Topic
  • 5 replies
  • Latest Post - ‏2013-01-07T10:24:30Z by SystemAdmin
SystemAdmin
SystemAdmin
8523 Posts

Pinned topic MQ7.5 Userid mapping issue at channel level(MQ7.5 OAM authorisations issue)

‏2012-11-29T13:49:15Z |
Hi,

I am working on MQ 7.5 linux environment.

We have 4 queue managers and 6 server connection channels to connect 6 applications for each application
we created one server connection channel i given autherisation at queue
level and channel level.

But I am facing problem at CHANNEL AUTHORISATON level. In my project i have
to map ONE CLIENT APPLICATION USERID with LOCAL LINUX UserID.

I used below command:
SET CHLAUTH('QM.SVR.CHL') TYPE(USERMAP) CLNTUSER('fonlid') USERSRC(MAP)
MCAUSER('ncs') ACTION(ADD)

Error I am getting in LOG was:

11/28/2012 03:05:32 PM - Process(22143.25) User(151194) Program(amqzlaa0)
Host(rhlux115.alahli.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(QM.IBAS)

AMQ5653: The user 'fonlid' is not defined.

EXPLANATION:
The system call getpwnam("fonlid") failed with errno -1.
ACTION:
Create the user 'fonlid' and retry the operation.

amqzfubx.c : 4021

11/28/2012 03:05:32 PM - Process(22165.1(Embedded image moved to file:
pic06944.gif) User(151194) Program(amqrmppa)
Host(rhlux115.alahli.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(QM.IBAS)

AMQ9557: Queue Manager User ID initialization failed.

EXPLANATION:
The call to initialize the User ID failed with CompCode 2 and Reason 2035.
ACTION:
Correct the error and try again.

cmqxrsrv.c : 1972

11/28/2012 03:05:32 PM - Process(22165.1(Embedded image moved to file:
pic28788.gif) User(151194) Program(amqrmppa)
Host(rhlux115.alahli.com) Installation(Installation1)
VRMF(7.5.0.0) QMgr(QM.IBAS)

AMQ9999: Channel 'QM.SVR.CHL' to host 'hpux105 (10.**.**.**)' ended
abnormally.

EXPLANATION:
The channel program running under process ID 22165 for channel
'QM.SVR.CHL' ended abnormally. The host name is 'hpux105 (10.**.**.**)';
in some cases the host name cannot be determined and so is shown as '????'.

ACTION:
Look at previous error messages for the channel program in the error logs
to
determine the cause of the failure. Note that this message can be excluded
completely or suppressed by tuning the "ExcludeMessage" or
"SuppressMessage"
attributes under the "QMErrorLog" stanza in qm.ini. Further information can
be
found in the System Administration Guide.

amqrmrsa.c : 898


Please help me o this

Thanks&Regards
Ravi Lankalapalli
Updated on 2014-03-06T12:00:26Z at 2014-03-06T12:00:26Z by Morag Hughson
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: MQ7.5 Userid mapping issue at channel level(MQ7.5 OAM authorisations issue)

    ‏2012-11-30T10:11:03Z  
    Looks like your client side user ID isn't getting mapped. Can you double check that CHLAUTH is enabled.

    Please issue this command:-
    
    DISPLAY QMGR CHLAUTH
    

    and check that it shows ENABLED.

    If it doesn't, please issue this command:-
    
    ALTER QMGR CHLAUTH(ENABLED)
    


    If this wasn't your problem, reply again, and we shall look further.

    Cheers
    Morag
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: MQ7.5 Userid mapping issue at channel level(MQ7.5 OAM authorisations issue)

    ‏2012-12-29T06:46:48Z  
    Looks like your client side user ID isn't getting mapped. Can you double check that CHLAUTH is enabled.

    Please issue this command:-
    <pre class="jive-pre"> DISPLAY QMGR CHLAUTH </pre>
    and check that it shows ENABLED.

    If it doesn't, please issue this command:-
    <pre class="jive-pre"> ALTER QMGR CHLAUTH(ENABLED) </pre>

    If this wasn't your problem, reply again, and we shall look further.

    Cheers
    Morag
    Hi Morag,

    Sorry for late reply.

    I enabled CHL authorisation.
    ALTER QMGR CHLAUTH(ENABLED)

    But i am facing same problem

    AMQ9557: Queue Manager User ID initialization failed.
    EXPLANATION:
    The call to initialize the User ID failed with CompCode 2 and Reason 2035.
    ACTION:
    Correct the error and try again.

    So i added MCAUSERID 'ncs' at channel properties it was working fine. But problem was every user was connecting.

    So please guide me if you have any idea on this.
    Thanks
    Ravi
  • fjb_saper
    fjb_saper
    175 Posts

    Re: MQ7.5 Userid mapping issue at channel level(MQ7.5 OAM authorisations issue)

    ‏2012-12-30T07:59:39Z  
    Hi Morag,

    Sorry for late reply.

    I enabled CHL authorisation.
    ALTER QMGR CHLAUTH(ENABLED)

    But i am facing same problem

    AMQ9557: Queue Manager User ID initialization failed.
    EXPLANATION:
    The call to initialize the User ID failed with CompCode 2 and Reason 2035.
    ACTION:
    Correct the error and try again.

    So i added MCAUSERID 'ncs' at channel properties it was working fine. But problem was every user was connecting.

    So please guide me if you have any idea on this.
    Thanks
    Ravi
    Both the inbound and the mapped user may have to be defined on the WMQ server.
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: MQ7.5 Userid mapping issue at channel level(MQ7.5 OAM authorisations issue)

    ‏2012-12-30T08:37:17Z  
    • fjb_saper
    • ‏2012-12-30T07:59:39Z
    Both the inbound and the mapped user may have to be defined on the WMQ server.
    Hi Friend,

    Here problem was i am working in client location he already created some USERS in Linux environment so he wants to use those users only.

    Because of that i am using USERID mapping.

    In my case i am mapping client user to Existing Linux user. There i am getting Autherisation exception.

    I used below command:
    SET CHLAUTH('QM.SVR.CHL') TYPE(USERMAP) CLNTUSER('fonlid') USERSRC(MAP)
    MCAUSER('ncs') ACTION(ADD)

    ERROR:

    AMQ5653: The user 'fonlid' is not defined.

    EXPLANATION:
    The system call getpwnam("fonlid") failed with errno -1.
    ACTION:
    Create the user 'fonlid' and retry the operation.

    NOTE: For one client this mapping working fine but remaining 5 applications facing same problem.

    Thanks
    Ravi
  • SystemAdmin
    SystemAdmin
    8523 Posts

    Re: MQ7.5 Userid mapping issue at channel level(MQ7.5 OAM authorisations issue)

    ‏2013-01-07T10:24:30Z  
    Hi Friend,

    Here problem was i am working in client location he already created some USERS in Linux environment so he wants to use those users only.

    Because of that i am using USERID mapping.

    In my case i am mapping client user to Existing Linux user. There i am getting Autherisation exception.

    I used below command:
    SET CHLAUTH('QM.SVR.CHL') TYPE(USERMAP) CLNTUSER('fonlid') USERSRC(MAP)
    MCAUSER('ncs') ACTION(ADD)

    ERROR:

    AMQ5653: The user 'fonlid' is not defined.

    EXPLANATION:
    The system call getpwnam("fonlid") failed with errno -1.
    ACTION:
    Create the user 'fonlid' and retry the operation.

    NOTE: For one client this mapping working fine but remaining 5 applications facing same problem.

    Thanks
    Ravi
    Hi there Ravi,

    Now that you have CHLAUTH(ENABLED), may I ask you to temporarily put the following rule in place in your test system? This rule will block everything that doesn't match another rule.
    
    SET CHLAUTH(
    '*') TYPE(ADDRESSMAP) ADDRESS(
    '*') USERSRC(NOACCESS) DESCR(
    'Temporary Catch-all rule')
    


    My suspicion is that your inbound client is not matching the rule you have defined which is like this:-
    
    SET CHLAUTH(
    'QM.SVR.CHL') TYPE(USERMAP) CLNTUSER(
    'fonlid') USERSRC(MAP) MCAUSER(
    'ncs') ACTION(ADD)
    


    If it doesn't match your specific rule, then it will now match the catch-all rule and will generate an error in your error log which looks something like this:-
    
    AMQ9777: Channel was blocked   EXPLANATION: The inbound channel 
    'SYSTEM.DEF.SVRCONN' was blocked from address 
    '127.0.0.1' because the active values of the channel matched a record configured with USERSRC(NOACCESS). The active values of the channel were 
    'CLNTUSER(hughson)'. ACTION: Contact the systems administrator, who should examine the channel authentication records to ensure that the correct settings have been configured. The ALTER QMGR CHLAUTH 
    
    switch is used to control whether channel authentication records are used. The command DISPLAY CHLAUTH can be used to query the channel authentication records.
    

    From the information in this error we should be able to work out why it isn't matching your specific rule, i.e. we can see exactly the information that the client is presenting for the queue manager to check against the CHLAUTH rules in place.

    Cheers
    Morag