| Author |
Message
|
| jefflowrey |
 Posted: Sun Dec 19, 2004 4:04 pm Post subject: Re: amqoamd on Windows issue (User no longer exists) |
 |
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| WannaBeInAParker wrote: |
User name: FAIL : unresolved account
Authorities: altusr connect inq set setall setid chg crt dlt dsp (0x009f07ff)
SID: S-1-5-21-1177238915-1767777339-725345543-43546
|
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
 |
| WannaBeInAParker |
| Posted: Sun Dec 19, 2004 6:19 pm Post subject: |
|
|
Voyager
Joined: 09 Dec 2003
Posts: 81
|
Jeff,
That's correct the user does not exist any longer. I think I may have confused things by showing an example of what authorities are defined when a user creates a new queue.
fjb_saper, first time I saw the -remove option. Thanks for that, seems helpful for other scenarios, but not my current one.
-WannaBe-
_________________
-WannaBe- |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sun Dec 19, 2004 8:35 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20763
Location: LI,NY
|
You wrote the error output as output of amqoamd.
Did you try dmpmqaut -m qmgr ?
and if yes what was the output thereof.
Did you see any errors or can you see the offending principal in the dmpmqaut output. |
|
| Back to top |
|
|
| WannaBeInAParker |
| Posted: Mon Dec 20, 2004 3:37 am Post subject: |
|
|
Voyager
Joined: 09 Dec 2003
Posts: 81
|
Here is the output of dmpmqaut:
profile: SYSTEM.ADMIN.CHANNEL.EVENT
object type: queue
entity: S-1-5-21-1177238915-1767777339-725345543-43546@
entity type: unknown
authority: allmqi dlt chg dsp clr
- - - - - - - -
profile: SYSTEM.ADMIN.CHANNEL.EVENT
object type: queue
entity: mqm@INAW2168
entity type: group
authority: allmqi dlt chg dsp clr
_________________
-WannaBe- |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Mon Dec 20, 2004 5:25 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Have you tried copy/pasting the SID into setmqaut?
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| WannaBeInAParker |
| Posted: Mon Dec 20, 2004 6:10 am Post subject: |
|
|
Voyager
Joined: 09 Dec 2003
Posts: 81
|
I thought of that when I pasted the snippet above. I need to reproduce this on a dev system and try it there as this issue appeared in PROD. I will try and let you know the results. The only thing that leads me to believe that this may not work is the fact that the entity type is listed as "unknown", instead of principal or group.
_________________
-WannaBe- |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Dec 20, 2004 11:25 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20763
Location: LI,NY
|
We are talking about the SYSTEM.CHANNEL.EVENT queue. There should not be that many authorizations on it.
Just a suggestion if remove with SID does not work
Make a dmpmqaut and look at all authorizations for said queue.
Try the setmqaut -remove specifying the object:
-t q -n SYSTEM.CHANNEL.EVENT and no principal.
See if it removes all authorizations ?
After that all you need is to reset the authorizations needed to run and REFRESH the security....
Keep us informed
 |
|
| Back to top |
|
|
| WannaBeInAParker |
| Posted: Tue Dec 21, 2004 5:18 am Post subject: |
|
|
Voyager
Joined: 09 Dec 2003
Posts: 81
|
Let me just reiterate, that we have not granted any permissions on this or other queues and that this is just one example of several objects that have this autority set. MQseries must automatically grant +all to the user that creates the queue in the Windows environment.
_________________
-WannaBe- |
|
| Back to top |
|
|
| JasonE |
| Posted: Tue Dec 21, 2004 10:43 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
There is nothing you can do about entries in the OAM relating to userids which dont exist. Suggestion - raise a requirement for consideration in a future release that you can remove by SID...
For now you will have to live with it
(And yes, I think the creator and mqm both get explicit entries in the OAM, if I remember correctly). |
|
| Back to top |
|
|
|
|
