| Author |
Message
|
| amitjain |
 Posted: Wed Apr 22, 2015 7:17 am Post subject: |
 |
|
Apprentice
Joined: 14 Jan 2015
Posts: 39
|
Thanks mqjeff.
Thanks exerk for Morag Hughson's various blogs
Now I understand the purpose of AUTHINFO objects.
After defining authinfo properly I am able to connect to LDAP from MQ and also able to connect MQ explorer using my windows credential. |
|
| Back to top |
|
 |
| amitjain |
| Posted: Wed Apr 29, 2015 4:02 am Post subject: AMQ4401 - MQ explorer issue |
|
|
Apprentice
Joined: 14 Jan 2015
Posts: 39
|
Hi,
I have defined the group unx-appsupp on windows and on linux when I execute below command I get the proper output.
~/mq_scripts ] $ getent group unx-appsupp
unx-appsupp:*:111515:ajain
I have given setmqaut to this group and those commands get executed successfully.
Also I have defined
DEFINE AUTHINFO for LDAP and it shows connected in below command
DIS QMSTATUS ALL
But when I try to acess through MQ explorer on windows it gives me AMQ4401 error and AMQERR01.log suggest my userid ajain does not have permission on
SYSTEM.MQEXPLORER.REPLY.MODEL
SYSTEM.ADMIN.COMMAND.QUEUE
But I have given the permission to the group unx-appsupp to which I belong.
setmqaut -n SYSTEM.MQEXPLORER.REPLY.MODEL -t q -g "unx-appsupp" +dsp +inq +get
setmqaut -n SYSTEM.ADMIN.COMMAND.QUEUE -t q -g "unx-appsupp" +dsp +inq +put
If i give setmqaut to -p ajain it works.
Please help me to understand what I am doing wrong while doing setmqaut at group level. I don't want to give individual person setmqaut.
One more thing , If I create local unix group and add my id to that group and give setmqaut to local unix group it works fine.
I am not able to make it work with only windows group. |
|
| Back to top |
|
|
| amitjain |
| Posted: Wed Apr 29, 2015 4:14 am Post subject: |
|
|
Apprentice
Joined: 14 Jan 2015
Posts: 39
|
:~/mq_scripts ] $ groups ajain
ajain : unx-is splunk unx-appsupp |
|
| Back to top |
|
|
| amitjain |
| Posted: Wed Apr 29, 2015 5:38 am Post subject: |
|
|
Apprentice
Joined: 14 Jan 2015
Posts: 39
|
Don't know but it started working fine now.
In windows AD I have changed my unix primary group id to unx-appsupp and it started working fine.
I am again perform all steps from beginning for new group and new queue manager and check how it works. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Apr 29, 2015 5:41 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| amitjain wrote: |
| unix primary group id |
|
|
| Back to top |
|
|
| amitjain |
| Posted: Wed Apr 29, 2015 5:46 am Post subject: |
|
|
Apprentice
Joined: 14 Jan 2015
Posts: 39
|
Could you please point me to some documentation to understand how primary group things work in context of MQ.
I was thinking it will check what all groups I am member of and according pick matching profile of setmqaut.
Thanks. |
|
| Back to top |
|
|
| amitjain |
| Posted: Wed Apr 29, 2015 5:47 am Post subject: |
|
|
Apprentice
Joined: 14 Jan 2015
Posts: 39
|
:~/mq_scripts ] $ groups ajain
ajain : unx-appsupp splunk tg dev all unx-beauchamp
peviously unx-is was primary and now I have unx-appsupp as primary. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Apr 29, 2015 7:27 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20768
Location: LI,NY
|
Well it depends on multiple factors.
Say you have just been added to a group. Before that change becomes effective you have to:
- run refresh security on the qmgr (mqsc)
- log out and log back in on the server
So really there is no easy way to tell why something works or does not. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
