ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » setmqaut entries from saveqmgr

Post new topic  Reply to topic
 setmqaut entries from saveqmgr « View previous topic :: View next topic » 
Author Message
meaton78
PostPosted: Wed Jul 01, 2009 5:04 am    Post subject: setmqaut entries from saveqmgr Reply with quote

Centurion

Joined: 16 Oct 2008
Posts: 100
We recently converted one of our qmgr servers to VM. We took a bit for bit copy from the physical server and basically just had to change connames. We got a couple of reports that testers could not connect to the qmgr to test, so I hopped on and ran saveqmgr to check out the security settings on a couple of the queues. I'm posting a sample of the output, but most of the saveqmgr looks like the following. Has anyone ever seen anything like this? I'm not really sure what to do. Thanks

setmqaut -m QM1 -n SYSTEM.DEF.SENDER -t channel (unknown entity type(3) for entity S-1-5-21-466432105-3184551545-2843382850-1007@$ä ) +crt
setmqaut -m QM1 -n SYSTEM.DEF.SENDER -t channel (unknown entity type(3) for entity S-1-5-21-1569003132-2406443773-3145404513-91258@$ä ) +none
Back to top
View user's profile Send private message
JosephGramig
PostPosted: Wed Jul 01, 2009 5:14 am    Post subject: Reply with quote

Grand Master

Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
yep, security was granted to a user that is not part of the system any more. Those channels shouldn't have anybody granted anything.
Back to top
View user's profile Send private message AIM Address
meaton78
PostPosted: Wed Jul 01, 2009 5:18 am    Post subject: Reply with quote

Centurion

Joined: 16 Oct 2008
Posts: 100
Is there an easy way to clean that up? It's a total mess and makes reading the settings a nightmare.
Back to top
View user's profile Send private message
JosephGramig
PostPosted: Wed Jul 01, 2009 6:13 am    Post subject: Reply with quote

Grand Master

Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
You could try recreating your SYSTEM objects with strmqm -c but that will clear any changes you made to the SYSTEM objects.

I doubt REFRESH SECURITY will do it, but it won't hurt.

Have you tried setmqaut with -remove?

I don't see a -p or -g....
Back to top
View user's profile Send private message AIM Address
meaton78
PostPosted: Wed Jul 01, 2009 6:18 am    Post subject: Reply with quote

Centurion

Joined: 16 Oct 2008
Posts: 100
I checked the count, and there are 1600+ instances, not just for system queues. Luckily, this is a way low Dev region server and not anything too important, but it's still something I am responsible for, and I'd rather it not look like this.
Back to top
View user's profile Send private message
JosephGramig
PostPosted: Wed Jul 01, 2009 6:37 am    Post subject: Reply with quote

Grand Master

Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
Well, you could do a SAVEQMGR and save your stanzas (note your LogFilePage size). Then delete and create the QMGR (making sure you removed it from all clusters before deleting it). Restore stanzas.

Plus the parts of the setmqaut commands you wanted to keep.

Is this Windows?
Back to top
View user's profile Send private message AIM Address
meaton78
PostPosted: Wed Jul 01, 2009 6:39 am    Post subject: Reply with quote

Centurion

Joined: 16 Oct 2008
Posts: 100
Yes, it is Windows. Thanks, that does sound like a valid alternative to trying to remove all invalid security settings. Thanks for your quick responses; it is appreciated.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Wed Jul 01, 2009 7:12 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447
You can get grep for windows from the unxutils package (a simple google should find it).

Then you can grep -v to remove all the setmqaut commands that are bad.
Back to top
View user's profile Send private message
JosephGramig
PostPosted: Wed Jul 01, 2009 9:26 am    Post subject: Reply with quote

Grand Master

Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
FIND /V "what I don't want"

is another DOS alternative to grep -v
Back to top
View user's profile Send private message AIM Address
meaton78
PostPosted: Wed Jul 01, 2009 9:35 am    Post subject: Reply with quote

Centurion

Joined: 16 Oct 2008
Posts: 100
I ran saveqmgr .m <qmgr> -Z qmgr.sec.txt which put it into a text file which I find easiest to alter.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » setmqaut entries from saveqmgr
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.