qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robbie Gemmell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPIDJMS-261) Not possible to connect to IBM's IIB AMQP broker
Date Thu, 04 May 2017 10:12:04 GMT

    [ https://issues.apache.org/jira/browse/QPIDJMS-261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15996492#comment-15996492
] 

Robbie Gemmell commented on QPIDJMS-261:
----------------------------------------

[~thiengu] Can I ask how you got on with this? Did you raise a ticket with IBM, and if so
get any response? Did you change proton to try working around the issue from the client side?

> Not possible to connect to IBM's IIB AMQP broker
> ------------------------------------------------
>
>                 Key: QPIDJMS-261
>                 URL: https://issues.apache.org/jira/browse/QPIDJMS-261
>             Project: Qpid JMS
>          Issue Type: Bug
>          Components: qpid-jms-client
>    Affects Versions: 0.20.0
>         Environment: Java 1.8
>            Reporter: Tin Nguyen
>         Attachments: qpid.0.11.1.log, qpid.0.11.1.pcapng, qpid.0.20.0.log, qpid.0.20.0.pcapng
>
>
> With the latest 0.20 version I'm not able to connect to IBM's Integration Bus running
AMQP implementation (afaik it's just a rip off from qpid).
> Seems like something changed with the way qpid-jms handles SASL authentication? It's
working in 0.11.1 so I tried to look into the changes but there were quite a few.
> I don't have access to the IBM server but the admin told me that my client didn't get
authenticated.
> log output from the qpid client:
> 2348 [AmqpProvider:(1):[amqp://SERVER:5672/TOPIC]] INFO  o.a.q.j.s.SaslMechanismFinder
- Best match for SASL auth was: SASL-PLAIN
> 8120 [AmqpProvider:(1):[amqp://SERVER:5672/TOPIC]] WARN  o.a.q.j.p.a.b.AmqpResourceBuilder
- Open of resource:(JmsConnectionInfo { ID:9088d3b3-0cba-4fb4-bb87-207872077309:1, configuredURI
= amqp://SERVER:5672/TOPIC, connectedURI = null }) failed: AMQXR0041E: A connection was not
authorized for channel SYSTEM.DEF.AMQP received from 10.2.190.60. MQRC 2035 MQRC_NOT_AUTHORIZED
[condition = amqp:unauthorized-access]
> 8121 [AmqpProvider:(1):[amqp://SERVER:5672/TOPIC]] INFO  o.a.q.j.p.a.AmqpProvider - Transport
failed: An existing connection was forcibly closed by the remote host
> Caught exception, exiting.
> javax.jms.JMSSecurityException: AMQXR0041E: A connection was not authorized for channel
SYSTEM.DEF.AMQP received from 10.2.10.60. MQRC 2035 MQRC_NOT_AUTHORIZED [condition = amqp:unauthorized-access]
> LOGS on IBM server
> 01/17/2017 01:40:21 PM - Process(51975.7) User(mqm) Program(java)
>                     Host(SERVER) Installation(Installation1)
>                     VRMF(9.0.0.0) QMgr(UUFNLB1E)
>                    
> AMQ5534: User ID 'hadoop' authentication failed
> EXPLANATION:
> The user ID and password supplied by the 'AMQP' program could not be
> authenticated. 
> Additional information: 'N/A'.
> ACTION:
> Ensure that the correct user ID and password are provided by the application.
> Ensure that the authentication repository is correctly configured. Look at
> previous error messages for any additional information.
> ----- amqzfuca.c : 4486 -------------------------------------------------------
> 01/17/2017 01:40:21 PM - Process(51975.7) User(mqm) Program(java)
>                     Host(SERVER) Installation(Installation1)
>                     VRMF(9.0.0.0) QMgr(UUFNLB1E)
>                    
> AMQ5542: The failed authentication check was caused by the queue manager
> CONNAUTH CHCKCLNT(REQDADM) configuration.
> EXPLANATION:
> The user ID 'hadoop' and its password were checked because the queue manager
> connection authority (CONNAUTH) configuration refers to an authentication
> information (AUTHINFO) object named 'SYSTEM.DEFAULT.AUTHINFO.IDPWOS' with
> CHCKCLNT(REQDADM). 
> This message accompanies a previous error to clarify the reason for the user ID
> and password check.
> ACTION:
> Refer to the previous error for more information. 
> Ensure that a password is specified by the client application and that the
> password is correct for the user ID. The authentication configuration of the
> queue manager connection determines the user ID repository. For example, the
> local operating system user database or an LDAP server. 
> If the CHCKCLNT setting is OPTIONAL, the authentication check can be avoided by
> not passing a user ID across the channel. For example, by omitting the MQCSP
> structure from the client MQCONNX API call. 
> To avoid the authentication check, you can amend the authentication
> configuration of the queue manager connection, but you should generally not
> allow unauthenticated remote access.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message