HPE Community
Operating System - OpenVMS
1754020 Members
7904 Online
108811 Solutions
New Discussion юеВ

DECNET

 
Tim Pride
Advisor

тАО03-13-2007 09:49 PM

тАО03-13-2007 09:49 PM

DECNET

How do I make unrestricted access between nodes,
eg. at the moment I can do the following :
DIR NODE"user pass"::DISK:[dir] but I need to be able to DIR NODE::DISK:[dir], when I try I get a message saying no priv. or object prot. violation.
I have read the manual I think I need to alter the defaults that were setup when I created the three node network, but which and how.
Thanks for any help.
0 Kudos
18 REPLIES 18
Volker Halle
Honored Contributor

тАО03-13-2007 10:02 PM

тАО03-13-2007 10:02 PM

Re: DECNET

Tim,

you need to set up DECnet PROXIES to allow access to the other nodes without specifying username and password.

Assuming you are logged in on NODE1 as USER1 and want to access files on NODE2 with the same username (USER1). You need to create a proxy on NODE2:

UAF> ADD/PROXY NODE1::USER1 USER1/DEFAULT

Volker.
0 Kudos
Karl Rohwedder
Honored Contributor

тАО03-13-2007 10:03 PM

тАО03-13-2007 10:03 PM

Re: DECNET

Tim,

if you just want to skip the user/pass string, you can setup proxies between the nodes for specific users (MCR AUTHORIZE ADD/PROX).

Or if you want to setup an all accessible directory you can configure decnet to use a default access (using NET$CONFIGURE). This is done via object FAL, which normally runs under an username of FAL$SERVER, so the user FAL$SERVER should have access to DISK:[DIR].

You can check for FAL with:
- DECNet IV: MC NCP SHO OBJ FAL
- DECnet V: MC NCL SHO SESS CON APPL FAL ALL ATTR

regards Kalle
0 Kudos
Robert Gezelter
Honored Contributor

тАО03-13-2007 10:27 PM

тАО03-13-2007 10:27 PM

Re: DECNET

Tim,

When configuring this type of access, please consider with care the security implications. Enabling global access via DECnet to all users is, at least potentially, the same as removing all file protections throughout the system.

Proxies are a fine way to achieve the functionality within limits. You will find a full description of the security implications in the Guide to System Security (available in the online documentation set at http://www.hp.com/go/openvms ).

If the three nodes comprise an OpenVMS cluster, then mounting devices clusterwide is the better option.

I hope that the above is helpful.

- Bob Gezelter, http://www.rlgsc.com
0 Kudos
Wim Van den Wyngaert
Honored Contributor

тАО03-13-2007 10:46 PM

тАО03-13-2007 10:46 PM

Re: DECNET

Or consider SSH which avoids security risks.

Wim
Wim
0 Kudos
Tim Pride
Advisor

тАО03-13-2007 10:51 PM

тАО03-13-2007 10:51 PM

Re: DECNET

Hi Guys,
thanks for quick response, I have tried the proxy approach first as it seemed the quicker method, so I have made proxies on all nodes, uaf no error, but it still doesn't work, except I can now dir node1:: while being on node1 which was not possible before. On my eldest node where decnet was already setup I found the FAl$server.exe but on the other nodes which I setup the command gave an error, I have an bad feeling I have not set up the decnet correctly, but I can set host and dir (user pass) works.
0 Kudos
Volker Halle
Honored Contributor

тАО03-13-2007 10:55 PM

тАО03-13-2007 10:55 PM

Re: DECNET

Tim,

you need to provide more details about VMS and DECnet versions (Phase IV or Phase V), which command you tried and what the error message was...

Volker.
0 Kudos
Tim Pride
Advisor

тАО03-14-2007 12:04 AM

тАО03-14-2007 12:04 AM

Re: DECNET

There are three nodes an old one which I am phasing out. Old node vms7.2-2 decnet 7.2-1, show net gives full listing idents, status etc.. net type DNA V, the two newer nodes run VMS 7.3-2 and decnet 7.3-2 net type DNA V, but when I show net/full decnet I get header detail but only errors after that, such as CMLSENFAILED, ACCESSDENIED and EMAAPROB .... error returned from vms ema agent.
These nodes I set up decnet with net$configure and as local, its supposed to run over tcpip, its looking more and more that I have not configured correctly, I thought net$configure did it all?
0 Kudos
Wim Van den Wyngaert
Honored Contributor

тАО03-14-2007 12:09 AM

тАО03-14-2007 12:09 AM

Re: DECNET

When I remove BYPASS from my privs and do show net/fu, I also get ACCESSDENIED and the other messages.

Wim
Wim
0 Kudos
Wim Van den Wyngaert
Honored Contributor

тАО03-14-2007 12:12 AM

тАО03-14-2007 12:12 AM

Re: DECNET

But not when I'm logged in as SYSTEM without bypass. My previous test was done with [7,3] where maxsysgroup is 7.

Wim
Wim
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.