Re: Fwd: Re: can not connect to queue manager
Am Mo, den 26.04.2004 schrieb David Awerbuch um 23:44: An update. I disabled the OAM as Ken suggested, and that has solved the problem, so I now know it is security related. So this still begs the question: how on VMS do I find out what the security violation is? Gunther Jeschawitz wrote: On UNIX systems, you have to be a member of the group mqm to start runmqsc. You don't need any other authority. Maybe it's the same on OpenVMS. On UNIX systems, maybe also on VMS, the pemission of runmqsc is: -r-sr-s--- 1 mqm mqm 9380 11. Feb 23:11 /opt/mqm/bin/runmqsc In the result: runmqsc works with the effectiv userid mqm, irrespective of the real userid. On MQ-objects mqm needs the rights, but mqm should have all rights on all objects. Gunter Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: can not connect to queue manager
Roger Lacroix wrote: Did you issue the 'refresh security' from runmqsc (or whatever it is called for OpenVMS). Note: For earlier releases of MQ for Unix, you had to bounce to queue manager to pick up new security setting. (Strange but true.) Roger, there were no security setting changes made to this user. The user was created with the MQM rights, but as a habit I restarted the qm anyway, to no avail. Ken Woloschuk wrote: You could try and disable the OAM and see if there are other authorization issues like file/directory permissions. There's only one problem - on VMS you define a logical PRIOR to creating the queue manager which disables the OAM for the life of the queue manager. This may be beneficial if you can create a test queue manager which has the 2035 return for the given userID. The following link discusses the OAM and VMS: http://www-306.ibm.com/software/integration/mqfamily/library/manualsb/amqqag 00/amqqag001m.htm#HDRUTOAM Ken, that sounds like sound advise - I'll disable the OAM and see what happens. Gunther Jeschawitz wrote: On UNIX systems, you have to be a member of the group mqm to start runmqsc. You don't need any other authority. Maybe it's the same on OpenVMS. The userid has the MQM rights (this is what is required under OpenVMS). I was trying to find out where to get more details on the security violation itself. This is the first MQ install I've done on this release of OVMS, so I need to get more info to find out what's missing. Thank you all for your input; more details to follow. Dave A. = David A. Awerbuch, IBM Certified MQSeries Specialist APC Consulting Services, Inc. Providing Automated Solutions to Business Challenges West Hempstead, NY(516) 481-6440 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25 http://photos.yahoo.com/ph/print_splash Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Fwd: Re: can not connect to queue manager
An update. I disabled the OAM as Ken suggested, and that has solved the problem, so I now know it is security related. So this still begs the question: how on VMS do I find out what the security violation is? Thanks, Dave A. --- David Awerbuch [EMAIL PROTECTED] wrote: Date: Mon, 26 Apr 2004 07:56:43 -0700 (PDT) From: David Awerbuch [EMAIL PROTECTED] Subject: Re: can not connect to queue manager To: Mqseries Messages [EMAIL PROTECTED] Roger Lacroix wrote: Did you issue the 'refresh security' from runmqsc (or whatever it is called for OpenVMS). Note: For earlier releases of MQ for Unix, you had to bounce to queue manager to pick up new security setting. (Strange but true.) Roger, there were no security setting changes made to this user. The user was created with the MQM rights, but as a habit I restarted the qm anyway, to no avail. Ken Woloschuk wrote: You could try and disable the OAM and see if there are other authorization issues like file/directory permissions. There's only one problem - on VMS you define a logical PRIOR to creating the queue manager which disables the OAM for the life of the queue manager. This may be beneficial if you can create a test queue manager which has the 2035 return for the given userID. The following link discusses the OAM and VMS: http://www-306.ibm.com/software/integration/mqfamily/library/manualsb/amqqag 00/amqqag001m.htm#HDRUTOAM Ken, that sounds like sound advise - I'll disable the OAM and see what happens. Gunther Jeschawitz wrote: On UNIX systems, you have to be a member of the group mqm to start runmqsc. You don't need any other authority. Maybe it's the same on OpenVMS. The userid has the MQM rights (this is what is required under OpenVMS). I was trying to find out where to get more details on the security violation itself. This is the first MQ install I've done on this release of OVMS, so I need to get more info to find out what's missing. Thank you all for your input; more details to follow. Dave A. = David A. Awerbuch, IBM Certified MQSeries Specialist APC Consulting Services, Inc. Providing Automated Solutions to Business Challenges West Hempstead, NY(516) 481-6440 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25 http://photos.yahoo.com/ph/print_splash = David A. Awerbuch, IBM Certified MQSeries Specialist APC Consulting Services, Inc. Providing Automated Solutions to Business Challenges West Hempstead, NY(516) 481-6440 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25 http://photos.yahoo.com/ph/print_splash Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: can not connect to queue manager
The permissions on authorization files, created by the OAM, are: S:RWD, O:RWD, G:RWD, W:R (ID=MQM, ACCESS=R+W+E+D+C) see the following for more info: http://www-306.ibm.com/software/integration/mqfamily/library/manualsb/amqqag 00/amqqag001q.htm#HDRUAF -Original Message- From: MQSeries List [mailto:[EMAIL PROTECTED] Behalf Of David Awerbuch Sent: Monday, April 26, 2004 15:45 To: [EMAIL PROTECTED] Subject: Fwd: Re: can not connect to queue manager An update. I disabled the OAM as Ken suggested, and that has solved the problem, so I now know it is security related. So this still begs the question: how on VMS do I find out what the security violation is? Thanks, Dave A. --- David Awerbuch [EMAIL PROTECTED] wrote: Date: Mon, 26 Apr 2004 07:56:43 -0700 (PDT) From: David Awerbuch [EMAIL PROTECTED] Subject: Re: can not connect to queue manager To: Mqseries Messages [EMAIL PROTECTED] Roger Lacroix wrote: Did you issue the 'refresh security' from runmqsc (or whatever it is called for OpenVMS). Note: For earlier releases of MQ for Unix, you had to bounce to queue manager to pick up new security setting. (Strange but true.) Roger, there were no security setting changes made to this user. The user was created with the MQM rights, but as a habit I restarted the qm anyway, to no avail. Ken Woloschuk wrote: You could try and disable the OAM and see if there are other authorization issues like file/directory permissions. There's only one problem - on VMS you define a logical PRIOR to creating the queue manager which disables the OAM for the life of the queue manager. This may be beneficial if you can create a test queue manager which has the 2035 return for the given userID. The following link discusses the OAM and VMS: http://www-306.ibm.com/software/integration/mqfamily/library/manualsb/amqqag 00/amqqag001m.htm#HDRUTOAM Ken, that sounds like sound advise - I'll disable the OAM and see what happens. Gunther Jeschawitz wrote: On UNIX systems, you have to be a member of the group mqm to start runmqsc. You don't need any other authority. Maybe it's the same on OpenVMS. The userid has the MQM rights (this is what is required under OpenVMS). I was trying to find out where to get more details on the security violation itself. This is the first MQ install I've done on this release of OVMS, so I need to get more info to find out what's missing. Thank you all for your input; more details to follow. Dave A. = David A. Awerbuch, IBM Certified MQSeries Specialist APC Consulting Services, Inc. Providing Automated Solutions to Business Challenges West Hempstead, NY(516) 481-6440 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25 http://photos.yahoo.com/ph/print_splash = David A. Awerbuch, IBM Certified MQSeries Specialist APC Consulting Services, Inc. Providing Automated Solutions to Business Challenges West Hempstead, NY(516) 481-6440 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25 http://photos.yahoo.com/ph/print_splash Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: can not connect to queue manager
On UNIX systems, you have to be a member of the group mqm to start runmqsc. You don't need any other authority. Maybe it's the same on OpenVMS. Regards, Gunter Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: can not connect to queue manager
You could try and disable the OAM and see if there are other authorization issues like file/directory permissions. There's only one problem - on VMS you define a logical PRIOR to creating the queue manager which disables the OAM for the life of the queue manager. This may be beneficial if you can create a test queue manager which has the 2035 return for the given userID. The following link discusses the OAM and VMS: http://www-306.ibm.com/software/integration/mqfamily/library/manualsb/amqqag 00/amqqag001m.htm#HDRUTOAM -Original Message- From: MQSeries List [mailto:[EMAIL PROTECTED] Behalf Of David Awerbuch Sent: Thursday, April 22, 2004 13:56 To: [EMAIL PROTECTED] Subject: can not connect to queue manager Hello all, I am running MQS 5.10 (ECO02) on OpenVMS V7.3-2 for Alpha. I have a userid that should be able to connect to the queue manager: 1. userid (UAF) is granted privelege MQM 2. the command 'dspmqaut -m qm -p userid -t qmgr' returns: inq set connect altusr crt dlt chg dsp setid setall Does anyone have any idea why this user would be getting a 2035 - not authorized - when trying to runmqsc for qm? I enabled my operator status (reply /enable) but I am not receiving any security messages (or any messages) regarding this user. There are no new records being added to any of the AMQEERR01.LOG files in [.errors], [.qmgrs.$system.errors], or [.qmgrs.qm.errore]. How can I figure out what the problem is? For those who are not familiar with OpenVMS, 5.1 is still the current supported version of MQ for this platform. Thanks, Dave A. = David A. Awerbuch, IBM Certified MQSeries Specialist APC Consulting Services, Inc. Providing Automated Solutions to Business Challenges West Hempstead, NY(516) 481-6440 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25 http://photos.yahoo.com/ph/print_splash Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
