access your local server, be it a peer server
or a potential backup or member server.

The documentation for setting up a peer server or backup or member server
tells you to set your domain= statement first.  However, if you do this, you
will not be able to access your local NET.ACC file, because the primary server
does not recognize your admin password as valid.  Following are two
workarounds to this situation:

Workaround #1:  Do not set the domain= field until you have set up your
local NET.ACC database properly.

  *  For a peer server, set up your username and password with admin
privileges.  (Peer servers retain their own NET.ACC, which is valid only for
the peer server.)  Then, you can set the domain= statement to the domain
where you are defined as a station and boot up.

  *  For a backup or member server, put a group "Servers" and your
computername and password set as a user in the Servers group into your local
NET.ACC.  This will be passed to the primary server to identify you as a valid
server in the domain.  Enter your computername and password as a user account
on the primary server and as a member of the group servers.  Then set the
domain= statement equal to your domain in LANMAN.INI.

Workaround #2:  Set up admin accounts on non-primary servers (for example,
on a peer server, set up your own user account with admin privileges).  Then
delete the admin account on the primary server.  When the potential peer,
backup, or member server comes up, you will be able to log on as admin with
password "password", but you will get the message that you are logged on as
standalone, meaning the user account is not defined on the primary.  In this
case, the admin/password identification is locked into your redirector,
and you can access your local NET.ACC with admin privileges (although you
cannot access resources elsewhere on the network).

