Operating System - OpenVMS
1748089 Members
4776 Online
108758 Solutions
New Discussion юеВ

Auditing network access only account decnet copy failure

 
SOLVED
Go to solution
James Barry Donovan
Occasional Contributor

Auditing network access only account decnet copy failure

Hello & good morning

Were currently using decnet over IP to transfer files via a proxy account. This account is network access only.

We cannot see any audit alarms on the receiving remote node. The failure locally is a insufficient privledge or file protection violation.

We've checked the remote disk/file acl & uic access all the way down from physical volume to root and sub-directory down to actual file name access. No issues that we can see.

We'd like to generate an audit alarm on the remote node for the failed decnet copy. Our audit is not capturing it. It's possible that we've not enabled a feature for this.

Can you tell me what should be enabled to capture this copy/login failure?
4 REPLIES 4
Robert Gezelter
Honored Contributor

Re: Auditing network access only account decnet copy failure

James,

As a starting point: Do any network operations work with the proxy account? [Does DIRECTORY work?]

What does the NETSERVER.LOG file show? Also, are the various images activated as part of the FAL request available to the proxy user?

One common accidental error that I have seen on more than one occasion is to forget to give the user NETMBX and TMPMBX.

- Bob Gezelter, http://www.rlgsc.com
Volker Halle
Honored Contributor
Solution

Re: Auditing network access only account decnet copy failure

James,

if you can reproduce this error, consider to use FAL$LOG to trace file access on the remote end.

$ DEFINE/SYS FAL$LOG 1

After the operation failed, look at the most recent NET$SERVER.LOG files in the remote account. Look for a DAP status code of 4055 and the associated filename. You may have to wait a couple of minutes until you can read the NET$SERVER.LOG file. Alternatively you can STOP/IMAGE/ID=xxx the Server_nnnn network process.

Don't forget to DEASS/SYS FAL$LOG afterwards.

You can also try SET AUDIT/AUDIT/ENABLE=(ACCESS=FAILURE), but be aware, that that might trigger lots of audit entries.

Volker.
Hoff
Honored Contributor

Re: Auditing network access only account decnet copy failure

Kindly post the full DCL commands used, the exact error message text received, the current security (both alarm and audit) settings on the target, and the details of the configuration.

Without some details, it's entirely possible to guess here that the commands here are not hitting the network, or are not hitting the target node, for instance. Or that there's a mix-up between alarms and audits.

Or yes, that FAL isn't playing nice - but I'd be surprised if DECnet FAL is this broken.
Bill Hall
Honored Contributor

Re: Auditing network access only account decnet copy failure

When using DECnet over ip with proxies, I would suspect that the address to name translations for your proxy entries is not what you expected. Could be several reasons for this depending on your environment and DECnet and tcpip configuration.

Check the NET$SERVER.LOG files that have been created by the failed file transfer attempts, probably in your default FAL account's default directory. If you don't have them, create one using a known username/password from the same remote node.
$dire remote_node"username password"::
Then look at that NET$SERVER.LOG for the

Connect request received at 14-APR-2009 14:27:37.65
from remote process nodename::"0=username"
for object "SYS$COMMON:[SYSEXE]FAL.EXE"

I'm guessing what your system is translating nodename to is not what you were expecting.

Bill
Bill Hall