Prev
Next
Forums Infor / Lawson Platforms S3 Systems Administration

'lawson' user commands error in LID

 6 Replies
 0 Subscribed to this topic
 27 Subscribed to this forum
Sort:
Author
Messages
ThomasT
Advanced Member
Posts: 27
Advanced Member
8/4/2010 2:40 PM
    We're now seeing for the 'lawson' user that when typing in commands in LID such as dbdef, pgmdef, rngdbdump, etc. that the response is:
    "User must be assigned a security class".

    I've checked the 'lawson' user and he's OK with security. Security class exists for him in LID. And the 'lawson' user is an Officer in LAUA. He's also got the ALL usergroup defined for him.

    Also I checked that there are no duplicate RMID's attached to this 'lawson' ID.

    This only happens for the 'lawson' user, but the commands such as qcompile, laua are fine and OK with no problems or issues.

    I did notice in the lase.log entries that there are lines written to the log when this error occurs.


    08/02/2010 07:51:45 getuserenv: Pid 5656
    5656: Error converting UserName UNKNOWN to SID


    08/02/2010 07:52:42 getuserenv: Pid 8960
    8960: Error converting UserName UNKNOWN to SID

    I have checked for any user called 'UNKNOWN' in delusers, and also in RM. (There aren't).

    I don't know what else to check here. I've checked the LDAP using jxplorer to see if there was some type of orphan user called 'UKNOWN'. (There isn't).

    Any one with any ideas?

    This is Windows with Env version 9.0.1.5

    Thomas T.
    Marc Burnes
    Basic Member
    Posts: 14
    Basic Member
    8/4/2010 5:17 PM
      Try assigning the SYSTEMS+ security class to lawson in laua.
      ThomasT
      Advanced Member
      Posts: 27
      Advanced Member
      8/4/2010 5:43 PM
        There is no "SYSTEMS" or "SYSTEMS+" security class defined in laua.

        Is this something your company or organization defined?
        Marc Burnes
        Basic Member
        Posts: 14
        Basic Member
        8/4/2010 6:02 PM
          We run on Unix, so it is possible that the default security classes are different.

          Do you also use the Officer security class for the other logins which have access to dbdef, pgmdef, etc?
          John Henley
          Posts: 3353
          8/13/2010 7:26 PM
            It sounds like the environment identity for 'lawson' is missing/corrupt, or multiple RMIDs are assigned to the same environment identity as lawson.

            Thanks for using the LawsonGuru.com forums!
            John
            Greg Moeller
            Veteran Member
            Posts: 1498
            Veteran Member
            8/16/2010 7:44 PM
              Maybe I'm way off base here, but to me it sounds like you have the CheckLS flag set to YES, indicating use lsf security not LAUA.
              Jimmy Chiu
              Veteran Member
              Posts: 641
              Veteran Member
              8/17/2010 12:52 PM
                Check your LDAP lawson SID vs your AD lawson SID. If they are different, it means someone deleted the lawson account and recreated it. It happened to one of my user recently who has retired, the AD admin deleted the account. Then the user becomes a consultant. Thus, we recreated the account. Viola, lawson couldn't recognize the new SID of the newly created account eventhough the login is the same.