| Author |
Message
|
| Hanuman |
 Posted: Sun Sep 24, 2006 11:50 pm Post subject: Now on solris how will i add myself to that mqm group. |
 |
|
Voyager
Joined: 28 Aug 2006
Posts: 89
|
hi
You are not an authorized user on the other (server) machine.
Check "Control Panel\Administrative Tools\Event Viewer\Application Log" for hints.
Does your user have MQM group access on the server machine?
i am getting this error.[/quote]
| Quote: |
Now on solris how will i add myself to that mqm group.if somebody could help me...
|
|
|
| Back to top |
|
 |
| atheek |
| Posted: Mon Sep 25, 2006 2:44 am Post subject: |
|
|
Partisan
Joined: 01 Jun 2006
Posts: 327
Location: Sydney
|
<From the System Administartion guide>
To add a user to a group, edit the /etc/group file.
Find the line defining the group to which you want to add a member, and add the user ID to the list of user IDs in that group.
For example, the entry for a group called mquser, containing members user1, user2, and user3 might look like this:
mquser::42428:root,user1,user2,user3 |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Sep 25, 2006 3:07 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Google will give you a command line way to add a user to a group. No need to manually edit the group file. (That would be dangerous and probably a "nono" with your unix admin.)
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| atheek |
| Posted: Mon Sep 25, 2006 3:20 am Post subject: |
|
|
Partisan
Joined: 01 Jun 2006
Posts: 327
Location: Sydney
|
try this...
/usr/sbin/usermode -G <comma separated list of groups for your user> username
You need root access to do this. |
|
| Back to top |
|
|
| Hanuman |
| Posted: Mon Sep 25, 2006 3:31 am Post subject: |
|
|
Voyager
Joined: 28 Aug 2006
Posts: 89
|
these are the contents of my group file..
root::0:root,mqm
other::1:
bin::2:root,bin,daemon
sys::3:root,bin,sys,adm
adm::4:root,adm,daemon
uucp::5:root,uucp
mail::6:root
tty::7:root,tty,adm
lp::8:root,lp,adm
nuucp::9:root,nuucp
staff::10:
daemon::12:root,daemon
sysadmin::14:
nobody::60001:
noaccess::60002:
nogroup::65534:
tibgrp::100:
dba::101:icadmin,icrep
inconcrt::102:
osdba::103:icadmin,icrep
osoper::104:
oinstall::105:apache,oracle
mqm::1000:
Nikhil::1001:
now here what should be username and group ...
i am confused since both solaris and winxp have mqm as group and what should be username.... |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon Sep 25, 2006 3:37 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Take a tip from further up this post - do not start editing this file by hand! I don't know about Solaris first hand, but other UNIX flavours get annoyed if you try it - use the command line utilities provided! 
What exactly is the confusion? What are you trying to achieve? Is it the client connection you posted about with the 2035? If so, the client user needs to be authorised on the server. This doesn't necessarially mean adding them to the mqm group, you can authorise them separately or better still add them to a new group and authorise that.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| atheek |
| Posted: Mon Sep 25, 2006 3:44 am Post subject: |
|
|
Partisan
Joined: 01 Jun 2006
Posts: 327
Location: Sydney
|
| you might need to set the user ID under the MCA tab in the server connection channel definition properties to a user ID that has permission to access the queue manager on the server machine. The user should belong to the group mqm. |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon Sep 25, 2006 3:47 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| atheek wrote: |
| you might need to set the user ID under the MCA tab in the server connection channel definition properties to a user ID that has permission to access the queue manager on the server machine. The user should belong to the group mqm. |
Or another authorised group, depending on the level of access required via the connection! 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Hanuman |
| Posted: Tue Sep 26, 2006 9:20 pm Post subject: |
|
|
Voyager
Joined: 28 Aug 2006
Posts: 89
|
vitor
This what u posted
| Quote: |
What exactly is the confusion? What are you trying to achieve? Is it the client connection you posted about with the 2035? If so, the client user needs to be authorised on the server. This doesn't necessarially mean adding them to the mqm group, you can authorise them separately or better still add them to a new group and authorise that. |
Thanks for the advice
But what are steps that I need to follow up.
Can you please chop down the steps for me. Since I am new to solaris and even MQ.
you might need to set the user ID under the MCA tab in the server connection channel definition properties to a user ID that has permission to access the queue manager on the server machine. The user should belong to the group mqm.
how will i do this on solaris............ |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Sep 27, 2006 12:21 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
If you're new to Solaris do not edit files in /etc! 
In fact, I would recommend you contact whoever administers your box & get them to define you a new group, and possibly a new user id for program access. This would avoid any political toe treading & keeps the admins on board. Failing that, Google for addusr & addgrp (for starters) and go in peace.
Once you have these users/groups, look up setmqauth in the MQ documentation (hint - the Security manual). You need to use this to avoid the 2035 error. Either authorise the id you're using or better still authorise a group (saves running authorisations over and over). Once you have an authorised id, you're away.
The alternative to this is to add an authorised id to the MCA User Id. My comment about using mqm in this field was a joke - it's a well known security hole in the MQ product! Do not do this except as a short term fix; adding mqm to this field will give everyone who connects to the queue manager full administrative rights. Fine while you're developing, bad in prod!
You should instead (assuming you've not authorised a group) put a single user id with the right, limited authorites in this field. You ned to look up the DEFINE CHANNEL command in the Command Reference manual.
Note - when I say manual, I mean either downloaded PDF or the web based info centre. Whichever you find more convieneient.
Happy Reading!
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
