| Author |
Message
|
| debugme |
 Posted: Tue Mar 02, 2004 4:52 am Post subject: Problem authorizing new users |
 |
|
Apprentice
Joined: 14 Jan 2004
Posts: 27
|
Dear Friends,
I have an application which connects to the MQ Client,
which in turn connects to the MQ Server installation
and gets information from it.
Everything works fine 
But the problem is when my colleague tries to
do the same, but under his account. It works fine
if he logs in as me, but otherwise throws a completion
code of 2 and a reason code of 2035.
Any ideas on how to fix this problem ? As soon as
this works, we can sell our product, but we're tied up
until this is resolved 
regards, Asad.
p.s. The client is Solaris5.8 and the server is Windows2K. |
|
| Back to top |
|
 |
| JasonE |
| Posted: Tue Mar 02, 2004 5:22 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
|
| Back to top |
|
|
| debugme |
| Posted: Tue Mar 02, 2004 6:49 am Post subject: Problems still there... |
|
|
Apprentice
Joined: 14 Jan 2004
Posts: 27
|
We're trying to get a remote application working, and things are strange. If this is anFAQ, we're not quite sure where we've gone wrong.
1) On the client box, we created a user mqtest. After logging as this user. we set the MQSERVER environment variable i.e.
setenv MQSERVER MYCHANNEL/TCP/123.123.123.123
2) amqsputc doesn't work. No surprise, we've given no permissions.
3) We give permissions to the user as
| Code: |
setmqaut -m QM_itrspc48 -p mqtest -t queue -n postcard +put
setmqaut -m QM_itrspc48 -p mqtest -t qmgr +connect
setmqaut -m QM_itrspc48 -p mqtest -t queue -n postcard +get
setmqaut -m QM_itrspc48 -p mqtest -t queue -n postcard +inq
setmqaut -m QM_itrspc48 -p mqtest -t queue -n postcard +set
setmqaut -m QM_itrspc48 -p mqtest -t queue -n postcard +browse
setmqaut -m QM_itrspc48 -p mqtest -t queue -n postcard +altusr
setmqaut -m QM_itrspc48 -p mqtest -t queue -n postcard +all
|
4) Then amqsputc does work.
OK, normal user access works. But when we try and run our client code (which works on the server box) as this same user, we're getting permission errors(specifically 2035). We're pretty sure that the environment variable and the user running the process are being properly set.
Any idea what's causing it.
regards, Asad. |
|
| Back to top |
|
|
| mqonnet |
| Posted: Tue Mar 02, 2004 7:46 am Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
Did you search this forum for 2035 as Jason pointed out??????
"But the problem is when my colleague tries to
do the same, but under his account. It works fine
if he logs in as me, but otherwise throws a completion
code of 2 and a reason code of 2035."
Wont work as you need to define a principal for your colleague and assign authorities.
"OK, normal user access works. But when we try and run our client code (which works on the server box) as this same user, we're getting permission errors(specifically 2035). We're pretty sure that the environment variable and the user running the process are being properly set. "
The problem description is not really clear since there are so many clients, servers, apps and users involved. Or at least more than one of all these. Bottom line is for each user that need to access your qm, you need to define a principal.
If this doesnt help, explain the above description in detail. How many users, how many apps, how many servers, is it a client app or a server app etc.
Cheers
Kumar |
|
| Back to top |
|
|
| JasonE |
| Posted: Tue Mar 02, 2004 7:51 am Post subject: |
|
|
Grand Master
Joined: 03 Nov 2003
Posts: 1220
Location: Hursley
|
If your server is a Windows server, look in the qmgr\QM\errors directory, amqerr01 file, and it usually reports a really helpful message which goes with the 2035 along the lines of userid xxx isnt authorized to perform operation of type put to object QL. This usually gives the game away  |
|
| Back to top |
|
|
| vijiraghav |
| Posted: Wed Mar 03, 2004 1:29 am Post subject: Problem authorizing new users |
|
|
Novice
Joined: 11 Nov 2003
Posts: 18
|
By logging in as administrator (on win2k server machine), create a new local user with the same name i.e. mqtest on the win2k server and it should be under group mqm. Check whether there is a SVRCONN channel by the name MYCHANNEL on the win2k server queue manager with MCAUSER parameter as blank.
Vijiraghav |
|
| Back to top |
|
|
| debugme |
| Posted: Mon Mar 08, 2004 6:12 am Post subject: Found a solution... |
|
|
Apprentice
Joined: 14 Jan 2004
Posts: 27
|
Thanks for your suggestions people.
It turned out that I had already created the appropriate
user and group, both on NT and SOLARIS. However, it
was not until I ran the following commands :
setmqaut -m QM_WINBOX -p mqtest -t queue -n postcard +put
setmqaut -m QM_WINBOX -p mqtest -t qmgr +connect
setmqaut -m QM_WINBOX -p mqtest -t queue -n postcard +get
setmqaut -m QM_WINBOX -p mqtest -t queue -n postcard +inq
setmqaut -m QM_WINBOX -p mqtest -t queue -n postcard +set
setmqaut -m QM_WINBOX -p mqtest -t queue -n postcard +browse
setmqaut -m QM_WINBOX -p mqtest -t queue -n postcard +all
that the remote user could actually connect across the
network to my box.
I am surprised no-one mentioned this to me.
regards, Asad.[/b][/code] |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Mon Mar 08, 2004 3:57 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7723
|
| Quote: |
I am surprised no-one mentioned this to me.
|
Why would we mention it? You mention it yourself in your March 02 post!
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| debugme |
| Posted: Tue Mar 16, 2004 9:31 am Post subject: |
|
|
Apprentice
Joined: 14 Jan 2004
Posts: 27
|
|
| Back to top |
|
|
|
|
