Posted: Fri Feb 17, 2017 8:44 am Post subject: Running MQ V8 standalone in Windows Domain
Knight
Joined: 25 Aug 2006 Posts: 589
I know that to run MQ in a Windows Domain, it must have access to Active directory (AD) to query user info for authentication.
It is my company's policy that no normal user has Admin authority and access to AD. Since I have to support MQ, I was given temporary local admin just to install and configure MQ. I login locally and have MQ install and configured. When I install and configure MQ, I selected "No" for the question on if MQ is running in Domain hoping that MQ will stop access AD and just check user authority locally. This seems to work when I login locally. But when I login normal to the Domain and try to access MQ, I got security error because MQ has no access to read AD.
Is there anyway to get around this ? (i.e get MQ to always just check user authority just locally and not trying to read AD ).
Joined: 10 Feb 2003 Posts: 6076 Location: Somewhere over the Rainbow this side of Never-never land.
I had this sort of thing at one client.
In the end, I got together with the security people and we came to a compromise.
They would enter the AD Account password at the appropriate time in the installation.
They also had to compromise in that this account must not have an expiry date.
There was a lot of contact admin of teeth, tut-tutting and shakings of their collective heads but when we demo'd the problems to them and the SysAdmins they agreed that we had to do something. _________________ WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum