ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » mqccred uid SCYEXIT('mqccred(ChlExit)')

Post new topic  Reply to topic Goto page Previous  1, 2
 mqccred uid SCYEXIT('mqccred(ChlExit)') « View previous topic :: View next topic » 
Author Message
fjb_saper
PostPosted: Fri Dec 16, 2022 11:37 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

Can you please post the channel tab entry as runmqsc?
Can you please post the relevant entry in the mqccred.ini file (obfuscate the password) and also the error you see when running the sample
amqscnxc QM1

Please also show the content of ~/.mqs


_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
bruce2359
PostPosted: Sat Dec 17, 2022 12:16 pm    Post subject: Reply with quote

Poobah

Joined: 05 Jan 2008
Posts: 9394
Location: US: west coast, almost. Otherwise, enroute.

Try this step-by-step how-to, for both UNIX and Windows clients: https://www.ibm.com/support/pages/system/files/inline-files/How%20to%20configure%20in%20MQ%20the%20mqccred%20client%20side%20security%20exit.pdf

Note on p.3 the DEBUG option on CLNTCONN channel:
Quote:
DEFINE CHANNEL(CHAN1) CHLTYPE(CLNTCONN) CONNAME
('a.b.c.d(1802)') QMNAME(QM80A) SCYEXIT('mqccred(ChlExit)') SCYDATA(DEBUG)

_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live.
Back to top
View user's profile Send private message
bruce2359
PostPosted: Sat Dec 17, 2022 1:22 pm    Post subject: Reply with quote

Poobah

Joined: 05 Jan 2008
Posts: 9394
Location: US: west coast, almost. Otherwise, enroute.

Moved to IBM MQ Security forum.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live.
Back to top
View user's profile Send private message
hughson
PostPosted: Mon Dec 19, 2022 1:08 am    Post subject: Reply with quote

Padawan

Joined: 09 May 2013
Posts: 1914
Location: Bay of Plenty, New Zealand

scravr wrote:
Run all kind of tests, still cannot connect.

1. setting: export MQSAMP_USER_ID=<LDAP-ID>
and running amqsput <Q> <QM>
then enter <LDAP-NON-ENCRYPTED-PASSWORD>
I can put then get messages. ALL WORS FINE !!!

2. When starting my app after encrypting mqccred and chmod to 600
without setting export MQSAMP_USER_ID=<LDAP-ID> )
I am getting MQRC_NOT_AUTHORIZED 2035 X-000007F3
and userID on LDAP locked since too many failed testing.


Any ideas?


Are you really running amqsput and not amqsputc?

amqsput will not be running as a client, and so will not pick up CCDT and security exit.

What does your AMQERR01.LOG say when you get the 2035? That should hold some very helpful information, like showing the user id in question.

Are you running the mqccred exit in the mode where it prints out debug information so you can see what it is doing (as suggested earlier). Can you show us the output?

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
scravr
PostPosted: Mon Dec 19, 2022 7:04 pm    Post subject: Reply with quote

Partisan

Joined: 03 Apr 2003
Posts: 388
Location: NY NY USA 10021

The id on mqccred is a new id created on system and put on LDAP.
As a new ID, does it need to be authorized for connect, put, get... via setmqaut ?
Back to top
View user's profile Send private message Send e-mail MSN Messenger
bruce2359
PostPosted: Mon Dec 19, 2022 7:41 pm    Post subject: Reply with quote

Poobah

Joined: 05 Jan 2008
Posts: 9394
Location: US: west coast, almost. Otherwise, enroute.

scravr wrote:
The id on mqccred is a new id created on system and put on LDAP.
As a new ID, does it need to be authorized for connect, put, get... via setmqaut ?

Yes, and MQSC REFRESH SECURITY, too, to update MQ cache with new id and security rules.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Goto page Previous  1, 2 Page 2 of 2

MQSeries.net Forum Index » IBM MQ Security » mqccred uid SCYEXIT('mqccred(ChlExit)')
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.