Re: How to get IP address of a CMS logged on user
Hello, Gonen. The CP command query user userid ext will return a response like this: userid -L0003 HOST TCPIPFROM 192.168.128.98 if that user is connecting to the z/VM system via TCP/IP. Is this what you are looking for? Gonen Shoham wrote: Hi, Is there a way to get the IP address, where a specific CMS user is logged on ? Thanks -- DJ V/Soft
Re: How to get IP address of a CMS logged on user
Perfect Thanks !!! -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Dave Jones Sent: Tuesday, September 04, 2007 1:47 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: How to get IP address of a CMS logged on user Hello, Gonen. The CP command query user userid ext will return a response like this: userid -L0003 HOST TCPIPFROM 192.168.128.98 if that user is connecting to the z/VM system via TCP/IP. Is this what you are looking for? Gonen Shoham wrote: Hi, Is there a way to get the IP address, where a specific CMS user is logged on ? Thanks -- DJ V/Soft
AW: How to get IP address of a CMS logged on user
Hi, try one of the following command (replace rempel2 with your username). q users rempel2 ext REMPEL2 -L0004 HOST TCPIPFROM 10.2.8.45 Ready; T=0.01/0.01 12:54:13 or try netstat telnet VM TCP/IP Netstat Level 520 Internal Telnet server status: Conn Status Foreign Host B out B in Logical device status -- - - 1057 Listen *0 0 1067 Establshd 10.2.8.4551471 550 L0004 LOGON AS REMPEL2 0009 Ready; T=0.01/0.01 12:54:39 kindest regards Mit freundlichen Grüßen, Horst Rempel Berufsgenossenschafthttp://www.bgchemie.de der chemischen Industriee-mail [EMAIL PROTECTED] Abteilung EDV/DV-ORG Kurfürstenanlage 62 69115 Heidelberg Tel.: 06221 / 523-1303 Fax : 06221 / 523-227 -Ursprüngliche Nachricht- Von: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] Auftrag von Gonen Shoham Gesendet: Dienstag, 4. September 2007 12:46 An: IBMVM@LISTSERV.UARK.EDU Betreff: How to get IP address of a CMS logged on user Hi, Is there a way to get the IP address, where a specific CMS user is logged on ? Thanks
Re: TCPIP/OSA problem
You should code AUTORESTART on the OSD DEVICE statement - that will cause the TCP/IP server to attempt restart on the device. When the switch reboots itself, the stack will be notified and restart the device.
Re: Ops privs
The need to do an IUCV connection adds a lot of complexity we don't need. As complexes of systems get larger, then depending on synchronizing local caches of authorization information becomes a (n**2-1) problem. You also need a level of abstraction -- given the demo of VMPlex that has been shown at SHARE and elsewhere, there will need to be arbitration of who answers the question in a multimode complex if we are to get a true single-system image. I think that if we want even locally written tools to exploit this, a CP command would be better. Even if that means it becomes a synchronous interface. So CP CANYOUDO resource name access mode I think the user-space presentation is orthogonal to the internal function. Internally, the command could contact an authorization service, which may be on the local node or elsewhere in the cluster if the admin so chooses. You could permit caching for speed, although that could get complicated in terms of rule expiration or changes in authorization profiles during a login session. What about: CP TEST resource operation RC=0 if operation permitted, RC=28 if not permitted, RC=some high number if there was an error getting an answer. IUCV has the advantage that it can already be transported across ISFC, which would allow concentrating authorization information on certain nodes in a cluster, a useful scalability and auditability feature. I think it would be enough to get CP's answer on *this* system, whatever way CP has come to that conclusion. If CP would trust to connect to the ESM via ISFC, then CP may use that... Hmm. What about a hybrid model: if CP joins an ISFC cluster, part of the cluster initialization exchange could include the presence or absence of a central authorization service. If present, each CP could connect and notify the service of its presence and a IUCV node and target to connect to. The authorization service (wherever it resided) could then connect back to the supplied target and populate a local cache of authorization rules. In this scenario, if you had a central authorization system, you could supply a timeout for each entry or push updates at any time (assuming that CP sorted the cache by freshness of an entry). At or near expiration of an entry, that node could contact the auth service and slurp down a fresh set of rules into a separate table, then flip over to the new set for minimal exposure to a no rule for that setup. You could then create a DIAG to validate a test against the local authorization cache -- which would be easy to use to implement the local CP command you suggested, but also allow the scale-up I'm looking for.
Jeff Beck is out of the office.
I will be out of the office starting 09/04/2007 and will not return until 09/10/2007. I will be out of the office Wednesday 9/4 and will return Monday 9/10. For matters regarding FRTIB, please contact Paul Schimke at 1-301-803-1811 or [EMAIL PROTECTED] For all other matters, please contact Matthew Yates at 1-301-803-1745 or [EMAIL PROTECTED] Thank you.
Re: Printing HTML source
Sorry to be late noticing your post. Could the answer to your original question have been the H2S package available on the http://www.vm.ibm.com/download/packages/ site? --Roger The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU wrote on 08/28/2007 02:06:50 AM: A short while ago I asked if there was any VM tool to convert HTML source into print format.
Stuck @ FTP on z/VM 5.3
I'm done with my second level install of z/VM 5.3, with the exception of FTPSERVE. I'm trying to get FTPSERVE to use RACF to manage the security piece. It's setup OK in the DTCPARMS file as best I can tell. I've additionally given FTPSERVE access of the FACILITY class...that fixed one of the FTP/RACF issues. I'm still getting the following error for class VMBATCH while trying to FTP from a Windows machine. ICH408I USER(FTPSERVE) GROUP(SYS1) NAME() MAINT CL(VMBATCH ) INSUFFICIENT ACCESS AUTHORITY ACCESS INTENT(CONTROL) ACCESS ALLOWED(NONE ) I'm in but I have no access to any of maint's minidisks: 230 Permission denied to LINK to MAINT 191 I've tried giving FTPSERVE access to class VMBATCH, but that isn't doing the trick. Any help would be appreciated. I thought I was doing pretty good for my first attempt at installing the z/VM operating system until now. CONFIDENTIALITY NOTICE: This communication is confidential, may be privileged and is meant only for the intended recipient. If you are not the intended recipient, please notify the sender ASAP and delete this message from your system.
