| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MCAUSER on a RCVR channel |
« View previous topic :: View next topic » |
| Author |
Message
|
| PeterPotkay |
 Posted: Mon Nov 03, 2003 1:17 pm Post subject: MCAUSER on a RCVR channel |
 |
|
Poobah
Joined: 15 May 2001
Posts: 7723
|
I have a RCVR channel to my QM (QM1) from an outside company / queue manager called ABC.
The RCVR channel is called ABC.QM1, and I set the MCAUSER of this channel to "abcuser".
My goal is to use setmqaut to allow anyone coming over this channel access to only the queues I allow.
So on QM1, I issued the following commands:
E:\>setmqaut -m QM1 -n ABC.LOCAL.QUEUE -t queue -p abcuser +all
The setmqaut command completed successfully.
E:\>setmqaut -m QM1 -t qmgr -p abcuser +connect
The setmqaut command completed successfully.
Issue the refresh security command, which comes back successfully.
E:\>dspmqaut -m QM1 -n ABC.LOCAL.QUEUE -t queue -p abcuser
Entity abcuser has the following authorizations for object ABC.LOCAL.QUEUE:
get
browse
put
inq
set
dlt
chg
dsp
passid
passall
setid
setall
clr
E:\>dspmqaut -m QM1 -t qmgr -p abcuser
Entity abcuser has the following authorizations for object QM1:
connect
There is a remote queue def on ABC pointing to ABC.LOCAL.QUEUE on QM1. Now I send 200 messages into this remote queue. The SNDR channel goes into retry. I see 2035 errors on QM1.
1/03/2003 15:57:05
AMQ9509: Program cannot open queue manager object.
EXPLANATION:
The attempt to open either the queue or queue manager object 'QM1' on
queue manager 'QM1' failed with reason code 2035.
ACTION:
Ensure that the queue is available and retry the operation.
----- amqrmmqa.c : 1579 -------------------------------------------------------
11/03/2003 15:57:05
AMQ9599: Program could not open queue manager object.
EXPLANATION:
The attempt to open either the queue or queue manager object 'ABC.LOCAL.QUEUE'
on queue manager 'QM1' by user 'abcuser' failed with reason code 2035.
ACTION:
Ensure that the queue is available and retry the operation. If the message is
from a remote Queue Manager, check the Message Channel Agent User Identifier
has the correct authority.
----- amqrmmqa.c : 775 --------------------------------------------------------
11/03/2003 15:57:05
AMQ9999: Channel program ended abnormally.
EXPLANATION:
Channel program 'ABC.QM1' ended abnormally.
ACTION:
Look at previous error messages for channel program 'ABC.QM1' in the
error files to determine the cause of the failure.
----- amqrmrsa.c : 467 --------------------------------------------------------
How can I get this to work?
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
 |
| mqonnet |
| Posted: Mon Nov 03, 2003 4:05 pm Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
Peter, you are missing +altusr on your queue manager. So, your command should look like
setmqaut -m QM1 -t qmgr -p abcuser +connect +altusr
The reason you have to do this is because the receiver MCA should know that it has to authenticate using an alternate userid which you have put in the MCAUSER attribute of the channel def.
Cheers
Kumar |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Tue Nov 04, 2003 8:06 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7723
|
Thanks Kumar.
Actually, I also had to add +inq, since the MCA needs to ask the QM what its DLQ is when it needs to put messages to the DLQ because they are trying to get to unauthorized queues (or for any other reason they would go to the DLQ on the receiving side).
It works now.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
