We are creating a historical archive of our one of our production servers that is running LSF9 on Windows. We've successfully created a VM clone and now want to remove LASE. Since it is a historical archive, we only want to use LAUA security and access the system via LID (since access will be limited). The IBM WebSphere services are off/removed. What would be the next steps for removing LASE?
Sandy, You don't mention exactly which release of LSF9 you're on, so my advise will be constrained accordingly. First, LASE means a few different things. I'll address each in context to your question: 1) LASE the service (the lase.exe process, controlled via startlase/stoplase) CANNOT be disabled. It HAS to be listed and running, meaning the LDAP (presumably ADAM/ADLDS) must also be running 2) LASE the security concept, more frequently referred to as new Lawson Security, CAN be disabled. Execute the command : lsconfig -c #SSOCONFIG_PASSWORD# OFF NOTE: Depending on your ESP, this command may not be available. the other options are to start WebSphere and disable it using the LSA tool, or manually do it in the LDAP. I can post these instructions offline if you're interested Now, beyond that, you may need to revert user accounts back to LAUA profiles, depending on the state of your previous security setup. A short list of possible considerations are as follows: 1) CheckLS flag in RM 2) LAUA Classes in GEN 3) LAUA assignments in GEN Beyond this, the community would need a bit more information to give more specific information.
Kwane
EDITED: The original posting removed the hyperlink-style tag
Apologies, full version is 9.0.1.10.288 (yes, it's an older box )
And I am referring to just Item 2, so any documentation you have would be greatly appreciated!
BTW, we do have security built out for the various security classes in LAUA/GEN. And the RM profiles have CheckLS set to No.
Thanks for the info Kwane. I can disable Lawson security, however, the other problem that I'm encountering is that I cannot start the Lawson environment, which seems to be hung on the lase service. Listed below is the latest output from the lase.log. Do note that we have seen these Warnings previously but they haven't stopped lase from starting.
Mon Aug 07 13:41:18 2017: Timeout value is adjusted to 90 Secs Mon Aug 07 13:41:18 2017: Security Environment Version 9.0.1.10.288 2012-03-11 04:00:00 (201205) starting. Mon Aug 07 13:41:18 2017: Security Environment Version 9.0.1.10.288 2012-03-11 04:00:00 (201205) started. Mon Aug 07 13:41:18 2017: Checking authen.dat and .ssokeystore access: Mon Aug 07 13:41:18 2017: WARNING: authen.dat is NOT owned by LAWSON (current owner is: Administrators) Mon Aug 07 13:41:18 2017: WARNING: authen.dat is NOT secured from group/world Mon Aug 07 13:41:18 2017: WARNING: .ssokeystore is NOT owned by LAWSON (current owner is: Administrators) Mon Aug 07 13:41:18 2017: WARNING: .ssokeystore is NOT secured from group/world Mon Aug 07 13:41:18 2017: Checking authen.dat and .ssokeystore access: DONE Mon Aug 07 13:41:18 2017: Security Environment terminated with an exit status of: 1 Mon Aug 07 13:41:18 2017: Security Environment Version 9.0.1.10.288 2012-03-11 04:00:00 (201205) Stopped.
Thanks for the offer Kwane, tried calling and voice mail was full. I can be reached anytime via cell 510-828-1085 (I'm in California).