Posted: Wed Oct 02, 2002 10:29 am Post subject: MQ Security
Novice
Joined: 25 Feb 2002 Posts: 12 Location: Ohio
I have a W2K active directory (not under my control) with a one way trust to an NT 4 domain. The AD trusts the domain. I have a user/service account in the AD trying to access queues on a queue manager in the NT domain. I get the following error in event viewer:
"Access was denied when attempting to retrieve group membership information for user 'aduser@activedirectory'.
MQSeries, running with the authority of user 'musr_mqadmin@machinename', was unable to retrieve group membership information for the specified user.
Ensure Active Directory access permissions allow user 'musr_mqadmin@machinename' to read group memberships for user 'aduser@activedirectory'. To retrieve group membership information for a domain user, MQSeries must run with the authority of a domain user. "
I tried changing the MQ components to use a domain account instead of a local account, but received a similar error. The AD user account is a memeber of the local mqm group on the machine running the queue manager.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum