| Author |
Message
|
| ravilankalapalli |
 Posted: Wed Nov 28, 2012 5:09 am Post subject: MQ 7.5 Security issue |
 |
|
Newbie
Joined: 10 Feb 2010
Posts: 7
|
Hi Friends,
I am working on MQ 7.5 linux environment.
I am facing problem at CHANNEL AUTHORISATON level. In my project i have to map client USERID with LOCAL LINUX UserID.
I used below command:
SET CHLAUTH('QM.SVR.CHL') TYPE(USERMAP) CLNTUSER('fonlid') USERSRC(MAP) MCAUSER('ncs') ACTION(ADD)
Error I am getting in LOG was:
11/28/2012 03:05:32 PM - Process(22143.25) User(151194) Program(amqzlaa0)
Host(rhlux115.alahli.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(QM.IBAS)
AMQ5653: The user 'fonlid' is not defined.
EXPLANATION:
The system call getpwnam("fonlid") failed with errno -1.
ACTION:
Create the user 'fnsonlid' and retry the operation.
----- amqzfubx.c : 4021 -------------------------------------------------------
11/28/2012 03:05:32 PM - Process(22165.1 User(151194) Program(amqrmppa)
Host(rhlux115.alahli.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(QM.IBAS)
AMQ9557: Queue Manager User ID initialization failed.
EXPLANATION:
The call to initialize the User ID failed with CompCode 2 and Reason 2035.
ACTION:
Correct the error and try again.
----- cmqxrsrv.c : 1972 -------------------------------------------------------
11/28/2012 03:05:32 PM - Process(22165.1 User(151194) Program(amqrmppa)
Host(rhlux115.alahli.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(QM.IBAS)
AMQ9999: Channel 'QM.SVR.CHL' to host 'hpux105 (10.**.**.**)' ended
abnormally.
EXPLANATION:
The channel program running under process ID 22165 for channel
'QM.SVR.CHL' ended abnormally. The host name is 'hpux105 (10.**.**.**)';
in some cases the host name cannot be determined and so is shown as '????'.
ACTION:
Look at previous error messages for the channel program in the error logs to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or "SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can be
found in the System Administration Guide.
----- amqrmrsa.c : 898 --------------------------------------------------------
Please help me on this.
Thanks
Ravi |
|
| Back to top |
|
 |
| McueMart |
| Posted: Wed Nov 28, 2012 9:12 am Post subject: |
|
|
Chevalier
Joined: 29 Nov 2011
Posts: 490
Location: UK...somewhere
|
Is channel authentication definitely enabled?
| Code: |
| ALTER QMGR CHLAUTH(ENABLED) |
Also I dont quite understand this part of the error
| Code: |
AMQ5653: The user 'fonlid' is not defined.
EXPLANATION:
The system call getpwnam("fonlid") failed with errno -1.
ACTION:
Create the user 'fnsonlid' and retry the operation. |
Why does the action tell you to create a different user? Weird. |
|
| Back to top |
|
|
| jeevan |
| Posted: Wed Nov 28, 2012 11:29 am Post subject: Re: MQ 7.5 Security issue |
|
|
Grand Master
Joined: 12 Nov 2005
Posts: 1432
|
| ravilankalapalli wrote: |
Hi Friends,
I am working on MQ 7.5 linux environment.
EXPLANATION:
The system call getpwnam("fonlid") failed with errno -1.
ACTION:
Create the user 'fnsonlid' and retry the operation.
|
There is an answer. Look at the ACTION carefully.
Did you check that the id exist in your linux system ? does it have permission to connect to qmgr and access the mq object? |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Nov 28, 2012 1:35 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Moved to Security forum.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| ravilankalapalli |
| Posted: Wed Nov 28, 2012 3:08 pm Post subject: |
|
|
Newbie
Joined: 10 Feb 2010
Posts: 7
|
| McueMart wrote: |
Is channel authentication definitely enabled?
| Code: |
| ALTER QMGR CHLAUTH(ENABLED) |
Also I dont quite understand this part of the error
| Code: |
AMQ5653: The user 'fonlid' is not defined.
EXPLANATION:
The system call getpwnam("fonlid") failed with errno -1.
ACTION:
Create the user 'fnsonlid' and retry the operation. |
Why does the action tell you to create a different user? Weird. |
Sorry I modified manually user for forum but it is same user and CHLAUTH is enabled |
|
| Back to top |
|
|
| ravilankalapalli |
| Posted: Wed Nov 28, 2012 3:13 pm Post subject: Re: MQ 7.5 Security issue |
|
|
Newbie
Joined: 10 Feb 2010
Posts: 7
|
| jeevan wrote: |
| ravilankalapalli wrote: |
Hi Friends,
I am working on MQ 7.5 linux environment.
EXPLANATION:
The system call getpwnam("fonlid") failed with errno -1.
ACTION:
Create the user 'fnsonlid' and retry the operation.
|
There is an answer. Look at the ACTION carefully.
Did you check that the id exist in your linux system ? does it have permission to connect to qmgr and access the mq object? |
Hi Jeevan,
yes i can create the user in Linux but there is already some users existed so my client wants to use those users he dont want to create new users in Linux.
So i created mapping with existed users to client users but mapping was not happening
I used for mapping below command
SET CHLAUTH('QM.SVR.CHL') TYPE(USERMAP) CLNTUSER('fonlid') USERSRC(MAP) MCAUSER('ncs') ACTION(ADD) |
|
| Back to top |
|
|
|
|
