| Author |
Message
|
| ydsk |
 Posted: Mon Nov 30, 2009 3:02 pm Post subject: setmqaut fails for domain id on Windows |
 |
|
Chevalier
Joined: 23 May 2005
Posts: 410
|
I have MQ v6 on Windows XP Pro.
It was installed using a local id mqsiadmn to avoid changing passwords everytime.
I have a domain id DOM1\dyang that I use for all regular work.
WAS v6.1 was installed using my domain id and it works well.
Now, when WAS tries to connect with MQ for JMS interaction I get MQJMS2013. I think the reason is my domain id doesn't have the permission to connect to MQ because WAS and MQ run with different ids.
To solve the problem I am trying to issue the command setmqaut as follows:
setmqaut -m QMNGR2 -t qmgr -p 'DOM1\dyang' +all
But it always complains "AMQ7026: A principal or group name was invalid." I tried giving the domain name in different ways like dyang@DOM1, etc but nothing worked.
Can somebody please suggest how to give a domain id in the setmqaut command ?
Thanks
ydsk |
|
| Back to top |
|
 |
| PeterPotkay |
| Posted: Mon Nov 30, 2009 4:35 pm Post subject: Re: setmqaut fails for domain id on Windows |
|
|
Poobah
Joined: 15 May 2001
Posts: 7716
|
| ydsk wrote: |
It was installed using a local id mqsiadmn to avoid changing passwords everytime.
|
That's not a valid reason. Local IDs can be set up to require password changes. Domain IDs can be set up to not require password changes.
| ydsk wrote: |
Can somebody please suggest how to give a domain id in the setmqaut command ?
|
| Code: |
| setmqaut -m QMNGR2 -t qmgr -p dyang +all |
It assumes ther machine does not also have a local ID called dyang, which would be bad.
+all is way more access that you need.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| exerk |
| Posted: Mon Nov 30, 2009 9:41 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Also, try and get used to specifying a group rather than a principle:
| Quote: |
| setmqaut -m QMNGR2 -t qmgr -p 'DOM1\dyang' +all |
If doing the above becomes a habit, you're in for a world of hurt on UNIX-based platforms.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| ydsk |
| Posted: Tue Dec 01, 2009 9:36 am Post subject: |
|
|
Chevalier
Joined: 23 May 2005
Posts: 410
|
Still my original question is unanswered.
I know giving access to group id works. And since it is my local desktop I did that already. But is there a way to give access to the domain id alone ?
And to answer Peter's question, domain id passwords in our organization need to be changed every 45 days as per the policy, and we are forced to do it. They don't change the policy. And with a local id I can set the passwd never to change.
I thought the Hursley guys in the forum might have some solution on how to give access to a windows domain id using setmqaut.
thanks
ydsk. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue Dec 01, 2009 10:34 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9405
Location: US: west coast, almost. Otherwise, enroute.
|
Moved to Security forum.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Tue Dec 01, 2009 11:06 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7716
|
| ydsk wrote: |
I thought the Hursley guys in the forum might have some solution on how to give access to a windows domain id using setmqaut.
|
| Code: |
| setmqaut -m QMNGR2 -t qmgr -p dyang +all |
It assumes ther machine does not also have a local ID called dyang, which would be bad.
+all is way more access that you need.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| mvic |
| Posted: Tue Dec 01, 2009 2:15 pm Post subject: |
|
|
Jedi
Joined: 09 Mar 2004
Posts: 2080
|
| ydsk wrote: |
| And to answer Peter's question, domain id passwords in our organization need to be changed every 45 days as per the policy, and we are forced to do it. They don't change the policy. And with a local id I can set the passwd never to change. |
First, -p userid@domain should work according to the setmqaut page in the Information Center. I don't see any mention of quoting so maybe try without any quoting (single quotes were used in one of the examples above, none are mentioned on that manual page though..).
If that doesn't help, maybe gather a trace to capture the problem, and take a look in the trace (use "findstr" to search for the text you supplied to setmqaut.. see if the reason for failure is dumped in a human readable way).. If having done that it is still failing when you follow the manual, then perhaps consider calling IBM support. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue Dec 01, 2009 2:23 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9405
Location: US: west coast, almost. Otherwise, enroute.
|
| Quote: |
| ...domain id passwords in our organization need to be changed every 45 days as per the policy, and we are forced to do it. |
A client reported a correlated increase in the use of yellow-stickies, as password cycle times were reduced.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| student |
| Posted: Mon Dec 07, 2009 9:11 am Post subject: |
|
|
Apprentice
Joined: 17 Mar 2009
Posts: 31
Location: UK
|
| You need this domain id to be added to local mqm group on your machine. |
|
| Back to top |
|
|
|
|
