ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » No Authorization Problem

Post new topic  Reply to topic
 No Authorization Problem « View previous topic :: View next topic » 
Author Message
Djeyli
PostPosted: Fri Jun 07, 2002 12:48 am    Post subject: No Authorization Problem Reply with quote

Apprentice

Joined: 03 Apr 2002
Posts: 28
Location: New Zealand
Hi all

I have MQSeries installed on two Win2K machines on different domains. Machine TN003 is able to send messages to machine DN001 with no problem, however when sending a message the other way, TN003 does not authorize the connection.

I have setup an Admin user on both machines (MQADMIN) and have added both to the mqm security group. I have also updated the Local Policy Settings to:

Act as part of the operating system
Create token Objects
Increase Quotas
Replace a process level token

The problem machine runs with Active Directory
The other machine dies not run on Active Directory

Any ideas of what I have overlooked ??

Regards
Back to top
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger
glen
PostPosted: Wed Jun 12, 2002 7:46 am    Post subject: mq authentication Reply with quote

Novice

Joined: 05 Jun 2002
Posts: 13
Location: Dublin, Ireland.
The changes you have made are most likely local, and won't affect your MQ installation. From a security viewpoint, I would remove the changes to the Token objects and remove the SeTcbPrivelege (act as part of the OS), especially as you are using this across domains.

Your MQADMIN user needs to be a domain user, and it needs to be a member of the domain mqm group.


You need to create a global / universal group called 'domain mqm'. Create a new custom task - user objects
properties required are
Read Group Membership
Read SAM Group Membership

Assuming that you have already installed MQ, you will need to add your domain mqm group to the local mqm group on your MQServers, and change your MQServices to start using the domain account.

If they are on different domains, why aren't you using AD - connect the domains, trust as required and everything should be ok.

Both user logon accounts will need to be members of the domain mqm group for two way administration.

It sounds like you have a one way trust set up - if not, I don't see how this is working.
Have you checked your routing tables? can you ping both machines?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » No Authorization Problem
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.