| Author |
Message
|
| gr3ymatt3r |
 Posted: Sat Aug 25, 2007 2:09 am Post subject: 2035 MQRC_NOT_AUTHORIZED from "different" domain |
 |
|
Novice
Joined: 25 Aug 2007
Posts: 11
|
Hi,
When logged In as user of a particular domain,
I can get and put msgs onto the queues.
BUT When I log in as user of different domain,
I can't, 2035 MQRC_NOT_AUTHORIZED reason code given
error log
QMgr > qmname > errors > AMQERR01.LOG content is
****************************************************************************
8/25/2007 11:44:16 - Process(6324.2) User(MUSR_MQADMIN) Program(amqzlaa0.exe)
AMQ8075: Authorization failed because the SID for entity 'administrato' cannot
be obtained.
EXPLANATION:
The Object Authority Manager was unable to obtain a SID for the specified
entity.
ACTION:
Ensure that the entity is valid, and that all necessary domain controllers are
available.
----- amqzfubn.c : 1991 -------------------------------------------------------
*******************************************************************************
Pls help.
Thanks.
regards,
ashay |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Sat Aug 25, 2007 5:16 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
I don't understand your problem.
One user is authorized.
The other user isn't.
So when you use one user, you are allowed to do things.
When you use the other user, you aren't.
Ask your MQ Administrator for assistance in determining which user you should be using, and what authorizations are required.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| gr3ymatt3r |
| Posted: Sat Aug 25, 2007 6:31 am Post subject: |
|
|
Novice
Joined: 25 Aug 2007
Posts: 11
|
Hi,
To be more specific,
All is happening over a LAN (for test purposes).
One domain has been configured over the LAN.
Hence, now there are two options to log in to a computer...
Username
Password
Log on to: [1st option under the domain] [2nd option onto THIS computer]
whenever i log as THIS computer/Username I am getting error 2035....
but no error if if log on as domain/username
Thanks for sparing time to reply.
regards,
ashay |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Sat Aug 25, 2007 8:09 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
So, what you're saying is.
One user, defined in the domain that WebSphere MQ has been configured to authenticate against, is authorized against WebSphere MQ.
Another user, defined on the local machine - but not given any privileges in the domain - is not authorized against WebSphere MQ.
And the user that is authorized can do stuff.
And the user that is not authorized... can't do stuff.
I still don't see the problem.
Regardless of whether it happens "over the LAN" or not.
You do understand what a 'SID' is, right? Or at least the basics of Windows security, including domain vs. local security?
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Aug 25, 2007 9:26 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
If you need access from the Machine have the Machine\user be added to the relevant group for which you set up security... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| gr3ymatt3r |
| Posted: Sat Aug 25, 2007 11:12 am Post subject: |
|
|
Novice
Joined: 25 Aug 2007
Posts: 11
|
| jefflowrey wrote: |
You do understand what a 'SID' is, right? Or at least the basics of Windows security, including domain vs. local security? |
Hi,
not exactly, could you pls throw more light on these.
thanks.
regards,
ashay |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Sat Aug 25, 2007 11:37 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
I'll put it simply.
Windows users are not uniquely identified by name. Domain/user1 is different than machine/user1 and different than machine2/user1 and Domain2/user1.
Everything else you should either go learn yourself, or ask your Windows administrator for assistance on.
This is not a place to get free training, especially on Windows security.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
|
|
