| Author |
Message
|
| MABeatty1978 |
 Posted: Mon Oct 07, 2019 6:41 am Post subject: 2035 NOT AUTHORIZED client work station |
 |
|
Acolyte
Joined: 17 Jul 2014
Posts: 54
|
We're migrating to a new Linux OS and upgrading MQ to the current version and I've run into a problem with my application on our client workstations. When trying to do a message put, I'm getting a 2035 NOT AUTHORIZED error.
the MQSERVER variable is pointed to the correct channel, and doing a 'dspmqaut' on the channel shows the user has dlt,chg,dsp,ctrl.ctrlx privledges. The queue itself is a cluster queue, the transmission queue is also showing full privledges for that user. I'm not sure what else could be causing the problem. What else can I check for authorization issues?
Thank you? |
|
| Back to top |
|
 |
| exerk |
| Posted: Mon Oct 07, 2019 6:50 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
The queue manager logs should show the entity that is connecting and the authority causing the MQRC 2035.
Also:
1. Are you mapping a connecting user to a 'local' user (CHLAUTH rules) ?
2. Are you using an MCAUSER value and if so is it a privileged user?
3. Are you aware that using MQSERVER prevents the use of TLS to lock down the connection?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| HubertKleinmanns |
| Posted: Mon Oct 07, 2019 7:10 am Post subject: |
|
|
Shaman
Joined: 24 Feb 2004
Posts: 732
Location: Germany
|
And how is the setting of CONNAUTH in the QMgr.
_________________
Regards
Hubert |
|
| Back to top |
|
|
| MABeatty1978 |
| Posted: Mon Oct 07, 2019 7:17 am Post subject: |
|
|
Acolyte
Joined: 17 Jul 2014
Posts: 54
|
| exerk wrote: |
The queue manager logs should show the entity that is connecting and the authority causing the MQRC 2035.
Also:
1. Are you mapping a connecting user to a 'local' user (CHLAUTH rules) ?
2. Are you using an MCAUSER value and if so is it a privileged user?
3. Are you aware that using MQSERVER prevents the use of TLS to lock down the connection? |
It appears that the QMGR CHLAUTH needed to be set to DISABLED.
Thanks for pointing me in the right direction. |
|
| Back to top |
|
|
| exerk |
| Posted: Mon Oct 07, 2019 7:29 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| MABeatty1978 wrote: |
| exerk wrote: |
The queue manager logs should show the entity that is connecting and the authority causing the MQRC 2035.
Also:
1. Are you mapping a connecting user to a 'local' user (CHLAUTH rules) ?
2. Are you using an MCAUSER value and if so is it a privileged user?
3. Are you aware that using MQSERVER prevents the use of TLS to lock down the connection? |
It appears that the QMGR CHLAUTH needed to be set to DISABLED.
Thanks for pointing me in the right direction. |
No, no, and thrice NO! 
You would be better served to get it working with CONNAUTH and CHLAUTH enabled, or at least CHLAUTH, even in a Dev environment.
There are many good articles on how to do this (all hail the great Morag!).
HERE'S your starter for 10...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon Oct 07, 2019 9:02 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| exerk wrote: |
| No, no, and thrice NO! |
That's like solving an "invalid password" error on a website by removing the need to sign onto the website.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| HubertKleinmanns |
| Posted: Mon Oct 07, 2019 11:49 pm Post subject: |
|
|
Shaman
Joined: 24 Feb 2004
Posts: 732
Location: Germany
|
| Vitor wrote: |
| exerk wrote: |
| No, no, and thrice NO! |
That's like solving an "invalid password" error on a website by removing the need to sign onto the website. |
or like setting "chmod -R 777 /" on Unix systems, to solve file permission issues
_________________
Regards
Hubert |
|
| Back to top |
|
|
|
|
