why are one-to-many proxies disallowed (NAFADDERR)
-
Topic author - Master
- Posts: 103
- Joined: Mon Aug 09, 2021 7:59 pm
- Reputation: 0
- Status: Offline
why are one-to-many proxies disallowed (NAFADDERR)
Anyone know the rationale for disabling the ability of a remote DECnet user to access more than one local user via the proxy mechanism?
-
- Contributor
- Posts: 19
- Joined: Wed May 22, 2024 5:32 pm
- Reputation: 0
- Location: colorado, usa
- Status: Offline
- Contact:
Re: why are one-to-many proxies disallowed (NAFADDERR)
can you provide an example of what you're talking about? is there an example of command(s) that you've entered and the message(s) that you've received?
Norm Lastovica / SCI
-
Topic author - Master
- Posts: 103
- Joined: Mon Aug 09, 2021 7:59 pm
- Reputation: 0
- Status: Offline
Re: why are one-to-many proxies disallowed (NAFADDERR)
lastovica@sciinc.com wrote: ↑Mon Sep 30, 2024 10:31 am
can you provide an example of what you're talking about? is there an example of command(s) that you've entered and the message(s) that you've received?
Code: Select all
$ run authorize
UAF> show/proxy hobby::jonesd
Default proxies are flagged with (D)
HOBBY::JONESD
JONESD (D)
UAF> add/proxy hobby::jonesd vterm
%UAF-E-NAFADDERR, error adding proxy from HOBBY::JONESD to VTERM
UAF> show/proxy hobby::jonesd
Default proxies are flagged with (D)
HOBBY::JONESD
JONESD (D)
UAF> exit
$ help/message/nopage nafadderr
NAFADDERR, unable to add entry to network proxy database
Facility: UAF, Authorize Utility
Explanation: The specified record could not be added to the network user
authorization file (NETPROXY.DAT). For example, this error
occurs if you try to add a record authorizing a remote user to
access more than one local account. Each user at a remote node
is allowed to access the files of only one user on the local
node.
...
-
- Master
- Posts: 205
- Joined: Fri Aug 14, 2020 11:31 am
- Reputation: 0
- Status: Offline
Re: why are one-to-many proxies disallowed (NAFADDERR)
According to the 'fine' manual, try
UAF> ADD/PROXY HAL::WALTER REMOTE_MKT/DEFAULT,PROXY2,PROXY3
https://vmssoftware.com/docs/VSI_SYS_MG ... _VOL_I.PDF
7.9.5. Adding Proxy Accounts
Volker.
UAF> ADD/PROXY HAL::WALTER REMOTE_MKT/DEFAULT,PROXY2,PROXY3
https://vmssoftware.com/docs/VSI_SYS_MG ... _VOL_I.PDF
7.9.5. Adding Proxy Accounts
Volker.
-
Topic author - Master
- Posts: 103
- Joined: Mon Aug 09, 2021 7:59 pm
- Reputation: 0
- Status: Offline
Re: why are one-to-many proxies disallowed (NAFADDERR)
Under 9.2, first local user is added, second gets the NAFADDERR, third is never tried due to the preceding error.volkerhalle wrote: ↑Mon Sep 30, 2024 12:11 pmAccording to the 'fine' manual, try
UAF> ADD/PROXY HAL::WALTER REMOTE_MKT/DEFAULT,PROXY2,PROXY3
https://vmssoftware.com/docs/VSI_SYS_MG ... _VOL_I.PDF
7.9.5. Adding Proxy Accounts
BTW, getting this error borks the security server as well. Further attempts to add any proxies will timeout with a comm. error until you restart it (set server security/restart).
-
- Master
- Posts: 205
- Joined: Fri Aug 14, 2020 11:31 am
- Reputation: 0
- Status: Offline
Re: why are one-to-many proxies disallowed (NAFADDERR)
Time to log a call ?
The example cited is straight from the most recent System Manager's Manual...
Works on VSI OpenVMS Alpha V8.4-2L2:
UAF> add/prox axpvms::halle test1/def,test2,test3
%UAF-I-NAFADDMSG, proxy from AXPVMS::HALLE to TEST1 added
%UAF-I-NAFADDMSG, proxy from AXPVMS::HALLE to TEST2 added
%UAF-I-NAFADDMSG, proxy from AXPVMS::HALLE to TEST3 added
Volker.
The example cited is straight from the most recent System Manager's Manual...
Works on VSI OpenVMS Alpha V8.4-2L2:
UAF> add/prox axpvms::halle test1/def,test2,test3
%UAF-I-NAFADDMSG, proxy from AXPVMS::HALLE to TEST1 added
%UAF-I-NAFADDMSG, proxy from AXPVMS::HALLE to TEST2 added
%UAF-I-NAFADDMSG, proxy from AXPVMS::HALLE to TEST3 added
Volker.
Last edited by volkerhalle on Mon Sep 30, 2024 1:55 pm, edited 2 times in total.
-
- Master
- Posts: 497
- Joined: Fri Apr 17, 2020 7:31 pm
- Reputation: 0
- Location: Rhode Island, USA
- Status: Online
- Contact:
Re: why are one-to-many proxies disallowed (NAFADDERR)
On 9.2-2 I get:
Added in 4 hours 31 minutes 57 seconds:
And separately does not make a difference:
Note that I am a little behind with patches and FT versions.
I am at 9.2-2 update 2.
Code: Select all
$ r authorize
UAF> show/prox *
Default proxies are flagged with (D)
ARNE4::SYSTEM
OSU$WWW
ARNE4::OSU$WWW
OSU$WWW (D)
UAF> add/prox arne4::arne arne/def,osu$www,apache$www
%UAF-I-NAFADDMSG, proxy from ARNE4::ARNE to ARNE added
%UAF-I-NAFADDMSG, proxy from ARNE4::ARNE to OSU$WWW added
%UAF-I-NAFADDMSG, proxy from ARNE4::ARNE to APACHE$WWW added
UAF> show/prox *
Default proxies are flagged with (D)
ARNE4::SYSTEM
OSU$WWW
ARNE4::OSU$WWW
OSU$WWW (D)
ARNE4::ARNE
ARNE (D) OSU$WWW
APACHE$WWW
And separately does not make a difference:
Code: Select all
$ r authorize
UAF> show/prox *
Default proxies are flagged with (D)
ARNE4::SYSTEM
OSU$WWW
ARNE4::OSU$WWW
OSU$WWW (D)
UAF> add/proxy arne4::arne arne/def
%UAF-I-NAFADDMSG, proxy from ARNE4::ARNE to ARNE added
UAF> add/proxy arne4::arne osu$www
%UAF-I-NAFADDMSG, proxy from ARNE4::ARNE to OSU$WWW added
UAF> add/proxy arne4::arne apache$www
%UAF-I-NAFADDMSG, proxy from ARNE4::ARNE to APACHE$WWW added
UAF> show/prox *
Default proxies are flagged with (D)
ARNE4::SYSTEM
OSU$WWW
ARNE4::OSU$WWW
OSU$WWW (D)
ARNE4::ARNE
ARNE (D) OSU$WWW
APACHE$WWW
I am at 9.2-2 update 2.