- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Allow user to access cluster
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2007 06:52 AM
тАО03-12-2007 06:52 AM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2007 07:36 AM
тАО03-12-2007 07:36 AM
Re: Allow user to access cluster
Once the username is created into the cluster-common SYSUAF.DAT it can be used on all nodes.
>> I can create the user on only one node.
What bring you to this conclusion. What is the (non)-problem that you see? Be detailed. include EXACT (cut & paste) commands and error messages if needed.
Did you try accessing the other nodes?
What mechanism? Telnet? 'SET HOST'? Application controlled (eg Oracle, ftp,...)
hth,
Hein.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2007 07:51 AM
тАО03-12-2007 07:51 AM
Re: Allow user to access cluster
Is there some reason why you believe that the user cannot use other members of the cluster?
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2007 07:51 AM
тАО03-12-2007 07:51 AM
Re: Allow user to access cluster
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2007 08:18 AM
тАО03-12-2007 08:18 AM
Re: Allow user to access cluster
There are also other possibilities. More information about your system configuration is needed to be definitive.
- Are you using any special authentication mechanisms?
- Where are the UAF files for each member of the cluster located
There are also a variety of accidental mis-configurations that could be the cause of the problem. Have any changes been made to the cluster configuration recently?
If you can give us the information, we can attempt to troubleshoot this problem in this forum. If it is more complex, or it can not be addressed in the forum, a consultant with system management experience could sort out the problem [Disclosure: Our firm does provide such services, as do several other active members of the community].
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2007 09:56 AM
тАО03-12-2007 09:56 AM
Re: Allow user to access cluster
If you don't know the answer to that question, please do the following:
Please provide output from:
$ mcr sysman set environment/cluter
SYSMAN> do show logical sys$sysdevice/full
SYSMAN> do show logical sys$common/ful
SYSMAN> do show logical sys$specific/ful
SYSMAN> do show logical sysuaf/full
SYSMAN> do show logical rightslist/full
SYSMAN> do directory/file sysuaf
SYSMAN> do directory/file rightslist
As the others have said, the sympoms are consistent with non-shared authorization/rightslist files.
These normally will be in the SYS$COMMON:[SYSEXE] directory. In almost all cases, you want these to be using the same files from every cluster node, because from a security standpoint, the cluster is "the system".
The common files don't have to be in sys$common:, but they should be using the same files on each node in the cluster.
The output of the last two directory commands will have a file ID, if these are not the same on the all nodes, then you are not using a common set. Even if they are the same, they could be on different devices, therefore the other show logical commands.
Probably best if you cut and paste the output to a notepad text file and attach, as the output will be easier to read in a fixed width font.
Jon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2007 09:57 AM
тАО03-12-2007 09:57 AM
SolutionOn OpenVMS V7.2 and later, look at the contents of the SYLOGICALS.TEMPLATE file for the list of files that should be shared in a cluster, or that -- at a minimum -- must be coordinated. This file is the template for the SYLOGICALS.COM procedure during OpenVMS installations, and it is a standard text file.
It has been quite common to miss one or more of these (shared) files over the years, which was the genesis of the creation of the (shared) file list in the SYLOGICALS.TEMPLATE file.
Once these files are configured correctly and any duplicates resolved, then the creation of a username on one node can and will apply (by default) to all cluster members. Transparently. Further, the same security profiles, queues and other such characteristics of a cluster can and do apply to all nodes.
Resolving duplicates is somewhat tedious, unfortunately. There are descriptions of the basic sequence in the appendix of the Cluster Systems Manual. I tend to use listings and a manual ("manual" as in "by-hand") process to MERGE and to flag duplicate UICs, identifiers, and usernames. With a little preliminary work with the text files acquired from commands such as AUTHORIZE (UAF) LIST, you can aim MERGE at the various listings from AUTHORIZE and such, and have it flag any duplicates that require resolution.)
Stephen Hoffman
HoffmanLabs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2007 10:01 AM
тАО03-12-2007 10:01 AM
Re: Allow user to access cluster
$ mcr sysman set environment/cluster
not:
$ mcr sysman set environment/cluter
Jon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2007 10:22 AM
тАО03-12-2007 10:22 AM
Re: Allow user to access cluster
If its the latter, than you need to set up a shareable directory among all nodes that contains cluster wide system files.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2007 10:39 AM
тАО03-12-2007 10:39 AM
Re: Allow user to access cluster
While manually merging is certainly one option, I would recommend making copies of the files and using convert/merge/exception=x.x as a first pass.
In any event, as Robert Gezelter and Hoff have stated, if you have uncoordinated security files, cleaning up probably isn't something that will be resolved on this forum, as it can be complex. For example, there may be multiple identifiers associated with the same UIC value. If you are new to VMS, you will probably require some assistance.
If this is a "new" problem, then perhaps it will be easy to fix. The longer things have been out of sync, the more divergent they become. If no new accounts have been added or modified, then only things like last login time, etc. will be different.
Did you inherit the cluster? Is the previous owner still available to ask questions?
Disclaimer: I don't do consulting, so you will need to find someone else, if you so decide. There are several people on the forums that do provide these services for a fee. Alternatively, you can read the documentation Hoff suggested, and use Google to search for things like merge sysuaf in Google groups, and fix the problem yourself. You will definitely learn more by doing it yourself, but there is a much higher degree of risk, and having someone that has done this before is probably better if this is a production system. Doing it wrong could leave your system insecure.