| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| WBIMB userid vs domain userid |
« View previous topic :: View next topic » |
| Author |
Message
|
| pcoffey |
 Posted: Fri Feb 03, 2006 6:13 am Post subject: WBIMB userid vs domain userid |
 |
|
Apprentice
Joined: 03 Feb 2006
Posts: 33
|
Hi,
I have seen a post on this issue before but I don't understand the reason for it. Any explanation is appreciated.
(Windows, WBI MB 5)
I have a network domain userid which exceeds 12 characters. Knowing that WBI MB has a 12 char userid limit, I created a local userid for WBI MB services and all works well when I am logged onto the local domain.
My question is, why, when I log onto the network domain and run the config manager under the local userid, does the toolkit fail to connect to the config manager? The error reported is:
"Error in call NetUserGetLocalGroups() to the NT security domain with return code 2221"
i.e. exactly what is the network domain user id being used for, given that the config manager is running under my local userid?
Thanks in advance for any explanation,
Pauline |
|
| Back to top |
|
 |
| mqmatt |
| Posted: Fri Feb 03, 2006 6:51 am Post subject: |
|
|
Grand Master
Joined: 04 Aug 2004
Posts: 1213
Location: Hursley, UK
|
The Config Manager is running as a local user, but it is using the domain to authenticate incoming domain users for access to its resources.
If you don't want to use domains, use "mqsichangeconfigmgr -l 0" to disable domain support in the Config Manager, or "mqsistudio -vmargs -DDomainAware=0" to disable it in the toolkit.
Hope I haven't confused things further!! 
-Matt |
|
| Back to top |
|
|
| pcoffey |
| Posted: Fri Feb 03, 2006 7:26 am Post subject: |
|
|
Apprentice
Joined: 03 Feb 2006
Posts: 33
|
Matt,
Thanks for the explanation. I tried changing the config manager and the studio to be non-domain aware but it didn't resolve the connection problem. Now, I get a different studio to config manager connection error:
"TopicRoot information was not received from the Configuration Manager. Either the Configuration Manager is not available or the user 'john.smith' does not have authority to view the object. (UUID='TopicRoot', required attribute='topicroot.defaultpolicy')"
john.smith is the domain userid, but with the domain prefix and backslash stripped off. There is no user john.smith on the local domain - The domain userid, i.e. DOMAIN\john.smith, is a member of all the mq groups.
I know I can work around the issue, but I'd like to be able to resolve it.
Pauline. |
|
| Back to top |
|
|
| mqmatt |
| Posted: Fri Feb 03, 2006 7:37 am Post subject: |
|
|
Grand Master
Joined: 04 Aug 2004
Posts: 1213
Location: Hursley, UK
|
Hi,
If you disable domain support on v5, a userid with the same name as the incoming toolkit userid must be present on the Config Manager machine - and it is that userid (i.e. the one on the CM machine) that needs to be a member of the groups.
-Matt |
|
| Back to top |
|
|
| pcoffey |
| Posted: Fri Feb 03, 2006 7:48 am Post subject: |
|
|
Apprentice
Joined: 03 Feb 2006
Posts: 33
|
| Ah-ha... thanks Matt - that makes it clear. I appreciate your time! |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
