| Author |
Message
|
| dhagan |
 Posted: Wed Dec 12, 2012 10:54 am Post subject: Unable to connect with the queue manager |
 |
|
Newbie
Joined: 12 Dec 2012
Posts: 5
|
Unable to connect with the queue manager
Hello all, I'm new to MQSeries, so please forgive any faux pauxs
Running WMB 8.0.0.0 and WMQ 7.5 on CentOS 6. I'm attempting to connect to it remotely from WMB Toolkit running Win 7 - but before I do so, I'm having onbox issues. Port 1414 appears to be up and listening.
I'm logged in as the user mqm group mqm
if I use -i localhost or -i myDomain -
bash-4.1$ mqsimode -i myDomain-p 1414 -q MB8QMGR
BIP1044I: Connecting to the queue manager...
BIP1046E: Unable to connect with the queue manager (The user 'mqm' is not authorized to connect to queue manager 'MB8QMGR' (MQ reason code 2035 while trying to connect)).
But when I omit the domain
bash-4.1$ mqsimode -q MB8QMGR
BIP1044I: Connecting to the queue manager...
BIP1060I: Connecting to the broker...
BIP1115I: Connected to the broker 'MB8BROKER'.
BIP1803I: The trial period for broker 'MB8BROKER' expires on '12 Mar 2013'.
BIP1831I: Broker 'MB8BROKER' has mode extensions ''.
BIP8071I: Successful command completion.
bash-4.1$ dspmqaut -m MB8QMGR -t qmgr -p mqm
Entity mqm has the following authorizations for object MB8QMGR:
inq
set
connect
altusr
crt
dlt
chg
dsp
setid
setall
ctrl
system
Any thoughts? |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Wed Dec 12, 2012 11:24 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
so the first command makes a client connection.
The command without the domain makes a bindings connection.
The client connection is failing to authenticate because you are hitting the default channel authentication records which prevent (intentionally) users in the mqm group from connecting remotely. |
|
| Back to top |
|
|
| dhagan |
| Posted: Wed Dec 12, 2012 12:48 pm Post subject: |
|
|
Newbie
Joined: 12 Dec 2012
Posts: 5
|
mqjeff, thanks a ton for your reply.
I'm lost, do I need to change the default channel authentication records, and if so how?
Or do I need to somehow change the authorizations for the user mqm?
Could you point me to a doc which will help?
I'm following WebSphere Message Broker Version 8.0.0.0 > Administering existing brokers > Managing brokers
dspmqaut -m MB8QMGR -n SYSTEM.BKR.CONFIG -t channel -g mqm |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Dec 12, 2012 12:52 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You need to add an additional channel auth record that is specific to the svrconn channel being used.
something like
| Code: |
| SET CHLAUTH(SYSTEM.BKR.CONFIG) TYPE(BLOCKUSER) USERLIST('nobody') action(add) |
Or otherwise you need to spend time planning and configuring the necessary levels of MQ Security to ensure that only the relevant people can connect to the relevant queue managers and then perform the relevant tasks. |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Wed Dec 12, 2012 12:54 pm Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
Hmmm, well the client connection is rejected because WMQ 7.1/7.5 by default doesn't allow IDs that are the service ID of WMQ to connect as a security precaution.
I do the same with my ID which is not mqm but is in both the mqm and mqbrkrs groups. Worked fine, didn't grant anything. Not ideal for anything but local testing. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Dec 13, 2012 6:09 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| dhagan wrote: |
mqjeff, thanks a ton for your reply.
I'm lost, do I need to change the default channel authentication records, and if so how?
Or do I need to somehow change the authorizations for the user mqm?
Could you point me to a doc which will help?
I'm following WebSphere Message Broker Version 8.0.0.0 > Administering existing brokers > Managing brokers
dspmqaut -m MB8QMGR -n SYSTEM.BKR.CONFIG -t channel -g mqm |
You do realize, of course that you need to be at WMB 8.0.0.1 to use a version of WMQ that is greater than 7.0.1.x ?? (in particular here WMQ 7.5) 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
