| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| AMQ9557E: QMGR UserID initialization failed from MQ Explorer |
« View previous topic :: View next topic » |
| Author |
Message
|
| Heba_MQ |
 Posted: Wed Oct 21, 2020 8:00 am Post subject: AMQ9557E: QMGR UserID initialization failed from MQ Explorer |
 |
|
Apprentice
Joined: 19 Apr 2020
Posts: 39
|
Dears,
I am trying to give read only access to developers to view MQ object from IBM MQ explorer
Developers are connecting from a common windows Jump server
They have windows users like for example sally.smith
The MQ server is in linux V9
I created a SVRCONN channel from the MQ Explorer ADMIN.CLIENT
DEF CHL(ADMIN.CLIENT) CHLTYPE(SVRCONN)
and created mqro userid on the linux server and this user will be used from the MQ Explorer
I executed the below cmds to give authorization
** Connect to Qmgr
SET AUTHREC PROFILE('self') PRINCIPAL('mqro') OBJTYPE(QMGR) AUTHADD(CONNECT,DSP,INQ)
** Setup access to command queue
SET AUTHREC PROFILE('SYSTEM.ADMIN.COMMAND.QUEUE') PRINCIPAL('mqro') OBJTYPE(QUEUE) AUTHADD(DSP,INQ,PUT)
** Setup access to explorer reply model queue
SET AUTHREC PROFILE('SYSTEM.MQEXPLORER.REPLY.MODEL') PRINCIPAL('mqro') OBJTYPE(QUEUE) AUTHADD(DSP,GET,INQ)
** Setup access to queues to display and browse
SET AUTHREC PROFILE('**') PRINCIPAL('mqro') OBJTYPE(QUEUE) AUTHADD(BROWSE,DSP)
SET AUTHREC PROFILE('**') PRINCIPAL('mqro') OBJTYPE(CHANNEL) AUTHADD(DSP)
~
Now I am getting below error ... please advise how to fix for any windows user
AMQ9557E: Queue Manager User ID initialization failed for 'sally.smith'.
EXPLANATION:
The call to initialize the User ID 'sally.smith' failed with CompCode 2 and
Reason 2035. If an MQCSP block was used, the User ID in the MQCSP block was
'mqro'. If a userID flow was used, the User ID in the UID header was
'sally.smith' and any CHLAUTH rules applied prior to user adoption were
evaluated case-sensitively against this value.
Many Thanks in advance for your help
Heba |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Wed Oct 21, 2020 8:20 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20768
Location: LI,NY
|
add a channel auth that maps all calls from the jump user to mqro... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| hughson |
| Posted: Wed Oct 21, 2020 8:46 pm Post subject: Re: AMQ9557E: QMGR UserID initialization failed from MQ Expl |
|
|
Padawan
Joined: 09 May 2013
Posts: 1967
Location: Bay of Plenty, New Zealand
|
| Heba_MQ wrote: |
AMQ9557E: Queue Manager User ID initialization failed for 'sally.smith'.
EXPLANATION:
The call to initialize the User ID 'sally.smith' failed with CompCode 2 and
Reason 2035. If an MQCSP block was used, the User ID in the MQCSP block was
'mqro'. If a userID flow was used, the User ID in the UID header was
'sally.smith' and any CHLAUTH rules applied prior to user adoption were
evaluated case-sensitively against this value. |
I can see from your error message that the MQCSP block was used. This tells me that you have your MQ Explorer users providing the 'mqro' user ID (and password) when they connect to the queue manager. Your description tells me that you want these connections to run with the 'mqro' user ID for the authorisation checks too.
To achieve that, alter the connection authentication settings as follows:-
First, discover what the name of the object is:-
| Code: |
| DISPLAY QMGR CONNAUTH |
Now for the name of the object shown in the CONNAUTH field, issue this command:-
| Code: |
| ALTER AUTHINFO(object-name) AUTHTYPE(IDPWOS) ADOPTCTX(YES) |
and then finally refresh the queue manager configuration with this command before trying again:-
| Code: |
| REFRESH SECURITY TYPE(CONNAUTH) |
P.S. ADOPTCTX(YES) is now the default value at V9.0.4+ (See Behaviour changes in MQ V9.0.4 - CONNAUTH/CHLAUTH)
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
