| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
| query about CLNTUSER & MCAUSER |
« View previous topic :: View next topic » |
| Author |
Message
|
| hklbj |
 Posted: Mon Dec 08, 2014 7:03 pm Post subject: |
 |
|
Apprentice
Joined: 20 Jun 2007
Posts: 34
Location: HK
|
| PeterPotkay wrote: |
You show the permissions for the wing group, but can you tell us what groups the wing ID is in.
Is the wing ID in the mqm group? Or if on Windows, in the Administrators or mqm group? Or in some other group that does have connect access?
That still doesn't explain why the CHLAUTH mapping is not working. If the channel is running as wing, I would have expected the CHLAUTH rule you have to have fired and changed that to mqjmsapps.
Is CHLAUTH enabled at the Queue Manager level? |
Peter, the mqm group is not the issue of chlauth. 
you can find screen shot for your reference.
 |
|
| Back to top |
|
 |
| hklbj |
| Posted: Mon Dec 08, 2014 8:44 pm Post subject: |
|
|
Apprentice
Joined: 20 Jun 2007
Posts: 34
Location: HK
|
| mqjeff wrote: |
... Are you seeing the same information in MQExplorer's view of the connection as you are seeing in a runmqsc 'DIS CONN' (or at least for 'DIS CHSTATUS') for the same connection?
Also, remember that there's more than one status for a SVRCONN - there's one for each instance of the channel.
I would double-check the channel status and the connection information using runmqsc, and then compare the resolved IP address and the resolved mcauser.
I know you've probably done that, but you haven't posted the data.
If that doesn't work, you need to a) open a PMR, b) enable authority events, c) enable tracing on the channels. |
Jeff, tried to run dis conn vs. MQ explorer and seems not much hints
channel status when connected client app set MQEnvironment userid = 'wing'
Dis Conn status vs. MQ explorer channel status.
MQ explorer channel status detail
MQ explorer channel status detial extend.
Besides, I found the remote product field have value change randomly but not sure any relation with Chl Auth.
 |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Tue Dec 09, 2014 4:10 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
This is a tricky one. I think its going to end up being something along the lines to what FJ mentioned earlier, and maybe kinda like my troubles in my other thread. The ID you think you are sending over (wing) is in some case, for some reasons, now exactly 'wing', but maybe WING or Wing or Wing@here.com or some other variation that is used for the CHLAUTH checking, but when the channel runs it shows the plain 'wing'.
Try this, similar to what mqjeff suggested. Try connecting your client to a queue manager where wing has not MQ authority, and where MQ Authority Events are enabled. Then look at the Event Message that was created, and see how it records the failing ID.
Otherwise, I am out of ideas.... 
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| hklbj |
| Posted: Tue Dec 09, 2014 4:17 am Post subject: |
|
|
Apprentice
Joined: 20 Jun 2007
Posts: 34
Location: HK
|
| PeterPotkay wrote: |
This is a tricky one. I think its going to end up being something along the lines to what FJ mentioned earlier, and maybe kinda like my troubles in my other thread. The ID you think you are sending over (wing) is in some case, for some reasons, now exactly 'wing', but maybe WING or Wing or Wing@here.com or some other variation that is used for the CHLAUTH checking, but when the channel runs it shows the plain 'wing'.
Try this, similar to what mqjeff suggested. Try connecting your client to a queue manager where wing has not MQ authority, and where MQ Authority Events are enabled. Then look at the Event Message that was created, and see how it records the failing ID.
Otherwise, I am out of ideas.... |
Peter, how to enable authority event? i will try tomorrow. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Tue Dec 09, 2014 4:27 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
Authority Events are a Queue Manager property. Just flip the setting.
One more diagnostic idea. Actually, do this instead of the Authority Events.
Create a rule that blocks your connection. Try to connect with the client that is not mapping. What will happen now is that the Queue Manager error log will have an error message produced by the CHLAUTH part of the internal MQ code. This is the code that is or is not mapping, so we care what this little bit of code sees the incoming ID as, regardless of what you think the ID is, regardless of what the running channel shows in the MCAUSER once the channel is running.
This is how I finally figured out my IDs were coming across in different case, but all along the Authority Events and other errors and running channels always had the same ID displaying.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| hklbj |
| Posted: Tue Dec 09, 2014 10:58 pm Post subject: |
|
|
Apprentice
Joined: 20 Jun 2007
Posts: 34
Location: HK
|
| PeterPotkay wrote: |
Authority Events are a Queue Manager property. Just flip the setting.
One more diagnostic idea. Actually, do this instead of the Authority Events.
Create a rule that blocks your connection. Try to connect with the client that is not mapping. What will happen now is that the Queue Manager error log will have an error message produced by the CHLAUTH part of the internal MQ code. This is the code that is or is not mapping, so we care what this little bit of code sees the incoming ID as, regardless of what you think the ID is, regardless of what the running channel shows in the MCAUSER once the channel is running.
This is how I finally figured out my IDs were coming across in different case, but all along the Authority Events and other errors and running channels always had the same ID displaying. |
Peter, I tried with Authority event enabled and result let me frustrated. 
5 test cases as below, my desktop user id is 'wing':
1/ MQEnvironment userid = null <== fail found in error log shown mcauser mapped to 'mqjmsapps' as expected.
2/ MQEnvironment userid = 'mqm' <== fail and event message shown userid 'wing' 
3/ MQEnvironment userid = 'Wing' <== fail and event message shown userid 'wing'
4/ MQEnvironment userid = 'WING' <== fail and event message shown userid 'wing'
5/ MQEnvironment userid = 'wing' <== this case can connect as shown in previous screen shot and no event message in queue [SYSTEM.ADMIN.CHANNEL.EVENT] & queue [SYSTEM.ADMIN.QMGR.EVENT]
| Code: |
----- amqrmrsa.c : 898 --------------------------------------------------------
12/10/2014 02:22:49 PM - Process(14076.162) User(mqm) Program(amqzlaa0)
Host(rhmq1.glshk.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(GLS_CPA_D1)
AMQ8077: Entity 'mqjmsapps ' has insufficient authority to access object
'GLS_CPA_D1'.
EXPLANATION:
The specified entity is not authorized to access the required object. The
following requested permissions are unauthorized: connect
ACTION:
Ensure that the correct level of authority has been set for this entity against
the required object, or ensure that the entity is a member of a privileged
group.
----- amqzfubx.c : 624 --------------------------------------------------------
12/10/2014 02:22:49 PM - Process(19269.112) User(mqm) Program(amqrmppa)
Host(rhmq1.glshk.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(GLS_CPA_D1)
AMQ9557: Queue Manager User ID initialization failed.
EXPLANATION:
The call to initialize the User ID failed with CompCode 2 and Reason 2035.
ACTION:
Correct the error and try again.
----- cmqxrsrv.c : 1972 -------------------------------------------------------
12/10/2014 02:22:49 PM - Process(19269.112) User(mqm) Program(amqrmppa)
Host(rhmq1.glshk.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(GLS_CPA_D1)
AMQ9999: Channel 'CH.TEST.1' to host '10.145.1.11 (10.145.1.11)' ended
abnormally.
EXPLANATION:
The channel program running under process ID 19269 for channel 'CH.TEST.1'
ended abnormally. The host name is '10.145.1.11 (10.145.1.11)'; in some cases
the host name cannot be determined and so is shown as '????'.
ACTION:
Look at previous error messages for the channel program in the error logs to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can be
found in the System Administration Guide.
----- amqrmrsa.c : 898 --------------------------------------------------------
12/10/2014 02:23:21 PM - Process(19269.113) User(mqm) Program(amqrmppa)
Host(rhmq1.glshk.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(GLS_CPA_D1)
AMQ9557: Queue Manager User ID initialization failed.
EXPLANATION:
The call to initialize the User ID failed with CompCode 2 and Reason 2035.
ACTION:
Correct the error and try again.
----- cmqxrsrv.c : 1972 -------------------------------------------------------
12/10/2014 02:23:21 PM - Process(19269.113) User(mqm) Program(amqrmppa)
Host(rhmq1.glshk.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(GLS_CPA_D1)
AMQ9999: Channel 'CH.TEST.1' to host '10.145.1.11 (10.145.1.11)' ended
abnormally.
EXPLANATION:
The channel program running under process ID 19269 for channel 'CH.TEST.1'
ended abnormally. The host name is '10.145.1.11 (10.145.1.11)'; in some cases
the host name cannot be determined and so is shown as '????'.
ACTION:
Look at previous error messages for the channel program in the error logs to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can be
found in the System Administration Guide.
----- amqrmrsa.c : 898 --------------------------------------------------------
12/10/2014 02:23:45 PM - Process(19269.114) User(mqm) Program(amqrmppa)
Host(rhmq1.glshk.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(GLS_CPA_D1)
AMQ9557: Queue Manager User ID initialization failed.
EXPLANATION:
The call to initialize the User ID failed with CompCode 2 and Reason 2035.
ACTION:
Correct the error and try again.
----- cmqxrsrv.c : 1972 -------------------------------------------------------
12/10/2014 02:23:45 PM - Process(19269.114) User(mqm) Program(amqrmppa)
Host(rhmq1.glshk.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(GLS_CPA_D1)
AMQ9999: Channel 'CH.TEST.1' to host '10.145.1.11 (10.145.1.11)' ended
abnormally.
EXPLANATION:
The channel program running under process ID 19269 for channel 'CH.TEST.1'
ended abnormally. The host name is '10.145.1.11 (10.145.1.11)'; in some cases
the host name cannot be determined and so is shown as '????'.
ACTION:
Look at previous error messages for the channel program in the error logs to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can be
found in the System Administration Guide.
----- amqrmrsa.c : 898 --------------------------------------------------------
12/10/2014 02:23:56 PM - Process(19269.115) User(mqm) Program(amqrmppa)
Host(rhmq1.glshk.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(GLS_CPA_D1)
AMQ9557: Queue Manager User ID initialization failed.
EXPLANATION:
The call to initialize the User ID failed with CompCode 2 and Reason 2035.
ACTION:
Correct the error and try again.
----- cmqxrsrv.c : 1972 -------------------------------------------------------
12/10/2014 02:23:56 PM - Process(19269.115) User(mqm) Program(amqrmppa)
Host(rhmq1.glshk.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(GLS_CPA_D1)
AMQ9999: Channel 'CH.TEST.1' to host '10.145.1.11 (10.145.1.11)' ended
abnormally.
EXPLANATION:
The channel program running under process ID 19269 for channel 'CH.TEST.1'
ended abnormally. The host name is '10.145.1.11 (10.145.1.11)'; in some cases
the host name cannot be determined and so is shown as '????'.
ACTION:
Look at previous error messages for the channel program in the error logs to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can be
found in the System Administration Guide.
----- amqrmrsa.c : 898 --------------------------------------------------------
|
QM error log
| Code: |
-------------------------------------------------------[12/10/2014-14:22:49]---
ReasonCode: 2035
EventName: Not Authorized Type 1 - MQRC_NOT_AUTHORIZED (2035, X'7F3')
EventType: Authority
Description: On an MQCONN or system connection call, the user is not
authorized to connect to the queue manager. ReasonQualifier
identifies the nature of the error.
QMgrName: GLS_CPA_D1
ReasonQualifier: 1 (MQRQ_CONN_NOT_AUTHORIZED)
UserIdentifier: mqjmsapps
ApplType: 11 (MQAT_WINDOWS_NT)
ApplName: MQ7-tester\bin\MQ7Tester.exe
-------------------------------------------------------[12/10/2014-14:23:21]---
ReasonCode: 2035
EventName: Not Authorized Type 1 - MQRC_NOT_AUTHORIZED (2035, X'7F3')
EventType: Authority
Description: On an MQCONN or system connection call, the user is not
authorized to connect to the queue manager. ReasonQualifier
identifies the nature of the error.
QMgrName: GLS_CPA_D1
ReasonQualifier: 1 (MQRQ_CONN_NOT_AUTHORIZED)
UserIdentifier: wing
ApplType: 11 (MQAT_WINDOWS_NT)
ApplName: MQ7-tester\bin\MQ7Tester.exe
-------------------------------------------------------[12/10/2014-14:23:45]---
ReasonCode: 2035
EventName: Not Authorized Type 1 - MQRC_NOT_AUTHORIZED (2035, X'7F3')
EventType: Authority
Description: On an MQCONN or system connection call, the user is not
authorized to connect to the queue manager. ReasonQualifier
identifies the nature of the error.
QMgrName: GLS_CPA_D1
ReasonQualifier: 1 (MQRQ_CONN_NOT_AUTHORIZED)
UserIdentifier: wing
ApplType: 11 (MQAT_WINDOWS_NT)
ApplName: MQ7-tester\bin\MQ7Tester.exe
-------------------------------------------------------[12/10/2014-14:23:56]---
ReasonCode: 2035
EventName: Not Authorized Type 1 - MQRC_NOT_AUTHORIZED (2035, X'7F3')
EventType: Authority
Description: On an MQCONN or system connection call, the user is not
authorized to connect to the queue manager. ReasonQualifier
identifies the nature of the error.
QMgrName: GLS_CPA_D1
ReasonQualifier: 1 (MQRQ_CONN_NOT_AUTHORIZED)
UserIdentifier: wing
ApplType: 11 (MQAT_WINDOWS_NT)
ApplName: MQ7-tester\bin\MQ7Tester.exe
|
Event message from SYSTEM.ADMIN.QMGR.EVENT
What should be next step.....  |
|
| Back to top |
|
|
| tczielke |
| Posted: Wed Dec 10, 2014 4:31 am Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
You may want to try tracing the amqrmppa processes when you connect, to see if the trace has any other helpful diagnostics in tracking down the user id that is flowing to the queue manager.
strmqtrc -m QMGR -t all -p amqrmppa |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed Dec 10, 2014 4:38 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
| hklbj wrote: |
What should be next step..... |
| PeterPotkay wrote: |
Authority Events are a Queue Manager property. Just flip the setting.
One more diagnostic idea. Actually, do this instead of the Authority Events.
Create a rule that blocks your connection. Try to connect with the client that is not mapping. What will happen now is that the Queue Manager error log will have an error message produced by the CHLAUTH part of the internal MQ code. This is the code that is or is not mapping, so we care what this little bit of code sees the incoming ID as, regardless of what you think the ID is, regardless of what the running channel shows in the MCAUSER once the channel is running.
This is how I finally figured out my IDs were coming across in different case, but all along the Authority Events and other errors and running channels always had the same ID displaying. |
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| hklbj |
| Posted: Wed Dec 10, 2014 7:18 am Post subject: |
|
|
Apprentice
Joined: 20 Jun 2007
Posts: 34
Location: HK
|
| tczielke wrote: |
You may want to try tracing the amqrmppa processes when you connect, to see if the trace has any other helpful diagnostics in tracking down the user id that is flowing to the queue manager.
strmqtrc -m QMGR -t all -p amqrmppa |
Will try tomorrow... |
|
| Back to top |
|
|
| hklbj |
| Posted: Wed Dec 10, 2014 7:22 am Post subject: |
|
|
Apprentice
Joined: 20 Jun 2007
Posts: 34
Location: HK
|
| PeterPotkay wrote: |
| hklbj wrote: |
What should be next step..... |
| PeterPotkay wrote: |
Authority Events are a Queue Manager property. Just flip the setting.
One more diagnostic idea. Actually, do this instead of the Authority Events.
Create a rule that blocks your connection. Try to connect with the client that is not mapping. What will happen now is that the Queue Manager error log will have an error message produced by the CHLAUTH part of the internal MQ code. This is the code that is or is not mapping, so we care what this little bit of code sees the incoming ID as, regardless of what you think the ID is, regardless of what the running channel shows in the MCAUSER once the channel is running.
This is how I finally figured out my IDs were coming across in different case, but all along the Authority Events and other errors and running channels always had the same ID displaying. |
|
Peter, according to event messages, no matter what id i have passed to MQEnvironment userid, all mapped to 'wing' but it really doesn't make sense. I tried this values 'Wing', 'WING', 'mqm' and all are fail to connect, but when i set it to 'wing', it can connect and no event message found in the queue.....  |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed Dec 10, 2014 12:32 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
The method I am suggesting you try may identify a nuance that Authority Events mask.
If CHLAUTH is doing something unexpected, get the CHLAUTH code to produce the error message in the MQ log to tell you what it thinks the ID is - wing, WiNg, Wing@ding.com, Wiing, etc
So make a rule to block everything, try connecting as wing, expect to be blocked, and see how wing is recorded in the error log by CHLAUTH. It may be an eye-opener. It was the only way I was able to figure out the upper lower case ID in my test case.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| hklbj |
| Posted: Thu Dec 11, 2014 12:55 am Post subject: |
|
|
Apprentice
Joined: 20 Jun 2007
Posts: 34
Location: HK
|
Finally I tried again with single blocking rule only and turned on the trace to see what is happening. No matter what userid passed, 'wing', 'mqm', 'Wing' and 'WING', all just logged in event message as 'wing' only. I can found those userid 'wing', 'mqm', 'Wing', 'WING' in the trace, however, I don't know how to interpret the trace information. And Finally I open a PMR 
| Code: |
-------------------------------------------------------[12/11/2014-14:43:07]---
ReasonCode: 2577
EventName: Channel Blocked - MQRC_CHANNEL_BLOCKED (2577, X'A11')
EventType: Channel
Description: This event is issued when an attempt to start an inbound
channel is blocked. For MQRC_CHANNEL_BLOCKED_WARNING,
temporary access has been granted to the channel because the
channel authentication record is defined with WARN set to YES.
QMgrName: GLS_CPA_D1
ReasonQualifier: 23 (MQRQ_CHANNEL_BLOCKED_NOACCESS)
ChannelName: CH.TEST.1
ConnectionName: 10.145.1.11
ClientUserId: wing
ApplType: 11 (MQAT_WINDOWS_NT)
ApplName: MQ7-tester\bin\MQ7Tester.exe
Chl Auth Rec: CHLAUTH(CH.TEST.1) TYPE(ADDRESSMAP)
DESC(CH.TEST.1 channel stop rule)
CUSTOM() ADDRESS(*)
MCAUSER() USERSRC(NOACCESS)
WARN(NO) ALTDATE(2014-12-05)
ALTTIME(17.49.30)
-------------------------------------------------------[12/11/2014-14:43:13]---
ReasonCode: 2577
EventName: Channel Blocked - MQRC_CHANNEL_BLOCKED (2577, X'A11')
EventType: Channel
Description: This event is issued when an attempt to start an inbound
channel is blocked. For MQRC_CHANNEL_BLOCKED_WARNING,
temporary access has been granted to the channel because the
channel authentication record is defined with WARN set to YES.
QMgrName: GLS_CPA_D1
ReasonQualifier: 23 (MQRQ_CHANNEL_BLOCKED_NOACCESS)
ChannelName: CH.TEST.1
ConnectionName: 10.145.1.11
ClientUserId: wing
ApplType: 11 (MQAT_WINDOWS_NT)
ApplName: MQ7-tester\bin\MQ7Tester.exe
Chl Auth Rec: CHLAUTH(CH.TEST.1) TYPE(ADDRESSMAP)
DESC(CH.TEST.1 channel stop rule)
CUSTOM() ADDRESS(*)
MCAUSER() USERSRC(NOACCESS)
WARN(NO) ALTDATE(2014-12-05)
ALTTIME(17.49.30)
-------------------------------------------------------[12/11/2014-14:43:29]---
ReasonCode: 2577
EventName: Channel Blocked - MQRC_CHANNEL_BLOCKED (2577, X'A11')
EventType: Channel
Description: This event is issued when an attempt to start an inbound
channel is blocked. For MQRC_CHANNEL_BLOCKED_WARNING,
temporary access has been granted to the channel because the
channel authentication record is defined with WARN set to YES.
QMgrName: GLS_CPA_D1
ReasonQualifier: 23 (MQRQ_CHANNEL_BLOCKED_NOACCESS)
ChannelName: CH.TEST.1
ConnectionName: 10.145.1.11
ClientUserId: wing
ApplType: 11 (MQAT_WINDOWS_NT)
ApplName: MQ7-tester\bin\MQ7Tester.exe
Chl Auth Rec: CHLAUTH(CH.TEST.1) TYPE(ADDRESSMAP)
DESC(CH.TEST.1 channel stop rule)
CUSTOM() ADDRESS(*)
MCAUSER() USERSRC(NOACCESS)
WARN(NO) ALTDATE(2014-12-05)
ALTTIME(17.49.30)
-------------------------------------------------------[12/11/2014-14:43:43]---
ReasonCode: 2577
EventName: Channel Blocked - MQRC_CHANNEL_BLOCKED (2577, X'A11')
EventType: Channel
Description: This event is issued when an attempt to start an inbound
channel is blocked. For MQRC_CHANNEL_BLOCKED_WARNING,
temporary access has been granted to the channel because the
channel authentication record is defined with WARN set to YES.
QMgrName: GLS_CPA_D1
ReasonQualifier: 23 (MQRQ_CHANNEL_BLOCKED_NOACCESS)
ChannelName: CH.TEST.1
ConnectionName: 10.145.1.11
ClientUserId: wing
ApplType: 11 (MQAT_WINDOWS_NT)
ApplName: MQ7-tester\bin\MQ7Tester.exe
Chl Auth Rec: CHLAUTH(CH.TEST.1) TYPE(ADDRESSMAP)
DESC(CH.TEST.1 channel stop rule)
CUSTOM() ADDRESS(*)
MCAUSER() USERSRC(NOACCESS)
WARN(NO) ALTDATE(2014-12-05)
ALTTIME(17.49.30)
|
|
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Thu Dec 11, 2014 6:14 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
Yeah, I would have opened a PMR at this point as well. Please share what you find out.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| tczielke |
| Posted: Thu Dec 11, 2014 6:31 am Post subject: |
|
|
Guardian
Joined: 08 Jul 2010
Posts: 941
Location: Illinois, USA
|
| It sounds like to me that you have some type of CHLAUTH rule that is mapping any user id to wing. Have you checked all of your CHLAUTH rules to see if you have a rule that would do that (i.e. SSLPEERMAP, USERMAP, QMGRMAP)? |
|
| Back to top |
|
|
| hklbj |
| Posted: Thu Dec 11, 2014 7:41 am Post subject: |
|
|
Apprentice
Joined: 20 Jun 2007
Posts: 34
Location: HK
|
| tczielke wrote: |
| It sounds like to me that you have some type of CHLAUTH rule that is mapping any user id to wing. Have you checked all of your CHLAUTH rules to see if you have a rule that would do that (i.e. SSLPEERMAP, USERMAP, QMGRMAP)? |
tczielke, no i didn't have any rules mapped to 'wing' and that makes me confusing. On the other hand, i have another rule map 'wing' to 'mqjmsapps' but this rule has been removed during my test. |
|
| Back to top |
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
