|  | 
 
  
    | RSS Feed - WebSphere MQ Support | RSS Feed - Message Broker Support |  
 
  
	|    |  |  
  
	| users not in a domain | « View previous topic :: View next topic » |  
  	| 
		
		
		  | Author | Message |  
		  | ramires | 
			  
				|  Posted: Thu Sep 01, 2022 7:39 am    Post subject: users not in a domain |   |  |  
		  | Knight
 
 
 Joined: 24 Jun 2001Posts: 523
 Location: Portugal - Lisboa
 
 | 
			  
				| Hi have this situation: 
 Windows MQ v9 queue manager running with a domain account. Domain name is DomainA
 The user running MQ service can query user properties in DomainA.
 
 In this windows box some users belonging to a DomainB can log on, but as this users don't belong to DomainA I can't set permissions to them.
 
 How canI manage permissions when a windows box belongs to more than one domain (I use belong because I'm not sure if this is the correct definition). I need to give this users inq/browse/dsp to the queue manager and application queues.
 
 Thanks for suggestions.
  |  |  
		  | Back to top |  |  
		  |  |  
		  | fjb_saper | 
			  
				|  Posted: Thu Sep 01, 2022 8:58 pm    Post subject: |   |  |  
		  |  Grand High Poobah
 
 
 Joined: 18 Nov 2003Posts: 20767
 Location: LI,NY
 
 | 
			  
				| Using chlauth, you may proxy them to  a user in the domain that is authorized. Don't know if allocating the service user the same permissions on Domain B than in Domain A would work??
 
  _________________
 MQ & Broker admin
 |  |  
		  | Back to top |  |  
		  |  |  
		  | ramires | 
			  
				|  Posted: Fri Sep 02, 2022 12:49 am    Post subject: |   |  |  
		  | Knight
 
 
 Joined: 24 Jun 2001Posts: 523
 Location: Portugal - Lisboa
 
 | 
			  
				| Hi fjb_saper! 
 Thanks for the suggestion, mapping the DomainB not authorize user to a local user on the box (or on DomainA) and give this user the necessary permissions.
 
 But in this particular installation they don't want do define local users (or users on DomainA) to access a queue manager. Maybe MQ web console is an alternative.
 |  |  
		  | Back to top |  |  
		  |  |  
		  | gbaddeley | 
			  
				|  Posted: Sun Sep 04, 2022 3:14 pm    Post subject: |   |  |  
		  |  Jedi Knight
 
 
 Joined: 25 Mar 2003Posts: 2538
 Location: Melbourne, Australia
 
 | 
			  
				| Talk to your AD support folks, they may be able to suggest a solution, using AD groups or cross domain linking. MQ is just another user of AD authentication and authorization services, it doesn't do anything magical. _________________
 Glenn
 |  |  
		  | Back to top |  |  
		  |  |  
		  |  |  |  
  
	|    |  | Page 1 of 1 |  
 
 
  
  	| 
		
		  | 
 
 | You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 |  |  |  |