MQSeries.net :: View topic - Local WMB dev env and domain users

MQSeries.net

Tech Exchange

Education

Certifications

Library

Info Center

SupportPacs

FAQÂ Â

Usergroups

RSS Feed - WebSphere MQ Support

RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Local WMB dev env and domain users

Local WMB dev env and domain users

« View previous topic :: View next topic »

Author

Message

4integration

Posted: Wed Apr 04, 2007 4:47 am Post subject: Local WMB dev env and domain users

Disciple

Joined: 04 Sep 2006
Posts: 197
Location: Gothenburg, Sweden

Hello,

We are in a Microsoft environment (WinXP on the clients and ActiveDirectory for identity management) and have the WMB development environment installed locally.

The WMB services are running as "Local System" user but have problems when the domain password are changed we often get into problems.

Would it better to create a local user with administrator privileges and have that for running the WMB environment? Would that be possible and a simplified management?
_________________
Best regards
4 Integration

Mensch

Posted: Thu Apr 05, 2007 8:05 pm Post subject:

Disciple

Joined: 17 Jul 2005
Posts: 166

Hi 4Integration,

If you change the domain userneme password ..you have to make sure that same password gets reflected in your system MQSeries services.

You dont have to create local user for running broker. you can do it using domain user as well.
_________________
Thanks and Regards ,
Mensch

PrasLearnsWBI

Posted: Fri Apr 06, 2007 11:45 am Post subject:

Novice

Joined: 06 Apr 2007
Posts: 13
Location: Budapest, Hungary

Quote:

If you change the domain userneme password ..you have to make sure that same password gets reflected in your system MQSeries services.

Mensch is right.
But i would prefer creating a local user with administrator privileges. That is the solution for a lifetime. It would run your Services required for your WMB environment.

In our set up, I have the same local admin for DB2 , MQ Series and WMB. And trust me, i get a good sleep

No offenses.

Thanks
Pras
_________________
I wonder that I am around !!

JosephGramig

Posted: Fri Apr 06, 2007 12:20 pm Post subject:

Grand Master

Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA

It all depends on your security requirements.

At some installations, if you can log on with an ID then that ID must have an expiring password. You must have the discipline to update all the brokers that use the Domain ID when you change the password.

Commonly, I see institutions run the brokers with the same ID. They also use the same database for the brokers. If a migration requires a change to the broker tables (as it did from 2.1 to 5.0 or 6.0), what will happen to the other brokers that are not migrated that share that database?

Think about it.
_________________
Joseph
Administrator - IBM WebSphere MQ (WMQ) V6.0, IBM WebSphere Message Broker (WMB) V6.1 & V6.0
Solution Designer - WMQ V6.0
Solution Developer - WMB V6.1 & V6.0, WMQ V5.3

4integration

Posted: Thu Apr 12, 2007 5:41 am Post subject:

Disciple

Joined: 04 Sep 2006
Posts: 197
Location: Gothenburg, Sweden

Just a reminder, this is not a production or QA environment, it's a development environment.

Today we are using the domain user for WMB and WMQ. DB2 are running as db2admin user.
When a password changes on the domain we are executing those commands

For IBM WebSphere MQ:

Quote:

amqmsrvn -user DOMAIN\<userid> -password <new_passwd>

For IBM WebSphere Message Broker

Quote:

mqsichangebroker WBRK6_DEFAULT_BROKER -i DOMAIN\<userid> -a <new_passwd> -p <new_passwd>

For IBM WebSphere Message Broker Configuration Manager

Quote:

mqsichangeconfigmgr WBRK6_DEFAULT_CONFIGURATION_MANAGER -i DOMAIN\<userid>
<new_passwd> -p <new_passwd>

But we have experienced problems when this happens and would like to minimize the problems. Soon the program (3+ projects and 150+ persons) will have a large number of WMB developers and if we can prepare even more we will get less questions/problems on our table

It seems that you, Pras, have good experience in running the components with a non-domain user id, maybe we should give it a test.

Btw, what password is set for the db2admin user as default?
_________________
Best regards
4 Integration

jefflowrey

Posted: Thu Apr 12, 2007 5:47 am Post subject:

Grand Poobah

Joined: 16 Oct 2002
Posts: 19981

The db2admin password is set by the person who installed DB2.
_________________
I am *not* the model of the modern major general.

4integration

Posted: Thu Apr 12, 2007 6:16 am Post subject:

Disciple

Joined: 04 Sep 2006
Posts: 197
Location: Gothenburg, Sweden

namely myself .... I found the password
_________________
Best regards
4 Integration

4integration

Posted: Thu May 03, 2007 4:52 am Post subject:

Disciple

Joined: 04 Sep 2006
Posts: 197
Location: Gothenburg, Sweden

PrasLearnsWBI wrote:

Quote:

If you change the domain userneme password ..you have to make sure that same password gets reflected in your system MQSeries services.

No offenses.

Thanks
Pras

Hi,
I have got new laptop which I will setup with DB2, WMQ, WMB, WMBT etc. The company environment are using Windows domains ( I am logged in with a Windows domain account. Now I want to have all services working without using any domain account and/or any checks to the domain.

DB2 is installed using a local db2admin user = OK
Next step is to install WMQ, but I have problems...
If I set "no" in the "network configuration" (launchpad) the installation works fine but the final steps "Prepare WebSphere MQ Wizard" requires me to enter a domain user....

How can/should I handle this?
_________________
Best regards
4 Integration

4integration

Posted: Thu May 03, 2007 11:17 pm Post subject:

Disciple

Joined: 04 Sep 2006
Posts: 197
Location: Gothenburg, Sweden

I have been working on two scripts for creating the default configuration and configure it to run as non domain user (=wmb4adm)
Target is developer environment.

I would be happy if you guys could make a review of them if I am missing some important steps and maybe you can find it useful as well

Create WMB environment:

Quote:

@echo off

SET userid=wmb4adm
SET password=wmb4adm
SET database_name=DEFBKDB6
SET mq_queue_mgr=WBRK6_DEFAULT_QUEUE_MANAGER
SET wmb_config_mgr=WBRK6_DEFAULT_CONFIGURATION_MANAGER
SET wmb_broker_name=WBRK6_DEFAULT_BROKER

ECHO.
ECHO #######################################################################
ECHO # Add user + add it to Administrators group
ECHO # Error message "System error 1378..." is OK ( = already member )
ECHO #######################################################################
ECHO #
NET USER %userid% %password% /ADD /expires:never
NET LOCALGROUP "Administrators" "db2admin" /add
NET LOCALGROUP "Administrators" "%userid%" /add
ECHO #
ECHO #######################################################################

ECHO.
ECHO #######################################################################
ECHO # Run mqsiprofile
ECHO #######################################################################
ECHO #
CALL mqsiprofile
ECHO #
ECHO #######################################################################

ECHO.
ECHO #######################################################################
ECHO # Create/Start/Configure the queue manager named %mq_queue_mgr%
ECHO #######################################################################
ECHO #
CALL crtmqm %mq_queue_mgr%
CALL strmqm %mq_queue_mgr%
CALL runmqsc %mq_queue_mgr% < wmb_config_mgr.input
ECHO #
ECHO #######################################################################

ECHO.
ECHO #######################################################################
ECHO # Create a configuration manager named %wmb_config_mgr% with queue manager %mq_queue_mgr%
ECHO #######################################################################
ECHO #
CALL mqsicreateconfigmgr %wmb_config_mgr% -i %userid% -a %password% -q %mq_queue_mgr%
ECHO.
ECHO Starting the WMB Configuration Manager %wmb_config_mgr%
CALL mqsistart %wmb_config_mgr%
ECHO #
ECHO #######################################################################

ECHO.
ECHO #######################################################################
ECHO # Creating the database named %database_name% for userid %userid% for the default broker.
ECHO #######################################################################
ECHO #
CALL mqsicreatedb %database_name% -i %userid% -a %password% -e DB2
ECHO #
ECHO #######################################################################

ECHO.
ECHO #######################################################################
ECHO # Setting up a broker named %wmb_broker_name% using the queue manager %mq_queue_mgr%
ECHO # and database %database_name%
ECHO #######################################################################
ECHO #
CALL mqsicreatebroker %wmb_broker_name% -i %userid% -a %password% -q %mq_queue_mgr% -n %database_name%
ECHO.
ECHO Starting the Message Broker %wmb_broker_name%
CALL mqsistart %wmb_broker_name%
ECHO #
ECHO #######################################################################

ECHO.
ECHO #######################################################################
ECHO # Modifying the Windows services
ECHO #######################################################################
ECHO #
REM sc config DB2-0 start= demand obj= .\db2admin password= db2admin
REM sc config DB2DAS00 start= demand obj= .\db2admin password= db2admin
sc config DB2-0 start= demand
sc config DB2DAS00 start= demand
sc config MQSeriesServices start= demand obj= .\%userid% password= %password%
sc config MQSeriesBrokerWBRK6_DEFAULT_BROKER start= demand obj= .\%userid% password= %password%
sc config MQSeriesBrokerWBRK6_DEFAULT_CONFIGURATION_MANAGER start= demand obj= .\%userid% password= %password%
ECHO #
ECHO #######################################################################

:END
ECHO Done

input file: wmb_config_mgr.input

Quote:

DEFINE LISTENER(WBRK6_DEFAULT.LISTENER) +
TRPTYPE(TCP) +
PORT(2414) +
CONTROL(QMGR)

START LISTENER(WBRK6_DEFAULT.LISTENER)

DEFINE CHL ('java.channel') +
CHLTYPE(SVRCONN) +
TRPTYPE(TCP) +
maxmsgl(104857600)

END

Delete WMB environment:

Quote:

[/i]
_________________
Best regards
4 Integration

4integration

Posted: Fri May 04, 2007 10:30 pm Post subject:

Disciple

Joined: 04 Sep 2006
Posts: 197
Location: Gothenburg, Sweden

I am running the local WMB environment as user 'wmb4adm' as described in the previous post.

At first it worked just fine but now I get some problems, in Windows event log I get:

Quote:

Entity 'wbimb' has insufficient authority to access object 'MY.QUEUE'.

The specified entity is not authorized to access the required object. The following requested permissions are unauthorized: put/passid

Ensure that the correct level of authority has been set for this entity against the required object, or ensure that the entity is a member of a privileged group.

Do you have any idea on how to solve this?
_________________
Best regards
4 Integration

fjb_saper

Posted: Sat May 05, 2007 3:26 am Post subject:

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY

4integration wrote:

I am running the local WMB environment as user 'wmb4adm' as described in the previous post.

At first it worked just fine but now I get some problems, in Windows event log I get:

Quote:

Do you have any idea on how to solve this?

The error message is very clear. It outlines the missing permission and the object which is missing those permissions.
It is now up to you to resolve...
Enjoy

_________________
MQ & Broker admin

Mensch

Posted: Sun May 06, 2007 4:47 pm Post subject:

Disciple

Joined: 17 Jul 2005
Posts: 166

Please make sure that your WMB user and DB2 local user are part of mqm, mqbrks and DB2USERS group
_________________
Thanks and Regards ,
Mensch

4integration

Posted: Tue May 08, 2007 8:56 pm Post subject:

Disciple

Joined: 04 Sep 2006
Posts: 197
Location: Gothenburg, Sweden

Mensch wrote:

Please make sure that your WMB user and DB2 local user are part of mqm, mqbrks and DB2USERS group

Yes, I had missed that and seems quite logical

It seems to solve the problem. Thanks!
_________________
Best regards
4 Integration

Display posts from previous:

Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Local WMB dev env and domain users

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Protected by Anti-Spam ACP