| Author |
Message
|
| AviD |
 Posted: Wed Sep 27, 2006 11:41 am Post subject: |
 |
|
Acolyte
Joined: 06 Apr 2004
Posts: 62
|
Still having auth issues with the SAVEQMGR to Windows.
Due to account setup here, it takes awhile to get things created.
I tried modifying my local user/group policies on Windows XP by creating a local mqm USER id and renaming the mqm GROUP to mqm2. I then added the local user mqm to the local Administrators group on my box, but still same auth issues.
I also had a domain user account "mqm" created and added that to the local mqm group on a respective box (my desktop and one of our servers), but both give the same auth error.
Any other ideas? |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Wed Sep 27, 2006 4:37 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20772
Location: LI,NY
|
create a local qmgr with a default path back and forth. Use save qmgr to connect to the local qmgr but ask for the information from the remote qmgr.
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| AviD |
| Posted: Thu Sep 28, 2006 7:22 am Post subject: |
|
|
Acolyte
Joined: 06 Apr 2004
Posts: 62
|
fjb_saper:
That is what I am doing now. The program (local qmgr to remote qmgr through XMIT queue and sender/receiver channels) is working fine with Solaris and AIX, just not Windows.
Ultimately the issue is the mqm user id on AIX vs an mqm group with MUSR_MQADMIN on Windows. I tested with an application id that is under the mqm group on the AIX server, and also in the mqm group on the Windows server. That did work fine.
I just don't understand why creating a domain user account called mqm and adding it to the local Window server's mqm group doesn't work. The application id I am using is a domain account as well.
Going to continue toying around with it.
Let me know if you have any ideas. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Sep 28, 2006 2:49 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20772
Location: LI,NY
|
Read the documentation. MQ does not deal with embeded groups. You need to add all the users from the group to the group checked by WMQ...
Enjoy
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| AviD |
| Posted: Tue Oct 03, 2006 9:52 am Post subject: |
|
|
Acolyte
Joined: 06 Apr 2004
Posts: 62
|
OK getting back to this issue on and off.
Where are embedded groups coming into play here?
What permissions are needed? I've read the documentation, and I have the permissions set the way I believe they need to be...but the one account is still failing.
The docs indicate if the id is either part of the mqm group or an administrator (Windows), it would have the necessary permissions. What am I missing here? Could be something very simple that I am overlooking. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Oct 03, 2006 9:56 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| AviD wrote: |
| Where are embedded groups coming into play here? |
An embedded group is when there is a Domain group in the mqm group, rather than an individual Domain user.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| AviD |
| Posted: Tue Oct 03, 2006 10:21 am Post subject: |
|
|
Acolyte
Joined: 06 Apr 2004
Posts: 62
|
OK, both domain\user accounts are in the mqm group and admin group on the Windows box, and both exist on the AIX box under the mqm group. One domain\user works, the other doesn't.
I'm peeling through domain security on Windows with the admins to figure out what is different between the two, but I can't see how if they are both local admins on the box where the MQ functions are being called, it is failing due to 2035.
From AIX mqm group mqm user submits a remote SAVEQMGR to a Windows box with a domain\mqm user account under admin...and it fails.
From AIX mqm group someOtherUser user submits a remote SAVEQMGR to a Windows box with a domain\someOtherUser user account under admin...and it works.
What security at the domain level needs to be enabled? |
|
| Back to top |
|
|
|
|
