| Author |
Message
|
| slonkoski |
 Posted: Wed Feb 25, 2015 12:32 pm Post subject: SET AUTHREC failing on new group added to Linux server |
 |
|
Acolyte
Joined: 18 Mar 2005
Posts: 52
|
Security team added new groups/id's to my server, I can see them fine in /etc/group and /etc/passwd, but when I run a SET AUTHREC command against the new group I get AMQ8871: Entity, principal or group not known.
Running a pretty simple command to allow the id QMGR access:
SET AUTHREC GROUP('new_groupname') OBJTYPE(QMGR) AUTHRMV(ALL) AUTHADD(CONNECT,INQ)
MQv7.5.0.4 on Linux, group was just added today - do I need some kind of refresh? |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Wed Feb 25, 2015 12:33 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Feb 25, 2015 12:52 pm Post subject: Re: SET AUTHREC failing on new group added to Linux server |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| slonkoski wrote: |
| ... do I need some kind of refresh? |
When you make o/s-level or ESM (external security manager) changes, you must tell the qmgr to refresh its cached security profile images.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| slonkoski |
| Posted: Wed Feb 25, 2015 1:03 pm Post subject: |
|
|
Acolyte
Joined: 18 Mar 2005
Posts: 52
|
Yup, should have mentioned I already did that:
REFRESH SECURITY TYPE (AUTHSERV)
and
REFRESH SECURITY
and
REFRESH SECURITY (*)
then I posted here. Sorry |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Feb 25, 2015 1:21 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| slonkoski wrote: |
Yup, should have mentioned I already did that:
REFRESH SECURITY TYPE (AUTHSERV)
and
REFRESH SECURITY
and
REFRESH SECURITY (*)
then I posted here. Sorry |
Did this resolve the issue? Or are you saying that something is still not working for you?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| slonkoski |
| Posted: Wed Feb 25, 2015 1:25 pm Post subject: |
|
|
Acolyte
Joined: 18 Mar 2005
Posts: 52
|
Sorry for the confusion, long day (week!) no, not resolved - I had already refreshed security before I ran the SET AUTHREC GROUP command
then I received the 'AMQ8871: Entity, principal or group not known. |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Wed Feb 25, 2015 1:28 pm Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
| What is the length of the group name? |
|
| Back to top |
|
|
| slonkoski |
| Posted: Wed Feb 25, 2015 1:56 pm Post subject: |
|
|
Acolyte
Joined: 18 Mar 2005
Posts: 52
|
|
| Back to top |
|
|
| slonkoski |
| Posted: Wed Feb 25, 2015 1:57 pm Post subject: |
|
|
Acolyte
Joined: 18 Mar 2005
Posts: 52
|
| And I've set others that are longer than 9, so not an * char restriction. so far no love, stumped |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Feb 25, 2015 4:48 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| slonkoski wrote: |
| ...I had already refreshed security before I ran the SET AUTHREC GROUP command - then I received the 'AMQ8871: Entity, principal or group not known. |
So you didn't run it after you ran the SET AUTHREC?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| slonkoski |
| Posted: Thu Feb 26, 2015 8:17 am Post subject: |
|
|
Acolyte
Joined: 18 Mar 2005
Posts: 52
|
Yes,our security team added the gid/uid to the Linux server
I ran REFRESH command
I ran SET AUTHREC command
command failed
Ran every syntax I could think of for REFRESH SEC command
Re-ran SET AUTHREC - failed
Verified uid/gid on server |
|
| Back to top |
|
|
| slonkoski |
| Posted: Thu Feb 26, 2015 8:25 am Post subject: |
|
|
Acolyte
Joined: 18 Mar 2005
Posts: 52
|
TOTALLY EMBARRASSED - Will go away and hide for a while and not bother the list
I TYPO'ed (over and over) my eyes (and even my grep command) were using the wrong group name, off by one letter.
SORRY!
But at least an easy fix, I like those anyway |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Thu Feb 26, 2015 8:32 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
I blame my keyboard for these type of events.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
|
|
