ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » MQ Security CLuster / Queue Manager Alias.

Post new topic  Reply to topic
 MQ Security CLuster / Queue Manager Alias. « View previous topic :: View next topic » 
Author Message
rammer
PostPosted: Tue May 27, 2014 10:21 am    Post subject: MQ Security CLuster / Queue Manager Alias. Reply with quote

Partisan

Joined: 02 May 2002
Posts: 359
Location: England
Hi,

Hopefully you cna help on my query below.

Remote Queue Manager MQ Version 7
Queue Manager = MQREMOTE
Remote Queue TO.QMGR3.TEST.QUEUE
RNAME = QMGR3.TEST.QUEUE
Remote Queue Manager = MQENTRY
XMITQ = QMGR1
Sender Channel = MQREMOTE.QMGR1
The above is NOT part of any MQ Cluster

QMGR1 (MQ 7 AIX)
Receiver Channel = MQREMOTE.QMGR1
Queue Manager Alias = MQENTRY, RNAME() RQMNAME() XIMQT()
Queue Manager is PR Cluster = TESTCLUSTER

QMGR3(MQ 7.5 AIX)
Cluster = PR TESTCLUSTER
Local Queue = QMGR3.TEST.QUEUE - Cluster(TESTCLUSTER)

Sending message via remote queue works fine with the QMA passing message onto QMGR3


I now add some security using IPBLOCK2

on QMGR1 I add a group and user id called test1user
I add the following permissions to QMGR1

setmqaut -m QMGR1 -t qmgr -g testuser1 -all +connect +inq
setmqaut -m QMGR1 -g testuser1 -n 'MQENTRY' -t queue -all +inq +put

I send a message via remote queue on MQREMOTE QMGRand I get 2035 on QMGR1 saying

AMQ9599: Program could not open a queue manager object.

EXPLANATION:
The attempt to open either the queue or queue manager object
'QMGR3.TEST.QUEUE' on queue manager 'MQENTRY' by user 'testuser1' failed with
reason code 2035.

I either have some missing permissions for testuser1 on QMGR1 or do I need which i have not done yet same user id on QMGR3 and set relevant permissions on there?

Thanks in advance
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Tue May 27, 2014 8:56 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
You need to be much clearer in your post:

qmgr you are connecting to:
qmgr version (all 4 digits):
queue you are trying to post to:
qmgrs hosting that queue:
object permission scheme:
qmgr security stanza:
results of the put....

Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
rammer
PostPosted: Wed May 28, 2014 12:16 am    Post subject: Reply with quote

Partisan

Joined: 02 May 2002
Posts: 359
Location: England
QMGREMOTE running MQ7.5.0.1 on Windows puts to a remote queue called TO.QMGR3.TEST.QUEUE. This flows to QMGR1 which does not host the target queue but has a Queue Manager Alias called MQENTRY. QMGR1 is on AIX running 7.5.0.1

QMGR1 which is part of the cluster TESTCLUSTER passes the messages via SCTQ to QMGR3 MQ7.5.0.1 to a clustered queue QMGR3.TEST.QUEUE

When not using any permissions the MQ Put from QMGREMOTE works fine

When I use BLOCKIP2 to map the id testuser1 which is on the Gateway QMGR QMGR1 to the Channel and the queues that I have shown below etmqaut -m QMGR1 -t qmgr -g testuser1 -all +connect +inq
setmqaut -m QMGR1 -g testuser1 -n 'MQENTRY' -t queue -all +inq +put

The MQPUT places the messages into the XMITQ on MQREMOTE but QMGR1 records the 2035 error stating no authority to the Cluster Queue on QMGR3.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Wed May 28, 2014 1:08 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
you are still very unclear and confusing.
Create the list from my former post:

qmgr you are connecting to:
qmgr version (all 4 digits):
queue you are trying to post to:
qmgrs hosting that queue or next hop:
object permission scheme:
qmgr security stanza:
results of the put....

and
qmgr: hop qmgr:
qmgr version (all 4 digits)
queue you are trying to post to:
qmgrs hosting that queue or next hop:
object permission scheme:
qmgr security stanza:
results of the put...

and so on...

This will make it much clearer for us to understand and help you with.
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » MQ Security CLuster / Queue Manager Alias.
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.