| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| .NET Client ID Connection to MQ |
« View previous topic :: View next topic » |
| Author |
Message
|
| hollams |
 Posted: Thu Feb 29, 2024 8:58 am Post subject: .NET Client ID Connection to MQ |
 |
|
Newbie
Joined: 29 Feb 2024
Posts: 1
|
We have a .NET client who is connecting to zos MQ with a userid that is not in RACF. We tried creating a channel auth record using the Client User ID but apparently we aren't matching the names correctly. We are using all lowercase letters.
We then created an auth record just using the IP address and the connection worked. Displaying the connection doesn't show the Client ID as I guess it's not supported on zOS.
Is there another way to see what the Client User ID is? The RACF message cut off the userid at 8 characters. We got the full name from the Application team but that didn't work either. |
|
| Back to top |
|
 |
| gbaddeley |
| Posted: Thu Feb 29, 2024 1:28 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
While a connection is running, try displaying the channel status, and look at MCAUSER.
Try putting a message, and look at the MQMD UserIdentifier in the message.
_________________
Glenn |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Mar 01, 2024 11:51 pm Post subject: Re: .NET Client ID Connection to MQ |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| hollams wrote: |
We have a .NET client who is connecting to zos MQ with a userid that is not in RACF. We tried creating a channel auth record using the Client User ID but apparently we aren't matching the names correctly. We are using all lowercase letters.
We then created an auth record just using the IP address and the connection worked. Displaying the connection doesn't show the Client ID as I guess it's not supported on zOS.
Is there another way to see what the Client User ID is? The RACF message cut off the userid at 8 characters. We got the full name from the Application team but that didn't work either. |
Depending on the client version (9.2.x) the userid running the client program will be truncated at 12 chars when running in distributed. To avoid this behavior and get the full userid the client MUST use the use_MQCSP_authentication. This can be set in the mqclient.ini for java programs... (JMQI stanza)...
Once you know what the client userid will look like, you can proxy it with the chlauth record.
One of the problems we had on distributed is that the client could never provide the correct password and as such either get proxied or connect. Turned out that the userid was getting truncated and as such userid and password could not match at authentication... Using the MQCSP structure for passing userid and password solved that problem...
Hope it helps some 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| hughson |
| Posted: Sat Mar 02, 2024 7:12 pm Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
Block the connection by not having a CHLAUTH rule for it in place and then view the queue manager error message which will show you the CLNTUSER that was presented.
See this blog post for an example.
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
