| Author |
Message
|
| p.cradwick |
 Posted: Mon Aug 06, 2007 4:38 pm Post subject: Domain user yet again! |
 |
|
Acolyte
Joined: 16 May 2001
Posts: 56
|
Hi,
I know this is flogging a dead horse but the horse doesn't seem to want to die!
I have wasted so much time trying to sort this that... well, here I am...
Using v6 everything: Toolkit 6.0.2; Broker FP3; WMQ FP2
Installed all software as a local user 'mquser'. All works fine.
I then logged on as domain user 'pcradwick' and:
Put the domain userid in the groups mqm and mqbrkrs.
Change the MCA user on SYSTEM.BKR.CONFIG to <domain>\userid.
Change broker and configmgr services to start as domain user.
setmqaut -m QM1 -t qmgr -p pcradwick +all (checked with WMQ gui)
mqsicreateaclentry <CONFIGMGRNAME> -u <domain>\userid -a -x F -p
On checking ACL and OAM:
mqsilistaclentry CONFIG1 -u pcradwick -a
BIP1778I: pcradwick - USER - F - ConfigManagerProxy - ConfigManagerProxy
BIP8071I: Successful command completion.
C:\Program Files\IBM\MQSI\6.0>dspmqaut -m QM1 -t qmgr -p pcradwick
Entity pcradwick has the following authorizations for object QM1:
inq
set
connect
altusr
crt
dlt
chg
dsp
setid
setall
So why do I still get:
'User pcradwick is not authorized to connect to queue manager 'QM1' (MQ reason code 2035 while trying to connect)
when I try to create a Domain using domain userid??
Did I miss something?
Peter |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Mon Aug 06, 2007 7:06 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
refresh security
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| Mensch |
| Posted: Tue Aug 07, 2007 2:03 am Post subject: |
|
|
Disciple
Joined: 17 Jul 2005
Posts: 166
|
Using which ID you have created broker and config manager?
_________________
Thanks and Regards ,
Mensch |
|
| Back to top |
|
|
| PieterV |
| Posted: Tue Aug 07, 2007 3:06 am Post subject: Re: Domain user yet again! |
|
|
Disciple
Joined: 04 Jan 2006
Posts: 164
Location: Belgium
|
| p.cradwick wrote: |
| setmqaut -m QM1 -t qmgr -p pcradwick +all |
This should not be necessary.
As Jeff says, you need to run 'refresh security(*)'
This command is only necessary (and perhaps only usefull as well) when you add a user to the mqm group.
Since you have done this, you need to run that command.
The command (see quote) should not be necessary because you will belong the mqm group.
to run refesh security go to command prompt:
runmqsc <qmgr>
refresh security(*)
Good luck! |
|
| Back to top |
|
|
| Tonedef |
| Posted: Tue Aug 07, 2007 4:37 am Post subject: |
|
|
Apprentice
Joined: 05 Feb 2007
Posts: 44
|
Does MQ still have the old 8 character limit on ID's,
well it's not a limit as such it just doesn't recognise anothing over 8 chars.
as it's MQ not the broker thats complaining. |
|
| Back to top |
|
|
| p.cradwick |
| Posted: Tue Aug 07, 2007 4:43 pm Post subject: |
|
|
Acolyte
Joined: 16 May 2001
Posts: 56
|
Thanks for the replies.
After wrestling with it for a few hours yesterday I found a solution which was to specify the MCA user as <userid> NOT <domain>\<userid> as I was doing. Don't know how that squares with the 'Refresh Security', but maybe the change in security on the MCA triggers this automatically?
Anyway I will add the refresh to my 'recipe' and maybe NEXT time I will get it right first time. We can always hope.
Peter
 |
|
| Back to top |
|
|
|
|
