HPE Community
Operating System - OpenVMS
1753894 Members
7821 Online
108809 Solutions
New Discussion юеВ

Re: Protection settings

 
SOLVED
Go to solution
vmsserbo
Super Advisor

тАО08-04-2006 01:13 AM

тАО08-04-2006 01:13 AM

Re: Protection settings

I figured it out. It was a proxy I had to set up for the username

Thanks guys!
0 Kudos
Reply
Chinraj Rajasekaran
Frequent Advisor

тАО08-04-2006 01:18 AM

тАО08-04-2006 01:18 AM

Re: Protection settings

Hi Miles,

The login information is invaliad in remote nodes team07,08,09.

So you need to grant proxy access on the remote nodes for the user from TSTSTG.
( i assume TSTSTG is nodename)

you need to login on each node team07,08,09
and run these commands to grant access.

For Example:
login to team07..

First check if proxy exists
$ set defa sys$system
$ mc auhtorize
UAF> show proxy *

If no proxy exists already

UAF> add/proxy *::(TSTTSGusername) ( team07username) /default

regards
Raj
Reply
Barry Alford
Frequent Advisor

тАО08-04-2006 01:24 AM

тАО08-04-2006 01:24 AM

Re: Protection settings

The reason the files are not copied is given by the error message:

"SYSTEM-F-INVLOGIN, login information invalid at remote node"

In order to copy files to another node, you need a valid account (username) on that node. You can also set up a proxy on the node to allow a user from one node to access another node as a local user:

e.g.
NODE1 username: user1
NODE2 username: user2

If I setup a proxy on NODE2:
UAF> add/proxy NODE1::user1 user2/default

then I can access files from NODE1/user1
as if I had logged into NODE2 with the username user2.

have you tried adding the proxies??

Reply
Chinraj Rajasekaran
Frequent Advisor

тАО08-04-2006 01:24 AM

тАО08-04-2006 01:24 AM

Re: Protection settings

MIles,

One more thing i forgot to mention...

you also need to grant NETWORK access on the remote nodes team07 for which you have set the proxy access for the user from TSTSTG node.


$ mc authorize
$ mod (team07username) /network

same..for oter nodes as well.
otherwise you can not access via network.

regards
Raj
Reply
Barry Alford
Frequent Advisor

тАО08-04-2006 01:29 AM

тАО08-04-2006 01:29 AM

Re: Protection settings

Chinraj Rajasekaran:

I think you are mistaken!


UAF> Help modfiy/net

MODIFY

/NETWORK

/NETWORK[=(range[,...])]

Specifies hours of access for network batch jobs. For a
description of how to specify the range, see the /ACCESS
qualifier. By default, network logins have no access
restrictions.

Reply
Jan van den Ende
Honored Contributor

тАО08-04-2006 04:41 AM

тАО08-04-2006 04:41 AM

Re: Protection settings

Barry,

that is only half of the truth!

An account with NO ACCESS RESTRICTIONS inludes full network access, but otherwise Raj pointed out how to GIVE network access. The default of this would be all days of the week, all hours of the day. The syntax you give can trim that as needed.

Either give an account /ACCESS, meaining no access restrictions, or specify each mode, eg /LOCAL /NODIALUP /BATCH ....
Each (including /ACCESS for all modes) can by time-restricted the way Barry specified.

And if you want to specify all but one, first specify /ACCESS[=..], and then specify the deviation with the differing params.

hth

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
Reply
John Gillings
Honored Contributor

тАО08-06-2006 10:51 AM

тАО08-06-2006 10:51 AM

Re: Protection settings

Miles,

This thread worries me! The issue is an access problem, and your solution seems to be to open up access to the world.

If you're in a heavily secured network, this might be OK, but these days, that's highly unlikely.

Please have a read of "HP OpenVMS Guide to System Security". You need to design a security environment appropriate to your corporate policies and operational requirements.

That's not really something that can be done in a forum like this.

Consider an analogy... the front door on your house is secured with a numeric keypad. Your child has trouble getting in, so you ask a bunch of strangers in a public forum for the commands to tell the keypad to always let your child in.

What is wrong with this picture?

First, do you really trust them(us) to give advice that really is in YOUR best interests? At the very least, everyone reading the forum now knows that A) Your systems are insecure and B) how to access them. You may also have been "trojaned" (though, looking at the recommendations, they look reasonably safe).

OK, so I may be being paranoid, but when it comes to computer security, that's a REQUIREMENT!

;-)
A crucible of informative mistakes
0 Kudos
Reply
Robert Gezelter
Honored Contributor

тАО08-06-2006 11:42 AM

тАО08-06-2006 11:42 AM

Re: Protection settings

Miles,

I agree with John. Security settings, especially as they relate to the installation and maintenance of production applications, is a critical security and integrity audit issue.

Opening up the system, via either protection relaxations or proxies, can be a fatal error.

Extreme caution and prudence is advised.

- Bob Gezelter, http://www.rlgsc.com
0 Kudos
Reply
Barry Alford
Frequent Advisor

тАО08-06-2006 08:02 PM

тАО08-06-2006 08:02 PM

Re: Protection settings

Chinraj, Jan:

My apologies -- without appropriate /NETWORK access settings in the UAF, you do get the same error:

-RMS-E-FND, ACP file or directory lookup failed
-SYSTEM-F-INVLOGIN, login information invalid at remote node

I must learn not to be so hasty!

(0 points for this one!)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.