× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I would like to add my own expression of gratitude to all those who took the
time to assist Dave Boettcher and myself to solve this problem.
This feature must have snooked (snook, sneaked, snooken, snuck ...?) in
while I was on my 5 year sabbatical as a chef. It is nice to know that the
o/s is still growing and progressing, and that this 'old dog' still has some
interesting new tricks to learn.

For those that missed the solution:

The command WRKFCNUSG (Work with Function Usage) goes beyond the 'simple'
authorisation to a number of command-based functions, by adding an extra
layer of authorisation.

FTP is one such command where a few of the sub-commands can be further
restricted to, for example, restrict a user signing on to the 'current
directory' by disallowing the 'CD' (Change Directory) sub-command, or by
only allowing files to be uploaded by disallowing the 'GET' sub-command.

How did we ever do without it in the olden-days?

Once again, many thanks for those who contributed to this topic.

Regards

Jeff Bull

NYCO Limited, UK

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Evan Harris
Sent: 06 March 2014 22:34
To: Midrange Systems Technical Discussion
Subject: Re: TCP3C8A Operation not authorised

Hi Dave

I guess the error message/id is only half the information needed to diagnose
the fault. Knowing what instruction in the script tripped the error might
provide some insight into what to check.

Is the error being tripped on sign on ? change directory ? put, get, list
etc

If you know more or less what has to be done you can step through the script
steps manually to see if you can reproduce the error and then suggest a
possible corrective action.


On Fri, Mar 7, 2014 at 8:57 AM, Dave Boettcher <
Dave.Boettcher@xxxxxxxxxxxxxxxxx> wrote:

Evan:
The software that Jeff's company supplies to our hardware maintenance
company and which I am trying to get set up, generates a script. When
we ended our phone call about noon our time today, Jeff was going to
dig
into
the script generation program. We know that the ftp commands aren't
written
to the log file and that the error Jeff asked about initially shows up
in
the job log.
Chuck: I've never done a trace but sounds like a good idea. I'll see
if
I
can try that.

As always, if there are any questions, please let me know.

Thanks,

Dave Boettcher

"It's amazing what you can accomplish if you don't care who gets the
credit."
Harry S. Truman


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:
midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Evan Harris
Sent: Thursday, March 06, 2014 1:38 PM
To: Midrange Systems Technical Discussion
Subject: Re: TCP3C8A Operation not authorised

So what function generates the "TCP3C8A Operation not authorised"
message,
all of them or a specific operation.

How far does the script actually get ?


On Fri, Mar 7, 2014 at 8:13 AM, Dave Boettcher <
Dave.Boettcher@xxxxxxxxxxxxxxxxx> wrote:

1) I'm the user that Jeff Bull is referring to.
2) Rob's suggestion - Entering WRKREGINF EXITPNT(QIBM_QTMF_*) and
using option 8 shows no exit programs on any of the Lines.
3) Tried WRKFCNUSG and the result is several screens of information
that I don't understand - any help in what to look for Evan?
4) Scott's question - entered WRKFCNUSG FCNID(QIBM_QTMF*) - again a
long list of functions - What to look for.
5) Also, Evan. We tried two modes in the passive area of their
software and same result.
6) Evan - our network guys assure us that ports 20 and 21 are open
with no restrictions.

Jeff is not on our system so I pretty much have to be the eyes in
this situation.
And we're 6 hours apart - Jeff in England and I'm in Wisconsin. Bit
of a challenge.

Thanks everyone for your continuing help.

HTH,
TIA,
Thanks,
Whichever applies

Dave B

Sometimes I get the feeling the whole world is against me, but deep
down I know that's not true. Some of the smaller countries are
neutral. -- Robert Orben (comedy writer)

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:
midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Thursday, March 06, 2014 12:46 PM
To: Midrange Systems Technical Discussion
Subject: Re: TCP3C8A Operation not authorised

Well, the usual questions that apply when discussing FTP:

1 - Are there any programs shown in WRKREGINF EXITPNT(QIBM_QTMF_*),
8=Work with exit programs There might be a "security exit point
program" in place that has some unique conditions that only affect
this person. I've written some from scratch - it's possible.

2 - Anything interesting in iNav's area that also does roughly the
same thing? If you need help hunting down the area of iNav that
handles this, let me know.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Jeff Bull" <jeff.nyco@xxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>
Date: 03/06/2014 01:33 PM
Subject: TCP3C8A Operation not authorised
Sent by: midrange-l-bounces@xxxxxxxxxxxx



TCP3C8A Diagnostic 30 03/06/14 11:08:32.145896
QTMFCLIE
QTCP *STMT QTMFCLIE QTCP *STMT
From module . . . . . . . . :
QTMFUTIL
From procedure . . . . . . :
qtmf_IssueMessage__FPcT1ie
Statement . . . . . . . . . :
351
To module . . . . . . . . . :
QTMFCLIE
To procedure . . . . . . . :
main
Statement . . . . . . . . . :
658
Message . . . . : Operation not
authorized.
Recovery . . . : See your
system
administrator or security officer.

I have a remote user trying to use an FTP script, for ALL the other
remote users it logs onto my server, PUTs a file on my system and
QUITs.
This one user gets this message in their joblog when they try to do
the exact same thing ... five attempts than abends.
I have googled the TCP3C8A but the webpage that comes up is less use
than a chocolate tea-pot.

I need a large can of inspiration if someone can supply?

Jeff Bull

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/midrange-l.




--

Regards
Evan Harris
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.