从HermesJMS到MQ8的错误2035('MQRC_NOT_AUTHORIZED')
[英]Error 2035 ('MQRC_NOT_AUTHORIZED') from HermesJMS to MQ8
问题描述
I am accessing an MQ8 server using HermesJms. 
我正在使用HermesJms访问MQ8服务器。
The latter has the following configuration: 后者具有以下配置:
However, when I am trying to "Discover" via the relevant option provided by Hermes, I get an 2035 with the following message appearing on the queue manager error logs: 但是,当我尝试通过Hermes提供的相关选项“发现”时,出现2035 ,队列管理器错误日志中出现以下消息:
AMQ9557: Queue Manager User ID initialization failed for 'pkaramol'.
EXPLANATION:
The call to initialize the User ID 'pkaramol' failed with CompCode 2 and Reason
2035.
Note that pkaramol is my local OS user I am logged in as, in the linux machine running Hermes. 请注意, pkaramol是我以运行Hermes的linux机器登录的本地OS用户。
Questions : 问题 :
1) Why I get the following error despite the fact that I have disabled both CHLAUTH and CONNAUTH : 1)为什么我禁用了CHLAUTH和CONNAUTH却得到以下错误:
ALTER QMGR CHLAUTH(DISABLED) CONNAUTH(' ')
REFRESH SECURITY TYPE(CONNAUTH)
2) Why is the server perceiving pkaramol as the user trying to access the queue manager, although I am explicitly providing mquser in both ClientID and user fields of HermesJMS? 2)尽管我在mquser的ClientID和user字段中都明确提供了mquser ,但是为什么服务器试图将pkaramol视为用户尝试访问队列管理器?
2 个解决方案
解决方案1
1 已采纳 2017-08-29 23:56:32
I cannot find much documentation on HermesJMS, but through some trial and error I found out that it does not honor the User and Password settings if you click Discover, it will always send the user you are logged in as to the queue manager, this is why you do not see the user mquser . 我在HermesJMS上找不到太多文档,但是通过一些试验和错误,我发现如果单击“发现”,它将不接受“ User和“ Password设置,它将始终将您登录的用户发送到队列管理器,这是为什么看不到用户mquser 。 Because you are running it as the user pkaramol which does not exist on the server where your queue manager is running you receive the following error: 因为您以运行队列管理器的服务器上不存在的pkaramol用户pkaramol运行它,所以会收到以下错误:
AMQ9557: Queue Manager User ID initialization failed for 'pkaramol'.
I also found that to perform the discover it opens a temporary dynamic queue using the model queue SYSTEM.DEFAULT.MODEL.QUEUE and puts PCF messages to the SYSTEM.ADMIN.COMMAND.QUEUE . 我还发现,要执行发现,它会使用模型队列SYSTEM.DEFAULT.MODEL.QUEUE打开一个临时动态队列,并将PCF消息放入SYSTEM.ADMIN.COMMAND.QUEUE 。 In addition for it to discover any queue details you must have at minimum +inq and +dsp on the queues. 此外,要发现任何队列详细信息,队列上必须至少具有+inq和+dsp 。
In your comment you stated you added the user pkaramol to the server and put it in the mqm group. 在您的评论中,您声明已将用户pkaramol添加到服务器,并将其放在mqm组中。 While this is a quick way to get this to work, it does provide that user full MQ Admin access. 尽管这是使它起作用的快速方法,但它确实为该用户提供了完全的MQ Admin访问权限。 You could provide your actual user with the following permissions and still be able to Discover all of the objects on the queue manager. 您可以为实际用户提供以下权限,但仍然能够发现队列管理器上的所有对象。 Please replace the word group below with a group your user is a member of on the server: 请更换字group下面一组你的用户是在服务器上的成员:
setmqaut -m DMSQM -t qmgr -g group +connect +inq +dsp
setmqaut -m DMSQM -n SYSTEM.ADMIN.COMMAND.QUEUE -t queue -g group +inq +put +dsp
setmqaut -m DMSQM -n SYSTEM.DEFAULT.MODEL.QUEUE -t queue -g group +get +dsp
setmqaut -m DMSQM -n '**' -t queue -g group +inq +dsp
I also noted that once you have queues populated either through Discover or manually adding them, it will use the User that you specified. 我还指出,一旦您通过发现或手动添加队列填充了队列,它将使用您指定的用户。
Note that with CHLAUTH and CONNAUTH disabled the queue manager is taking whatever user is presented and using it. 请注意,在禁用CHLAUTH和CONNAUTH的情况下,队列管理器将采用任何呈现的用户并使用它。 You could leave CONNAUTH enabled and specify a valid user and password and MQ would authenticate it. 您可以启用CONNAUTH并指定有效的用户名和密码,然后MQ会对它进行身份验证。
Another option since Discover does not honor the User setting would be to set a MCAUSER on the SVRCONN channel of mquser . 由于Discover不遵守User设置,因此另一个选项是在mquser的SVRCONN通道上设置MCAUSER 。
解决方案2
-2 2017-08-28 15:56:33
您需要授予UserId'pkaramol'权限,才能通过setmqaut命令访问队列管理器和队列。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.