ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexIBM MQ Installation/Configuration SupportRunning MQ V8 standalone in Windows Domain

Post new topicReply to topic
Running MQ V8 standalone in Windows Domain View previous topic :: View next topic
Author Message
KIT_INC
PostPosted: Fri Feb 17, 2017 8:44 am Post subject: Running MQ V8 standalone in Windows Domain Reply with quote

Knight

Joined: 25 Aug 2006
Posts: 523

I know that to run MQ in a Windows Domain, it must have access to Active directory (AD) to query user info for authentication.
It is my company's policy that no normal user has Admin authority and access to AD. Since I have to support MQ, I was given temporary local admin just to install and configure MQ. I login locally and have MQ install and configured. When I install and configure MQ, I selected "No" for the question on if MQ is running in Domain hoping that MQ will stop access AD and just check user authority locally. This seems to work when I login locally. But when I login normal to the Domain and try to access MQ, I got security error because MQ has no access to read AD.
Is there anyway to get around this ? (i.e get MQ to always just check user authority just locally and not trying to read AD ).
Back to top
View user's profile Send private message
smdavies99
PostPosted: Fri Feb 17, 2017 9:32 am Post subject: Reply with quote

Jedi Council

Joined: 10 Feb 2003
Posts: 6077
Location: Somewhere over the Rainbow this side of Never-never land.

I had this sort of thing at one client.
In the end, I got together with the security people and we came to a compromise.
They would enter the AD Account password at the appropriate time in the installation.
They also had to compromise in that this account must not have an expiry date.

There was a lot of contact admin of teeth, tut-tutting and shakings of their collective heads but when we demo'd the problems to them and the SysAdmins they agreed that we had to do something.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995

Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions.
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexIBM MQ Installation/Configuration SupportRunning MQ V8 standalone in Windows Domain
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.