Re: MQ auths on AIX with AD back-end?

Were there any QM restarts after housing ID's in AD? We had seen QM restart fix this behavior in MQ 6.0,
solaris 8. I assume refresh security was already tried & result was the same.

--Ram

On Feb 9, 2012, at 5:02 PM, T-Rob <t.rob.wyatt@...> wrote:

> I have a customer using Active Directory to house their groups and IDs for 
> AIX.  My understanding is that this should work exactly as for NIS or NIS+ 
> where as long as WMQ can issue getgrent, getpwname and so forth, the auths 
> should work.  What we see though is that the auths work only when the IDs 
> and groups are in the local /etc/passwd and /etc/group files.  They have a 
> job that copies the AD version of the IDs and groups into the local /etc/* 
> files and preserves all the UIG/GID numbers.  I can do a groups or an id 
> command and it returns the expected values regardless of where the IDs and 
> groups are defined at that moment.  Yet WMQ throws auths events if the 
> local /etc/* files do not hold the entries, even though the id and groups 
> commands work.
> 
> We checked the obvious stuff...
> 
> * The auths events show the expected user ID in lower case.
> * The ID is defined in AD in lower case
> * Double-checked the UID/GID numbers are not changing
> * IDs are shorter than 12 chars
> * Verified that the behavior change is easily reproduced by populating or 
> unpopulating /etc files.
> 
> Has anyone seen this before?  Is there anything about AD that makes it 
> behave differently from NIS+ in this situation, or special config options 
> required? 
> Thanks -- T.Rob
> 
> To unsubscribe, write to
LISTSERV@... and,
> in the message body (not the subject), write: SIGNOFF MQSERIES
> Instructions for managing your mailing list subscription are provided in
> the Listserv General Users Guide available at http://www.lsoft.com
> Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html

To unsubscribe, write to LISTSERV@... and,
in the message body (not the subject), write: SIGNOFF MQSERIES