How to connect to QMGR using client / Channel Tab
To connect to QMGR we should have SVRCONN Channel defined in the QMGR , Channel TAB created and ready to use .Now we will see how we can use channel Tab to connect to QMGR using mq sample program amqsputc
Below shows the channel tab file and its location and connection .
[mqm@ip-172-31-14-154 ~]$ ls -lrt /var/mqm/AMQCLCHL.TAB -rw-rw-r--. 1 mqm mqm 2106 Jan 10 05:53 /var/mqm/AMQCLCHL.TAB [mqm@ip-172-31-14-154 ~]$ Channel Tab has below connection details dis chl(*) all 3 : dis chl(*) all AMQ8414I: Display Channel details. CHANNEL(CL.APPQM1) CHLTYPE(CLNTCONN) AFFINITY(PREFERRED) ALTDATE(2021-01-10) ALTTIME(05.53.51) CERTLABL( ) CLNTWGHT(0) COMPHDR(NONE) COMPMSG(NONE) CONNAME(172.31.14.154(1417)) DEFRECON(NO) DESCR( ) HBINT(300) KAINT(AUTO) LOCLADDR( ) MAXMSGL(4194304) MODENAME( ) PASSWORD( ) QMNAME(APPQM1) RCVDATA( ) RCVEXIT( ) SCYDATA( ) SCYEXIT( ) SENDDATA( ) SENDEXIT( ) SHARECNV(10) SSLCIPH( ) SSLPEER( ) TPNAME( ) TRPTYPE(TCP) USERID( )
Note: In this i am using QMGR server it self as client . So default below values are used where LIB points to /var/mqm and TAB point to AMQCLCHL.TAB
MQCHLLIB=/var/mqm
MQCHLTAB=AMQCLCHL.TAB
Here we are trying to use same server where MQ server is installed so default location used for LIB and TAB Name . Just try to connect .
[mqm@ip-172-31-14-154 ~]$ /opt/mqm/samp/bin/amqsputc DESTINATION APPQM1
Sample AMQSPUT0 start
MQCONNX ended with reason code 2035
[mqm@ip-172-31-14-154 ~]$
You might get the error, MQRC_NOT_AUTHORIZED (2035). By default, channel authentication is enabled when a queue manager is created. Channel authentication prevents privileged users accessing a queue manager as a IBM WebSphere MQ MQI client. For verifying the installation, you can either change the MCA user ID to a non-privileged user, or disable channel authentication. To disable channel authentication run the following MQSC command:
ALTER QMGR CHLAUTH(DISABLED)
When you finish the test, if you do not delete the queue manager, re-enable channel authentication:
ALTER QMGR CHLAUTH(ENABLED)
Now when i try got same error . Below error found in QMGR logs
----- amqrimna.c : 917 --------------------------------------------------------
01/10/2021 09:40:39 AM - Process(8074.4) User(mqm) Program(amqrmppa)
Host(ip-172-31-14-154.us-east-2.compute.internal) Installation(Installation1)
VRMF(9.2.0.1) QMgr(APPQM1)
Time(2021-01-10T09:40:39.045Z)
RemoteHost(172.31.14.154)
CommentInsert1(CL.APPQM1)
CommentInsert2(172.31.14.154)
CommentInsert3(MCAUSER(mqm) CLNTUSER(mqm) ADDRESS(ip-172-31-14-154))
AMQ9776E: Channel was blocked by userid
EXPLANATION:
The inbound channel 'CL.APPQM1' was blocked from address '172.31.14.154'
because the active values of the channel were mapped to a userid which should
be blocked. The active values of the channel were 'MCAUSER(mqm) CLNTUSER(mqm)
ADDRESS(ip-172-31-14-154)'.
ACTION:
Contact the systems administrator, who should examine the channel
authentication records to ensure that the correct settings have been
configured. The ALTER QMGR CHLAUTH switch is used to control whether channel
authentication records are used. The command DISPLAY CHLAUTH can be used to
query the channel authentication records.
-----------------------------------------------------------------------------------
dis qmgr chlauth 2 : dis qmgr chlauth AMQ8408I: Display Queue Manager details. QMNAME(APPQM1) CHLAUTH(ENABLED) alter qmgr chlauth(disabled) 3 : alter qmgr chlauth(disabled) AMQ8005I: IBM MQ queue manager changed. REFRESH SECURITY TYPE(CONNAUTH) REFRESH SECURITY TYPE(CONNAUTH) 4 : REFRESH SECURITY TYPE(CONNAUTH) AMQ8560I: IBM MQ security cache refreshed.
Now try got different below error.
----- amqzfuca.c : 4657 -------------------------------------------------------
01/10/2021 11:20:36 AM - Process(1446.27) User(mqm) Program(amqzlaa0)
Host(ip-172-31-14-154.us-east-2.compute.internal) Installation(Installation1)
VRMF(9.2.0.1) QMgr(APPQM1)
Time(2021-01-10T11:20:36.432Z)
CommentInsert1(mqm)
CommentInsert2(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)
CommentInsert3(CHCKCLNT(REQDADM))
AMQ5541I: The failed authentication check was caused by the queue manager
CONNAUTH CHCKCLNT(REQDADM) configuration.
EXPLANATION:
The user ID 'mqm' and its password were checked because the user ID is
privileged and the queue manager connection authority (CONNAUTH) configuration
refers to an authentication information (AUTHINFO) object named
'SYSTEM.DEFAULT.AUTHINFO.IDPWOS' with CHCKCLNT(REQDADM).
This message accompanies a previous error to clarify the reason for the user ID
and password check.
ACTION:
Refer to the previous error for more information.
Ensure that a password is specified by the client application and that the
password is correct for the user ID. The authentication configuration of the
queue manager connection determines the user ID repository. For example, the
local operating system user database or an LDAP server.
To avoid the authentication check, you can either use an unprivileged user ID
or amend the authentication configuration of the queue manager. You can amend
the CHCKCLNT attribute in the CHLAUTH record, but you should generally not
allow unauthenticated remote access.
----- amqzfuca.c : 4679 -------------------------------------------------------
01/10/2021 11:20:37 AM - Process(8074.6) User(mqm) Program(amqrmppa)
Host(ip-172-31-14-154.us-east-2.compute.internal) Installation(Installation1)
VRMF(9.2.0.1) QMgr(APPQM1)
Time(2021-01-10T11:20:37.432Z)
ArithInsert1(2) ArithInsert2(2035)
CommentInsert1(mqm)
AMQ9557E: Queue Manager User ID initialization failed for 'mqm'.
EXPLANATION:
The call to initialize the User ID 'mqm' failed with CompCode 2 and Reason
2035. If an MQCSP block was used, the User ID in the MQCSP block was ''. If a
userID flow was used, the User ID in the UID header was '' and any CHLAUTH
rules applied prior to user adoption were evaluated case-sensitively against
this value.
ACTION:
Correct the error and try again.
----- cmqxrsrv.c : 2580 -------------------------------------------------------
To resolve above error change CHCKCLNT to OPTIONAL from REQDADM.
dis qmgr connauth 5 : dis qmgr connauth AMQ8408I: Display Queue Manager details. QMNAME(APPQM1) CONNAUTH(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) dis authinfo(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) all dis authinfo(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) all 6 : dis authinfo(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) all AMQ8566I: Display authentication information details. AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) ADOPTCTX(YES) DESCR( ) CHCKCLNT(REQDADM) CHCKLOCL(OPTIONAL) FAILDLAY(1) AUTHENMD(OS) ALTDATE(2021-01-03) ALTTIME(08.53.19)
dis authinfo(*)
alter authinfo(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(optional)
REFRESH SECURITY TYPE(CONNAUTH)
Try now
[mqm@ip-172-31-14-154 errors]$ /opt/mqm/samp/bin/amqsputc TESTCLIENT APPQM1 Sample AMQSPUT0 start target queue is TESTCLIENT TESTClient 1 2 3 4 5 End Sample AMQSPUT0 end [mqm@ip-172-31-14-154 errors]
Message successfully sent . Try to get the message using amqsgetc
[mqm@ip-172-31-14-154 errors]$ /opt/mqm/samp/bin/amqsgetc TESTCLIENT APPQM1 Sample AMQSGET0 start message <TESTClient 1> message <2> message <3> message <4> message <5> message <End> no more messages Sample AMQSGET0 end [mqm@ip-172-31-14-154 errors]$