ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexGeneral IBM MQ Support2035 NOT AUTHORIZED client work station

Post new topicReply to topic
2035 NOT AUTHORIZED client work station View previous topic :: View next topic
Author Message
MABeatty1978
PostPosted: Mon Oct 07, 2019 6:41 am Post subject: 2035 NOT AUTHORIZED client work station Reply with quote

Acolyte

Joined: 17 Jul 2014
Posts: 54

We're migrating to a new Linux OS and upgrading MQ to the current version and I've run into a problem with my application on our client workstations. When trying to do a message put, I'm getting a 2035 NOT AUTHORIZED error.

the MQSERVER variable is pointed to the correct channel, and doing a 'dspmqaut' on the channel shows the user has dlt,chg,dsp,ctrl.ctrlx privledges. The queue itself is a cluster queue, the transmission queue is also showing full privledges for that user. I'm not sure what else could be causing the problem. What else can I check for authorization issues?

Thank you?
Back to top
View user's profile Send private message
exerk
PostPosted: Mon Oct 07, 2019 6:50 am Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6109

The queue manager logs should show the entity that is connecting and the authority causing the MQRC 2035.

Also:

1. Are you mapping a connecting user to a 'local' user (CHLAUTH rules) ?
2. Are you using an MCAUSER value and if so is it a privileged user?
3. Are you aware that using MQSERVER prevents the use of TLS to lock down the connection?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.

Back to top
View user's profile Send private message
HubertKleinmanns
PostPosted: Mon Oct 07, 2019 7:10 am Post subject: Reply with quote

Shaman

Joined: 24 Feb 2004
Posts: 724
Location: Germany

And how is the setting of CONNAUTH in the QMgr.
_________________
Regards
Hubert
Back to top
View user's profile Send private message Visit poster's website
MABeatty1978
PostPosted: Mon Oct 07, 2019 7:17 am Post subject: Reply with quote

Acolyte

Joined: 17 Jul 2014
Posts: 54

exerk wrote:
The queue manager logs should show the entity that is connecting and the authority causing the MQRC 2035.

Also:

1. Are you mapping a connecting user to a 'local' user (CHLAUTH rules) ?
2. Are you using an MCAUSER value and if so is it a privileged user?
3. Are you aware that using MQSERVER prevents the use of TLS to lock down the connection?


It appears that the QMGR CHLAUTH needed to be set to DISABLED.

Thanks for pointing me in the right direction.
Back to top
View user's profile Send private message
exerk
PostPosted: Mon Oct 07, 2019 7:29 am Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6109

MABeatty1978 wrote:
exerk wrote:
The queue manager logs should show the entity that is connecting and the authority causing the MQRC 2035.

Also:

1. Are you mapping a connecting user to a 'local' user (CHLAUTH rules) ?
2. Are you using an MCAUSER value and if so is it a privileged user?
3. Are you aware that using MQSERVER prevents the use of TLS to lock down the connection?


It appears that the QMGR CHLAUTH needed to be set to DISABLED.

Thanks for pointing me in the right direction.

No, no, and thrice NO!

You would be better served to get it working with CONNAUTH and CHLAUTH enabled, or at least CHLAUTH, even in a Dev environment.

There are many good articles on how to do this (all hail the great Morag!).

HERE'S your starter for 10...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.

Back to top
View user's profile Send private message
Vitor
PostPosted: Mon Oct 07, 2019 9:02 am Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25855
Location: Texas, USA

exerk wrote:
No, no, and thrice NO!




That's like solving an "invalid password" error on a website by removing the need to sign onto the website.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
HubertKleinmanns
PostPosted: Mon Oct 07, 2019 11:49 pm Post subject: Reply with quote

Shaman

Joined: 24 Feb 2004
Posts: 724
Location: Germany

Vitor wrote:
exerk wrote:
No, no, and thrice NO!




That's like solving an "invalid password" error on a website by removing the need to sign onto the website.


or like setting "chmod -R 777 /" on Unix systems, to solve file permission issues
_________________
Regards
Hubert
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexGeneral IBM MQ Support2035 NOT AUTHORIZED client work station
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.