Discussion:
MQ V8 connectivity conundrum via mq client on zlinux
Costa, D. (Damian)
2014-06-06 09:54:24 UTC
Permalink
Hi all,
On redhat v6 zlinux on s390x hardware.
How do I connect via an mq client to an v8 qmgr , I disabled the chl auths to get connected and setup the chl auths rules, but the qmgr is stating that the mqm account is a reserved account and I need to supply a userid/password , which I supplied and still got the 2035 error.

So how do I get a mq client admin view into this v8 qmgr?
Should I just setup a normal account belonging to the mqm group would that work?
Thanks.



********************
Nedbank Limited Reg No 1951/000009/06. The following link displays
the names of the Nedbank Board of Directors and Company Secretary.
[ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ]
This email is confidential and is intended for the addressee only.
The following link will take you to Nedbank's legal notice.
[ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
********************

To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Robert Parker4
2014-06-06 10:17:51 UTC
Permalink
Hi Damian,

What does your Queue Manager error log say? When a QMGR blocks a
connection it will print out an error message in the error logs telling
you why.

Regards,

Rob Parker
MQ Security Development
Security Tester
IBM Hursley, DE2B17

Phone: 44-1962 815370 | Tie-Line: 245370
E-mail: PARROBE-ygUJEDcBm8rQT0dZR+***@public.gmane.org
Find me on:
"Every time we've moved ahead in IBM, it was because someone was willing
to take a chance" - Thomas J. Watson


Hursley Park
Hursley , SO212JN
United Kingdom



I



From: "Costa, D. (Damian)" <DamianC-3zJjxGF14/***@public.gmane.org>
To: MQSERIES-JX7+OpRa80QeFbOYke1v4oOpTq8/***@public.gmane.org
Date: 06/06/2014 10:54
Subject: MQ V8 connectivity conundrum via mq client on zlinux
Sent by: MQSeries List <MQSERIES-JX7+OpRa80QeFbOYke1v4oOpTq8/***@public.gmane.org>



Hi all,
On redhat v6 zlinux on s390x hardware.
How do I connect via an mq client to an v8 qmgr , I disabled the chl
auths to get connected and setup the chl auths rules, but the qmgr is
stating that the mqm account is a reserved account and I need to supply a
userid/password , which I supplied and still got the 2035 error.

So how do I get a mq client admin view into this v8 qmgr?
Should I just setup a normal account belonging to the mqm group would that
work?
Thanks.



********************
Nedbank Limited Reg No 1951/000009/06. The following link displays
the names of the Nedbank Board of Directors and Company Secretary.
[ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ]
This email is confidential and is intended for the addressee only.
The following link will take you to Nedbank's legal notice.
[ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
********************

To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html



Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
Costa, D. (Damian)
2014-06-06 11:38:40 UTC
Permalink
Hi Rob,
I think It's something to do about the authinfo service in use . I'm trying to adjust it to make the checkclient = optional. Because at the moment it's required and when I supply the mqm admin password it throws a 2035.

I can't figure out how to adjust that parameter on the specific authinfo service.

I am going to try adjusting the CONNAUTH setting for the qmgr from IDPWOS to OCSP......



From: MQSeries List [mailto:MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org] On Behalf Of Robert Parker4
Sent: 06 June 2014 12:18 PM
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org
Subject: Re: MQ V8 connectivity conundrum via mq client on zlinux

Hi Damian,

What does your Queue Manager error log say? When a QMGR blocks a connection it will print out an error message in the error logs telling you why.

Regards,

Rob Parker
MQ Security Development
Security Tester
IBM Hursley, DE2B17
________________________________

Phone: 44-1962 815370 | Tie-Line: 245370
E-mail: PARROBE-ygUJEDcBm8rQT0dZR+***@public.gmane.org <mailto:PARROBE-ygUJEDcBm8rQT0dZR+***@public.gmane.org>
Find me on: [Twitter: http://twitter.com/jademonkey7988] <http://twitter.com/jademonkey7988> [LinkedIn: http://www.linkedin.com/pub/robert-parker/5a/347/340] <http://www.linkedin.com/pub/robert-parker/5a/347/340> [GooglePlus: https://plus.google.com/u/0/111991405406850875422/posts] <https://plus.google.com/u/0/111991405406850875422/posts> [Facebook: http://www.facebook.com/jademonkey7988] <http://www.facebook.com/jademonkey7988>
"Every time we've moved ahead in IBM, it was because someone was willing to take a chance" - Thomas J. Watson

[IBM]

Hursley Park
Hursley , SO212JN
United Kingdom

[Certified to Interview the IBM Way]




I



From: "Costa, D. (Damian)" <DamianC-3zJjxGF14/***@public.gmane.org<mailto:***@NEDBANK.CO.ZA>>
To: MQSERIES-JX7+OpRa80QeFbOYke1v4oOpTq8/***@public.gmane.org<mailto:MQSERIES-JX7+OpRa80Ties2YCUG/***@public.gmane.orgniwien.ac.at>
Date: 06/06/2014 10:54
Subject: MQ V8 connectivity conundrum via mq client on zlinux
Sent by: MQSeries List <MQSERIES-JX7+OpRa80QeFbOYke1v4oOpTq8/***@public.gmane.org<mailto:MQSERIES-JX7+OpRa80QeFbOYke1v4oOpTq8/***@public.gmane.org>>
________________________________



Hi all,
On redhat v6 zlinux on s390x hardware.
How do I connect via an mq client to an v8 qmgr , I disabled the chl auths to get connected and setup the chl auths rules, but the qmgr is stating that the mqm account is a reserved account and I need to supply a userid/password , which I supplied and still got the 2035 error.

So how do I get a mq client admin view into this v8 qmgr?
Should I just setup a normal account belonging to the mqm group would that work?
Thanks.



********************
Nedbank Limited Reg No 1951/000009/06. The following link displays
the names of the Nedbank Board of Directors and Company Secretary.
[ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ]
This email is confidential and is intended for the addressee only.
The following link will take you to Nedbank's legal notice.
[ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
********************

To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org<mailto:***@LISTSERV.MEDUNIWIEN.AC.AT> and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com<http://www.lsoft.com/>
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html



Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
________________________________
List Archive<http://listserv.meduniwien.ac.at/archives/mqser-l.html> - Manage Your List Settings<http://listserv.meduniwien.ac.at/cgi-bin/wa?SUBED1=mqser-l&A=1> - Unsubscribe<mailto:LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org?subject=Unsubscribe&BODY=signoff%20mqseries>

Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com<http://www.lsoft.com/resources/manuals.asp>

********************
Nedbank Limited Reg No 1951/000009/06. The following link displays
the names of the Nedbank Board of Directors and Company Secretary.
[ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ]
This email is confidential and is intended for the addressee only.
The following link will take you to Nedbank's legal notice.
[ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
********************

To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
Robert Parker4
2014-06-06 13:13:42 UTC
Permalink
If you're supplying a valid set of credentials to MQ when you connect then
it should be able to connect. When you connect, are you supplying a
username and password for a user on the box that MQ is running on?

If you are then the next likely thing to block your connection (given that
as you said you disabled CHLAUTH it can't be that) would be the the
authorisation service. Are you running your client as a userid that is in
the MQM group? If not have you told MQ to allow the user to connect to MQ?

If you make any changes to the connection authentication object on your
QMGR (for example changing CHCKCLNT to OPTIONAL) then you need to execute
a refresh security command afterwards for the changes to take effect.

Regards,

Rob Parker
MQ Security Development
Security Tester
IBM Hursley, DE2B17

Phone: 44-1962 815370 | Tie-Line: 245370
E-mail: ***@uk.ibm.com
Find me on:
"Every time we've moved ahead in IBM, it was because someone was willing
to take a chance" - Thomas J. Watson


Hursley Park
Hursley , SO212JN
United Kingdom



I



From: "Costa, D. (Damian)" <***@NEDBANK.CO.ZA>
To: ***@listserv.meduniwien.ac.at
Date: 06/06/2014 12:38
Subject: Re: MQ V8 connectivity conundrum via mq client on zlinux
Sent by: MQSeries List <***@listserv.meduniwien.ac.at>



Hi Rob,
I think It’s something to do about the authinfo service in use . I’m
trying to adjust it to make the checkclient = optional. Because at the
moment it’s required and when I supply the mqm admin password it throws a
2035.

I can’t figure out how to adjust that parameter on the specific authinfo
service.

I am going to try adjusting the CONNAUTH setting for the qmgr from IDPWOS
to OCSP





From: MQSeries List [mailto:***@LISTSERV.MEDUNIWIEN.AC.AT] On Behalf
Of Robert Parker4
Sent: 06 June 2014 12:18 PM
To: ***@LISTSERV.MEDUNIWIEN.AC.AT
Subject: Re: MQ V8 connectivity conundrum via mq client on zlinux

Hi Damian,

What does your Queue Manager error log say? When a QMGR blocks a
connection it will print out an error message in the error logs telling
you why.

Regards,

Rob Parker
MQ Security Development
Security Tester
IBM Hursley, DE2B17


Phone: 44-1962 815370 | Tie-Line: 245370
E-mail: ***@uk.ibm.com
Find me on:
"Every time we've moved ahead in IBM, it was because someone was willing
to take a chance" - Thomas J. Watson


Hursley Park
Hursley , SO212JN
United Kingdom




I



From: "Costa, D. (Damian)" <***@NEDBANK.CO.ZA>
To: ***@listserv.meduniwien.ac.at
Date: 06/06/2014 10:54
Subject: MQ V8 connectivity conundrum via mq client on zlinux
Sent by: MQSeries List <***@listserv.meduniwien.ac.at>




Hi all,
On redhat v6 zlinux on s390x hardware.
How do I connect via an mq client to an v8 qmgr , I disabled the chl
auths to get connected and setup the chl auths rules, but the qmgr is
stating that the mqm account is a reserved account and I need to supply a
userid/password , which I supplied and still got the 2035 error.

So how do I get a mq client admin view into this v8 qmgr?
Should I just setup a normal account belonging to the mqm group would that
work?
Thanks.



********************
Nedbank Limited Reg No 1951/000009/06. The following link displays
the names of the Nedbank Board of Directors and Company Secretary.
[ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ]
This email is confidential and is intended for the addressee only.
The following link will take you to Nedbank's legal notice.
[ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
********************

To unsubscribe, write to ***@LISTSERV.MEDUNIWIEN.AC.AT and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html



Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

List Archive - Manage Your List Settings - Unsubscribe
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com

********************
Nedbank Limited Reg No 1951/000009/06. The following link displays
the names of the Nedbank Board of Directors and Company Secretary.
[ http://www.nedbank.co.za/terms/DirectorsNedbank.htm ]
This email is confidential and is intended for the addressee only.
The following link will take you to Nedbank's legal notice.
[ http://www.nedbank.co.za/terms/EmailDisclaimer.htm ]
********************


List Archive - Manage Your List Settings - Unsubscribe
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com

Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


To unsubscribe, write to ***@LISTSERV.MEDUNIWIEN.AC.AT and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html

Loading...