| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Report messages & queue authorizations |
« View previous topic :: View next topic » |
| Author |
Message
|
| MVO |
 Posted: Sat Apr 20, 2002 7:28 pm Post subject: |
 |
|
Centurion
Joined: 09 Sep 2001
Posts: 131
|
From my local queue manager qmA, I'm sending a message to a queue of the remote queue manager qmB with report option COD to my local reply-to queue as user U1. There is no remote definition of my local reply-to queue on B. User U1 is not defined there either.
At the remote server: when the message is "get" from the remote queue, MQ failed to send the COD to my local reply-to queue due to reason MQRC_NOT_AUTHORIZED - user U1 is not authorized to put message to xmit queue qmA. In order to resolve this, at the remote server, we have to issue the setmqaut command to allow the "public" group allapi on xmit queue qmA.
However, any users can "put" a message to any remote queue via mqput. Why does MQ treat report messages differently ? Am I missing something here ?
Thanks
|
|
| Back to top |
|
 |
| mqonnet |
| Posted: Sat Apr 20, 2002 10:21 pm Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
Hi MVO,
The reason you are facing this Authorization problem is because of OAM. I would suspect that your remote queue manager is hosted on NT/2000. And since you dont have a Principal mapped for the userid which is being used you are using on the local system, on the remote system, you are facing this problem. Let me give you an example to help you understand what you need to do to resolve this problem.
Consider you have 2 platforms, Hp-Ux->NT.
You have a message being sent from Hp to nt requesting a COD. On HP you are logged in as "FRED". When you put the message on remote queue to go over to NT, the userid which goes along with it is always "FRED", or on some platforms it is "mqm"/principal to which "FRED" is mapped to. But when the message is supposed to be COD'd at the remote end, the Kernal uses the useridentifier within the message to Check the authorities to put message on any queue, including the remote queue onto which you want the reply/COD be sent. Since you dont have "FRED" as a principal on NT, you are not authorized to put any message. And COD fails with 2035.
Hence the resolution to this is to add a principal called "FRED" on NT, so that COD is authenticated.
Hope this helps.
Cheers.
Kumar
_________________
IBM Certified WebSphere MQ V5.3 Developer
IBM Certified WebSphere MQ V5.3 Solution Designer
IBM Certified WebSphere MQ V5.3 System Administrator |
|
| Back to top |
|
|
| crossland |
| Posted: Mon Oct 10, 2011 6:31 am Post subject: |
|
|
Master
Joined: 26 Jun 2001
Posts: 248
|
The problem that I am facing is that the command is being generated by user mqm on Unix. The receiving Windows server is then generating a 2035 when it tries to generate a response.
Windows will not let me create a userid called mqm as there is a group called mqm.
Any suggestions on how to authorise mqm?
The MCA userid has already been set on the receiver channel. However, MQ uses MQPMO_PASS_IDENTITY_CONTEXT for the response. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Oct 10, 2011 6:37 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9470
Location: US: west coast, almost. Otherwise, enroute.
|
This exact issue (COD and COA) has been discussed here many times. Click the search button at the top of is page.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| crossland |
| Posted: Mon Oct 10, 2011 7:01 am Post subject: |
|
|
Master
Joined: 26 Jun 2001
Posts: 248
|
Such a quick response - thank you so much.
So the search continues... |
|
| Back to top |
|
|
| crossland |
| Posted: Tue Oct 11, 2011 1:58 am Post subject: |
|
|
Master
Joined: 26 Jun 2001
Posts: 248
|
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
