ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » Resolved (2035 Not Authorized from APPMQUSR)

Post new topic  Reply to topic Goto page Previous  1, 2
 Resolved (2035 Not Authorized from APPMQUSR) « View previous topic :: View next topic » 
Author Message
csmith28
PostPosted: Tue Oct 05, 2004 10:42 am    Post subject: @ Peter Reply with quote

Grand Master

Joined: 15 Jul 2003
Posts: 1196
Location: Arizona

No, this Development MQManager is being used by over 20 Development groups. I suppose I could bounce it but it would result in a lot of screaming, crying, rending clothing and general mass hysteria.

I forgot to mention that after the successfull test while MCAUSER was still set to APPMQUSR I also had the developer try to connect using her vbprogammer id and it failed.
_________________
Yes, I am an agent of Satan but my duties are largely ceremonial.
Back to top
View user's profile Send private message
PeterPotkay
PostPosted: Tue Oct 05, 2004 10:48 am    Post subject: Re: @ Peter Reply with quote

Poobah

Joined: 15 May 2001
Posts: 7723

csmith28 wrote:
I forgot to mention that after the successfull test while MCAUSER was still set to APPMQUSR I also had the developer try to connect using her vbprogammer id and it failed.


Then it has nothing to do with IDs! If they are connecting over a SVRCONN channel with an MCAUSER set, and failing, and another app is working, then it is not an issue with the ID they are using, since that ID is ignored. (The MCAUSER is used) And since the other app is working over the same channel, it proves the ID on the MCAUSER is OK.

Unless the failing app is trying to do something that the hard coded MCAUSER is not set to, but the succesful app is not trying that function. But it looks like you gave that ID full authority anyway, so I doubt it.
_________________
Peter Potkay
Keep Calm and MQ On
Back to top
View user's profile Send private message
PeterPotkay
PostPosted: Tue Oct 05, 2004 10:56 am    Post subject: Reply with quote

Poobah

Joined: 15 May 2001
Posts: 7723

Are you POSITIVE the programmer is getting a 2035? If yes, is it on the MQCONN (????, based on all the above), or is it on the MQPUT, because the MQOPEN was done incorrectly.

We found a problem where VB client apps were setting spaces for the alternate user ID field. At 5.1 and 5.2, the spaces were ignored, and no ID was assumed, and it worked. At 5.3, spaces in that field is treated as a valid value for an ID, and as such, an attempt to use an alternate ID, and thus the MQOPEN needed to specify that option. Check that they aren't doing this. This would give a 2035 even if it was running with an ID with full authority.
_________________
Peter Potkay
Keep Calm and MQ On
Back to top
View user's profile Send private message
csmith28
PostPosted: Tue Oct 05, 2004 11:50 am    Post subject: Re: @ Peter Reply with quote

Grand Master

Joined: 15 Jul 2003
Posts: 1196
Location: Arizona

PeterPotkay wrote:

Then it has nothing to do with IDs! If they are connecting over a SVRCONN channel with an MCAUSER set, and failing, and another app is working, then it is not an issue with the ID they are using, since that ID is ignored. (The MCAUSER is used) And since the other app is working over the same channel, it proves the ID on the MCAUSER is OK.

Unless the failing app is trying to do something that the hard coded MCAUSER is not set to, but the succesful app is not trying that function. But it looks like you gave that ID full authority anyway, so I doubt it.


No no, wait....
With MCAUSER(APPMQUSER) set APPMQUSER was able to connect with from both the AIX with amqsputc and W2K client app as APPMQUSER. What I was trying to explain is that with MCAUSER(APPMQUSER) set I had the developer also attempt to connect with her application throwing the vbprogrammer ID and it failed.

Am incorrect in thinking that vbprogrammer failed to connect via that SVRCONN Channel because the MCAUSER(APPMQUSER) value was set?

The vbprogrammer ID works with MCAUSER( ) but we can't use vbprogrammer when the application is rolled out because vbprogrammer=the developers personal ID.
_________________
Yes, I am an agent of Satan but my duties are largely ceremonial.


Last edited by csmith28 on Tue Oct 05, 2004 12:04 pm; edited 2 times in total
Back to top
View user's profile Send private message
csmith28
PostPosted: Tue Oct 05, 2004 11:52 am    Post subject: Reply with quote

Grand Master

Joined: 15 Jul 2003
Posts: 1196
Location: Arizona

PeterPotkay wrote:
Are you POSITIVE the programmer is getting a 2035? If yes, is it on the MQCONN (????, based on all the above), or is it on the MQPUT, because the MQOPEN was done incorrectly.

We found a problem where VB client apps were setting spaces for the alternate user ID field. At 5.1 and 5.2, the spaces were ignored, and no ID was assumed, and it worked. At 5.3, spaces in that field is treated as a valid value for an ID, and as such, an attempt to use an alternate ID, and thus the MQOPEN needed to specify that option. Check that they aren't doing this. This would give a 2035 even if it was running with an ID with full authority.


Yes, positive. I saw the error during a NetMeeting Session.

I'll have to talk to vbprogrammer about that. Like I said I don't have access to the W2k server unless we set up a NetMeeting. But if I recall it is failing on the MQCONN.
_________________
Yes, I am an agent of Satan but my duties are largely ceremonial.
Back to top
View user's profile Send private message
EddieA
PostPosted: Tue Oct 05, 2004 2:28 pm    Post subject: Reply with quote

Jedi

Joined: 28 Jun 2001
Posts: 2453
Location: Los Angeles

OK, to add my 2 pence to this. I'm currently trying to work out what's going on with a very similar problem.

I've got MQ 5.3 running on an AIX box. There is a group set up called mqgroup. This group has MQCONN authority.

With mcauser left blank.

I only have a local user who is a member of mqgroup. From this user, I can run both amqsbcgc and also a Java application that either doesn't set MQEnvironment.userID or sets it to a valid user in mqgroup. It the MQEnvironment.userID is not in mqgroup, then I get a 2035. All as expected.

From a remote machine, where the user is NOT part of mqgroup, running amqscbgc gives me a 2035. The Java application runs the same as above. (Don't ya just love the security of this. )

Now, if I change the SVRCONN to have mcauser('mqgroup'), everything fails with a 2035. Both local, and remote. amqsbcgc and Java. And YES, I did double check the mcauser was set correctly in lower case. And also that the failure was on the MQCONN.

So, I have to agree that there is something strange going on here.

Just for grins, I changed to mcauser('mqm'), and guess what. Everything WORKED.

Cheers,
_________________
Eddie Atherton
IBM Certified Solution Developer - WebSphere Message Broker V6.1
IBM Certified Solution Developer - WebSphere Message Broker V7.0
Back to top
View user's profile Send private message
csmith28
PostPosted: Tue Oct 05, 2004 2:50 pm    Post subject: Reply with quote

Grand Master

Joined: 15 Jul 2003
Posts: 1196
Location: Arizona

EddieA wrote:
Just for grins, I changed to mcauser('mqm'), and guess what. Everything WORKED.

Cheers,


I have not tried that but, hmmmmm. I am thinking it would still fail with APPMQUSR because APPMQUSR is not a member of mqm even though I have specifically set APPMQUSR's authorities, but it would succeed with my id mqadmin and vbprogrammer's ID because they are members of mqm.
_________________
Yes, I am an agent of Satan but my duties are largely ceremonial.
Back to top
View user's profile Send private message
EddieA
PostPosted: Tue Oct 05, 2004 2:59 pm    Post subject: Reply with quote

Jedi

Joined: 28 Jun 2001
Posts: 2453
Location: Los Angeles

OK, I solved my problem. You have to put a USERID in mcauser, not a GROUP.

I'd assumed, wrongly, because you can only set authorisation at the group level in UN*X that a group name would work here.

Hangs head in shame,
_________________
Eddie Atherton
IBM Certified Solution Developer - WebSphere Message Broker V6.1
IBM Certified Solution Developer - WebSphere Message Broker V7.0
Back to top
View user's profile Send private message
csmith28
PostPosted: Tue Oct 05, 2004 3:09 pm    Post subject: Reply with quote

Grand Master

Joined: 15 Jul 2003
Posts: 1196
Location: Arizona

EddieA wrote:
OK, I solved my problem. You have to put a USERID in mcauser, not a GROUP.

I'd assumed, wrongly, because you can only set authorisation at the group level in UN*X that a group name would work here.

Hangs head in shame,


But mqm is a user and a group. Hmmm........

You may bang your head on the floor until forgiven.

But take of the helmet first. Wouldn't want to screw up your HUD display or the Night Vision thingy.
_________________
Yes, I am an agent of Satan but my duties are largely ceremonial.
Back to top
View user's profile Send private message
csmith28
PostPosted: Wed Oct 06, 2004 9:36 am    Post subject: Reply with quote

Grand Master

Joined: 15 Jul 2003
Posts: 1196
Location: Arizona

Ok finally it works. I still don't know why I was having so much trouble with APPMQUSR but at this point I don't really care.

Today the new user I requested "appusr" was created. appusr is not a member of the mqm group.

I ran the setmqaut against the appusr ID.

I ran amqsputc successfully from my AIX Client Server.

I called vbprogrammer. She changed the ID in her code. She placed two messages on my MQManager and then retrieved them.

And, the pickled eggs I ordered arrived today. =]
_________________
Yes, I am an agent of Satan but my duties are largely ceremonial.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Goto page Previous  1, 2 Page 2 of 2

MQSeries.net Forum Index » General IBM MQ Support » Resolved (2035 Not Authorized from APPMQUSR)
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.