| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQ Access Control Problem - Urgent |
« View previous topic :: View next topic » |
| Author |
Message
|
| cecils |
 Posted: Wed Sep 25, 2002 12:46 am Post subject: MQ Access Control Problem - Urgent |
 |
|
Newbie
Joined: 11 Jun 2002
Posts: 7
|
I installed MQServer on a machine running under Win2k Advance Server while logged on as a domain account. After installation, I created a queue manager. Problem is, I cannot create a queue or access objects within the queue manager if I am logged in as a domain account. However, when logged on as a local administrator, I can do so. I can create queues under the queue manager as well as access objects underneath it. Why is this so? I already added the domain account to the administrator & mqm group and the result is still the same.
Your responses will be greatly appreciated. Thanks! |
|
| Back to top |
|
 |
| Nimrod |
| Posted: Wed Sep 25, 2002 5:16 am Post subject: |
|
|
Newbie
Joined: 08 Jul 2002
Posts: 6
Location: Israel
|
First of all, I give you fare warning, that it has been my experience that MQ does not work well with domain accounts of any sort.
There are a few things you could do-
You could simply disable the MQ authorization service, this is done by getting into MQSeries Services, clicking the QM properties, in the "service" tab select "Service: AuthorizationService" and delete it. Restart QM and it should solve the prob. Keep in mind this will disable all access control to QM's objects, but to tell the truth, the authorization service that comes with MQ sucks anyhow, so this is the solution I recommend.
The other thing you should check, is if the account is part of the group "Domain mqm", which should be created with MQ installation.
And the last thing, is checking you installed MQ 5.2 and above, I dont think earlier versions even know what domain accounts are... 
Good Luck!
_________________
Nimrod Oren
Integration Solutions Expert,
Multiconn, Israel. |
|
| Back to top |
|
|
| mrlinux |
| Posted: Wed Sep 25, 2002 7:33 am Post subject: |
|
|
Grand Master
Joined: 14 Feb 2002
Posts: 1261
Location: Detroit,MI USA
|
Well my limited expiernce is this area is, we have a domain id mqm and we add that to the local admin on the box and we dont seem to have any troubles, Iam not sure how good of setup this is. It was setup before I got here.
_________________
Jeff
IBM Certified Developer MQSeries
IBM Certified Specialist MQSeries
IBM Certified Solutions Expert MQSeries |
|
| Back to top |
|
|
| nando32 |
| Posted: Tue Oct 15, 2002 8:40 pm Post subject: |
|
|
Newbie
Joined: 01 Jul 2002
Posts: 9
Location: Sacramento California
|
I tend to agree with these other folks, using any type of Domain service for authentication is a bad idea. The way we have worked on this issue is by creating local accounts, like userID user1 Group user1. When granting access to a queue we grant the group access, as you can see they are the same. OAM will work but there is allot of overhead time and administration. This works good on Solaris, and Windows 2000, we have had no problems.
_________________
Fernando Acosta
Barclays Global Investors |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
