All,

I tried posting this via the web, but every time I click on the "Post" link, I get a pop-up stating:

Access Denied

You don't have permission to access "http://community.ibm.com/higherlogic/ui/mvc/contributedcontent/contributedcontent/createQuestion" on this server.

Reference #18.9e0c0317.1766436968.5bb9eaa4

https://errors.edgesuite.net/18.9e0c0317.1766436968.5bb9eaa4

Yes, I've logged in at TechXchange.  Maybe I'm cursed right now and that's the reason I'm having the issue described below.  I just wanted to state up front that since this is being posted via email, some of the formatting below may get lost.  I'm hoping it is readable whatever the format.

Anyway, the problem I'm having involves IDS 14.10.FC11W1 on RHEL 8.10.  One server (appserver1) is our application server, connecting to our test database server (dbsrv1).  Trying to connect to the database via dbaccess gives a -956 "Client or user is not trusted by server".  The user has entries in /etc/passwd on both appserver1 and dbsrv1, and the instance is configured to use the REMOTE_SERVER_CFG file to allow authentication based on client servername.  

The value of REMOTE_SERVER_CFG for this instance:

[informix]$ onstat -c REMOTE_SERVER_CFG

test_remote_servers

The contents of $INFORMIXDIR/etc/test_remote_servers:

lgcyserver1.companyname.corp

lgcy_server1

webapp1.companyname.corp

webapp1

dbsrv2.companyname.corp

dbsrv2

dbsrv3.companyname.corp

dbsrv3

appserver1.companyname.corp

appserver1

I suspect that I don't technically need both the long and short versions of each server's name, but that's not the key point here.  In online.log, the error is logged as:

2025-12-22 10:07:19.133  listener-thread: err = -956: oserr = 0: errstr = userabc1@10.15.20.30[appserver1.companyname.corp]: Client host or user userabc1@10.15.20.30[appserver1.companyname.corp] is not trusted by the server.

To get around this, I added the IP address for the server to the test_remote_servers file.  Once that was done, user userabc1 was able to connect to the database with no issues.

But unless I'm mistaken, I shouldn't have to do this workaround.  The hostname should be the correct value to put in REMOTE_SERVER_CFG.  And based on the error message, the instance is able to resolve the IP address to the servername.  So why is this not working in this case?  What do I need to check?

And if anyone has any suggestions on how to clear up the "ACCESS DENIED" error I'm getting on the TechXchange website, please pass that along as well.

Thanks.

Mark

All,

I tried posting this via the web, but every time I click on the "Post" link, I get a pop-up stating:

Access Denied

You don't have permission to access "http://community.ibm.com/higherlogic/ui/mvc/contributedcontent/contributedcontent/createQuestion" on this server.

Reference #18.9e0c0317.1766436968.5bb9eaa4

https://errors.edgesuite.net/18.9e0c0317.1766436968.5bb9eaa4

Yes, I've logged in at TechXchange.  Maybe I'm cursed right now and that's the reason I'm having the issue described below.  I just wanted to state up front that since this is being posted via email, some of the formatting below may get lost.  I'm hoping it is readable whatever the format.

Anyway, the problem I'm having involves IDS 14.10.FC11W1 on RHEL 8.10.  One server (appserver1) is our application server, connecting to our test database server (dbsrv1).  Trying to connect to the database via dbaccess gives a -956 "Client or user is not trusted by server".  The user has entries in /etc/passwd on both appserver1 and dbsrv1, and the instance is configured to use the REMOTE_SERVER_CFG file to allow authentication based on client servername.  

The value of REMOTE_SERVER_CFG for this instance:

[informix]$ onstat -c REMOTE_SERVER_CFG

test_remote_servers

The contents of $INFORMIXDIR/etc/test_remote_servers:

lgcyserver1.companyname.corp

lgcy_server1

webapp1.companyname.corp

webapp1

dbsrv2.companyname.corp

dbsrv2

dbsrv3.companyname.corp

dbsrv3

appserver1.companyname.corp

appserver1

I suspect that I don't technically need both the long and short versions of each server's name, but that's not the key point here.  In online.log, the error is logged as:

2025-12-22 10:07:19.133  listener-thread: err = -956: oserr = 0: errstr = userabc1@10.15.20.30[appserver1.companyname.corp]: Client host or user userabc1@10.15.20.30[appserver1.companyname.corp] is not trusted by the server.

To get around this, I added the IP address for the server to the test_remote_servers file.  Once that was done, user userabc1 was able to connect to the database with no issues.

But unless I'm mistaken, I shouldn't have to do this workaround.  The hostname should be the correct value to put in REMOTE_SERVER_CFG.  And based on the error message, the instance is able to resolve the IP address to the servername.  So why is this not working in this case?  What do I need to check?

And if anyone has any suggestions on how to clear up the "ACCESS DENIED" error I'm getting on the TechXchange website, please pass that along as well.

Thanks.

Mark

Hi Paul,

Thanks.  I do have both the short name and the FQDN for the host.  I just was hoping not to have to include the IP address.  Otherwise, what's the point of DNS in the first place?  And the fact that the onstat -m output includes both the IP address and the FQDN makes me believe that the address-to-hostname resolution process was successful.

Mark

All,

I tried posting this via the web, but every time I click on the "Post" link, I get a pop-up stating:

Access Denied

You don't have permission to access "http://community.ibm.com/higherlogic/ui/mvc/contributedcontent/contributedcontent/createQuestion" on this server.

Reference #18.9e0c0317.1766436968.5bb9eaa4

https://errors.edgesuite.net/18.9e0c0317.1766436968.5bb9eaa4

Yes, I've logged in at TechXchange.  Maybe I'm cursed right now and that's the reason I'm having the issue described below.  I just wanted to state up front that since this is being posted via email, some of the formatting below may get lost.  I'm hoping it is readable whatever the format.

Anyway, the problem I'm having involves IDS 14.10.FC11W1 on RHEL 8.10.  One server (appserver1) is our application server, connecting to our test database server (dbsrv1).  Trying to connect to the database via dbaccess gives a -956 "Client or user is not trusted by server".  The user has entries in /etc/passwd on both appserver1 and dbsrv1, and the instance is configured to use the REMOTE_SERVER_CFG file to allow authentication based on client servername.  

The value of REMOTE_SERVER_CFG for this instance:

[informix]$ onstat -c REMOTE_SERVER_CFG

test_remote_servers

The contents of $INFORMIXDIR/etc/test_remote_servers:

lgcyserver1.companyname.corp

lgcy_server1

webapp1.companyname.corp

webapp1

dbsrv2.companyname.corp

dbsrv2

dbsrv3.companyname.corp

dbsrv3

appserver1.companyname.corp

appserver1

I suspect that I don't technically need both the long and short versions of each server's name, but that's not the key point here.  In online.log, the error is logged as:

2025-12-22 10:07:19.133  listener-thread: err = -956: oserr = 0: errstr = userabc1@10.15.20.30[appserver1.companyname.corp]: Client host or user userabc1@10.15.20.30[appserver1.companyname.corp] is not trusted by the server.

To get around this, I added the IP address for the server to the test_remote_servers file.  Once that was done, user userabc1 was able to connect to the database with no issues.

But unless I'm mistaken, I shouldn't have to do this workaround.  The hostname should be the correct value to put in REMOTE_SERVER_CFG.  And based on the error message, the instance is able to resolve the IP address to the servername.  So why is this not working in this case?  What do I need to check?

And if anyone has any suggestions on how to clear up the "ACCESS DENIED" error I'm getting on the TechXchange website, please pass that along as well.

Thanks.

Mark

Hi Paul,

Thanks.  I do have both the short name and the FQDN for the host.  I just was hoping not to have to include the IP address.  Otherwise, what's the point of DNS in the first place?  And the fact that the onstat -m output includes both the IP address and the FQDN makes me believe that the address-to-hostname resolution process was successful.

Mark

All,

I tried posting this via the web, but every time I click on the "Post" link, I get a pop-up stating:

Access Denied

You don't have permission to access "http://community.ibm.com/higherlogic/ui/mvc/contributedcontent/contributedcontent/createQuestion" on this server.

Reference #18.9e0c0317.1766436968.5bb9eaa4

https://errors.edgesuite.net/18.9e0c0317.1766436968.5bb9eaa4

Yes, I've logged in at TechXchange.  Maybe I'm cursed right now and that's the reason I'm having the issue described below.  I just wanted to state up front that since this is being posted via email, some of the formatting below may get lost.  I'm hoping it is readable whatever the format.

Anyway, the problem I'm having involves IDS 14.10.FC11W1 on RHEL 8.10.  One server (appserver1) is our application server, connecting to our test database server (dbsrv1).  Trying to connect to the database via dbaccess gives a -956 "Client or user is not trusted by server".  The user has entries in /etc/passwd on both appserver1 and dbsrv1, and the instance is configured to use the REMOTE_SERVER_CFG file to allow authentication based on client servername.  

The value of REMOTE_SERVER_CFG for this instance:

[informix]$ onstat -c REMOTE_SERVER_CFG

test_remote_servers

The contents of $INFORMIXDIR/etc/test_remote_servers:

lgcyserver1.companyname.corp

lgcy_server1

webapp1.companyname.corp

webapp1

dbsrv2.companyname.corp

dbsrv2

dbsrv3.companyname.corp

dbsrv3

appserver1.companyname.corp

appserver1

I suspect that I don't technically need both the long and short versions of each server's name, but that's not the key point here.  In online.log, the error is logged as:

2025-12-22 10:07:19.133  listener-thread: err = -956: oserr = 0: errstr = userabc1@10.15.20.30[appserver1.companyname.corp]: Client host or user userabc1@10.15.20.30[appserver1.companyname.corp] is not trusted by the server.

To get around this, I added the IP address for the server to the test_remote_servers file.  Once that was done, user userabc1 was able to connect to the database with no issues.

But unless I'm mistaken, I shouldn't have to do this workaround.  The hostname should be the correct value to put in REMOTE_SERVER_CFG.  And based on the error message, the instance is able to resolve the IP address to the servername.  So why is this not working in this case?  What do I need to check?

And if anyone has any suggestions on how to clear up the "ACCESS DENIED" error I'm getting on the TechXchange website, please pass that along as well.

Thanks.

Mark

Hi Paul,

The contents of /etc/resolv.conf are:

# Generated by NetworkManager

search companyname.corp

nameserver 10.0.5.3

nameserver 10.0.5.6

The two IP addresses point to our AD servers:

[informix]$ nslookup 10.0.5.3

3.5.0.10.in-addr.arpa   name = dnsAD01.companyname.corp.

[informix]$ nslookup 10.0.5.6

6.5.0.10.in-addr.arpa   name = dnsAD02.companyname.corp.

Running nslookup from my PC confirms that at least the 10.0.5.6 address is being used for DNS:

C:\Users\mark >nslookup appserver1.companyname.corp

Server:  dnsAD02.companyname.corp

Address:  10.0.5.6

Name:    nslookup appserver1.companyname.corp

Address:  10.15.20.30

That's about the limit of my access for checking DNS and resolv.conf.  I can check with the sysadm tomorrow to see if he can get any further with it.

Mark

Hi Paul,

Thanks.  I do have both the short name and the FQDN for the host.  I just was hoping not to have to include the IP address.  Otherwise, what's the point of DNS in the first place?  And the fact that the onstat -m output includes both the IP address and the FQDN makes me believe that the address-to-hostname resolution process was successful.

Mark

All,

I tried posting this via the web, but every time I click on the "Post" link, I get a pop-up stating:

Access Denied

You don't have permission to access "http://community.ibm.com/higherlogic/ui/mvc/contributedcontent/contributedcontent/createQuestion" on this server.

Reference #18.9e0c0317.1766436968.5bb9eaa4

https://errors.edgesuite.net/18.9e0c0317.1766436968.5bb9eaa4

Yes, I've logged in at TechXchange.  Maybe I'm cursed right now and that's the reason I'm having the issue described below.  I just wanted to state up front that since this is being posted via email, some of the formatting below may get lost.  I'm hoping it is readable whatever the format.

Anyway, the problem I'm having involves IDS 14.10.FC11W1 on RHEL 8.10.  One server (appserver1) is our application server, connecting to our test database server (dbsrv1).  Trying to connect to the database via dbaccess gives a -956 "Client or user is not trusted by server".  The user has entries in /etc/passwd on both appserver1 and dbsrv1, and the instance is configured to use the REMOTE_SERVER_CFG file to allow authentication based on client servername.  

The value of REMOTE_SERVER_CFG for this instance:

[informix]$ onstat -c REMOTE_SERVER_CFG

test_remote_servers

The contents of $INFORMIXDIR/etc/test_remote_servers:

lgcyserver1.companyname.corp

lgcy_server1

webapp1.companyname.corp

webapp1

dbsrv2.companyname.corp

dbsrv2

dbsrv3.companyname.corp

dbsrv3

appserver1.companyname.corp

appserver1

I suspect that I don't technically need both the long and short versions of each server's name, but that's not the key point here.  In online.log, the error is logged as:

2025-12-22 10:07:19.133  listener-thread: err = -956: oserr = 0: errstr = userabc1@10.15.20.30[appserver1.companyname.corp]: Client host or user userabc1@10.15.20.30[appserver1.companyname.corp] is not trusted by the server.

To get around this, I added the IP address for the server to the test_remote_servers file.  Once that was done, user userabc1 was able to connect to the database with no issues.

But unless I'm mistaken, I shouldn't have to do this workaround.  The hostname should be the correct value to put in REMOTE_SERVER_CFG.  And based on the error message, the instance is able to resolve the IP address to the servername.  So why is this not working in this case?  What do I need to check?

And if anyone has any suggestions on how to clear up the "ACCESS DENIED" error I'm getting on the TechXchange website, please pass that along as well.

Thanks.

Mark

Hi Paul,

The contents of /etc/resolv.conf are:

# Generated by NetworkManager

search companyname.corp

nameserver 10.0.5.3

nameserver 10.0.5.6

The two IP addresses point to our AD servers:

[informix]$ nslookup 10.0.5.3

3.5.0.10.in-addr.arpa   name = dnsAD01.companyname.corp.

[informix]$ nslookup 10.0.5.6

6.5.0.10.in-addr.arpa   name = dnsAD02.companyname.corp.

Running nslookup from my PC confirms that at least the 10.0.5.6 address is being used for DNS:

C:\Users\mark >nslookup appserver1.companyname.corp

Server:  dnsAD02.companyname.corp

Address:  10.0.5.6

Name:    nslookup appserver1.companyname.corp

Address:  10.15.20.30

That's about the limit of my access for checking DNS and resolv.conf.  I can check with the sysadm tomorrow to see if he can get any further with it.

Mark

Hi Paul,

Thanks.  I do have both the short name and the FQDN for the host.  I just was hoping not to have to include the IP address.  Otherwise, what's the point of DNS in the first place?  And the fact that the onstat -m output includes both the IP address and the FQDN makes me believe that the address-to-hostname resolution process was successful.

Mark

All,

I tried posting this via the web, but every time I click on the "Post" link, I get a pop-up stating:

Access Denied

You don't have permission to access "http://community.ibm.com/higherlogic/ui/mvc/contributedcontent/contributedcontent/createQuestion" on this server.

Reference #18.9e0c0317.1766436968.5bb9eaa4

https://errors.edgesuite.net/18.9e0c0317.1766436968.5bb9eaa4

Yes, I've logged in at TechXchange.  Maybe I'm cursed right now and that's the reason I'm having the issue described below.  I just wanted to state up front that since this is being posted via email, some of the formatting below may get lost.  I'm hoping it is readable whatever the format.

Anyway, the problem I'm having involves IDS 14.10.FC11W1 on RHEL 8.10.  One server (appserver1) is our application server, connecting to our test database server (dbsrv1).  Trying to connect to the database via dbaccess gives a -956 "Client or user is not trusted by server".  The user has entries in /etc/passwd on both appserver1 and dbsrv1, and the instance is configured to use the REMOTE_SERVER_CFG file to allow authentication based on client servername.  

The value of REMOTE_SERVER_CFG for this instance:

[informix]$ onstat -c REMOTE_SERVER_CFG

test_remote_servers

The contents of $INFORMIXDIR/etc/test_remote_servers:

lgcyserver1.companyname.corp

lgcy_server1

webapp1.companyname.corp

webapp1

dbsrv2.companyname.corp

dbsrv2

dbsrv3.companyname.corp

dbsrv3

appserver1.companyname.corp

appserver1

I suspect that I don't technically need both the long and short versions of each server's name, but that's not the key point here.  In online.log, the error is logged as:

2025-12-22 10:07:19.133  listener-thread: err = -956: oserr = 0: errstr = userabc1@10.15.20.30[appserver1.companyname.corp]: Client host or user userabc1@10.15.20.30[appserver1.companyname.corp] is not trusted by the server.

To get around this, I added the IP address for the server to the test_remote_servers file.  Once that was done, user userabc1 was able to connect to the database with no issues.

But unless I'm mistaken, I shouldn't have to do this workaround.  The hostname should be the correct value to put in REMOTE_SERVER_CFG.  And based on the error message, the instance is able to resolve the IP address to the servername.  So why is this not working in this case?  What do I need to check?

And if anyone has any suggestions on how to clear up the "ACCESS DENIED" error I'm getting on the TechXchange website, please pass that along as well.

Thanks.

Mark

Hello Dennis,

I believe you may have the answer.  I tried using nslookup, host, and dig -x with the IP address, and none of them gave me the hostname.  It's odd that the hostname shows up in the online.log message, though.  I'm not sure how the message can get that hostname but the authentication logic that checks REMOTE_SERVER_CFG can't.

The part about REMOTE_SERVER_CFG makes sense.  Since the IP packet header only provides the IP address, it has to use reverse resolution to get the hostname so that it can check against the contents of the test_remote_servers file.  When that fails, if the file does not contain the IP address as well, then the connection is rejected with the -956 error.

I just wish I could explain how online.log gets the hostname if the reverse lookup isn't working.

In any event, I will ask our network guys if there is a reason that reverse lookup is not working for this network segment.  They've got it working on another segment, just not the one that the appserver1 and dbsvr1 are on.

Thanks.

Mark

Hi Paul,

The contents of /etc/resolv.conf are:

# Generated by NetworkManager

search companyname.corp

nameserver 10.0.5.3

nameserver 10.0.5.6

The two IP addresses point to our AD servers:

[informix]$ nslookup 10.0.5.3

3.5.0.10.in-addr.arpa   name = dnsAD01.companyname.corp.

[informix]$ nslookup 10.0.5.6

6.5.0.10.in-addr.arpa   name = dnsAD02.companyname.corp.

Running nslookup from my PC confirms that at least the 10.0.5.6 address is being used for DNS:

C:\Users\mark >nslookup appserver1.companyname.corp

Server:  dnsAD02.companyname.corp

Address:  10.0.5.6

Name:    nslookup appserver1.companyname.corp

Address:  10.15.20.30

That's about the limit of my access for checking DNS and resolv.conf.  I can check with the sysadm tomorrow to see if he can get any further with it.

Mark

Hi Paul,

Thanks.  I do have both the short name and the FQDN for the host.  I just was hoping not to have to include the IP address.  Otherwise, what's the point of DNS in the first place?  And the fact that the onstat -m output includes both the IP address and the FQDN makes me believe that the address-to-hostname resolution process was successful.

Mark

All,

I tried posting this via the web, but every time I click on the "Post" link, I get a pop-up stating:

Access Denied

You don't have permission to access "http://community.ibm.com/higherlogic/ui/mvc/contributedcontent/contributedcontent/createQuestion" on this server.

Reference #18.9e0c0317.1766436968.5bb9eaa4

https://errors.edgesuite.net/18.9e0c0317.1766436968.5bb9eaa4

Yes, I've logged in at TechXchange.  Maybe I'm cursed right now and that's the reason I'm having the issue described below.  I just wanted to state up front that since this is being posted via email, some of the formatting below may get lost.  I'm hoping it is readable whatever the format.

Anyway, the problem I'm having involves IDS 14.10.FC11W1 on RHEL 8.10.  One server (appserver1) is our application server, connecting to our test database server (dbsrv1).  Trying to connect to the database via dbaccess gives a -956 "Client or user is not trusted by server".  The user has entries in /etc/passwd on both appserver1 and dbsrv1, and the instance is configured to use the REMOTE_SERVER_CFG file to allow authentication based on client servername.  

The value of REMOTE_SERVER_CFG for this instance:

[informix]$ onstat -c REMOTE_SERVER_CFG

test_remote_servers

The contents of $INFORMIXDIR/etc/test_remote_servers:

lgcyserver1.companyname.corp

lgcy_server1

webapp1.companyname.corp

webapp1

dbsrv2.companyname.corp

dbsrv2

dbsrv3.companyname.corp

dbsrv3

appserver1.companyname.corp

appserver1

I suspect that I don't technically need both the long and short versions of each server's name, but that's not the key point here.  In online.log, the error is logged as:

2025-12-22 10:07:19.133  listener-thread: err = -956: oserr = 0: errstr = userabc1@10.15.20.30[appserver1.companyname.corp]: Client host or user userabc1@10.15.20.30[appserver1.companyname.corp] is not trusted by the server.

To get around this, I added the IP address for the server to the test_remote_servers file.  Once that was done, user userabc1 was able to connect to the database with no issues.

But unless I'm mistaken, I shouldn't have to do this workaround.  The hostname should be the correct value to put in REMOTE_SERVER_CFG.  And based on the error message, the instance is able to resolve the IP address to the servername.  So why is this not working in this case?  What do I need to check?

And if anyone has any suggestions on how to clear up the "ACCESS DENIED" error I'm getting on the TechXchange website, please pass that along as well.

Thanks.

Mark

Hello Dennis,

I believe you may have the answer.  I tried using nslookup, host, and dig -x with the IP address, and none of them gave me the hostname.  It's odd that the hostname shows up in the online.log message, though.  I'm not sure how the message can get that hostname but the authentication logic that checks REMOTE_SERVER_CFG can't.

The part about REMOTE_SERVER_CFG makes sense.  Since the IP packet header only provides the IP address, it has to use reverse resolution to get the hostname so that it can check against the contents of the test_remote_servers file.  When that fails, if the file does not contain the IP address as well, then the connection is rejected with the -956 error.

I just wish I could explain how online.log gets the hostname if the reverse lookup isn't working.

In any event, I will ask our network guys if there is a reason that reverse lookup is not working for this network segment.  They've got it working on another segment, just not the one that the appserver1 and dbsvr1 are on.

Thanks.

Mark

Hi Paul,

The contents of /etc/resolv.conf are:

# Generated by NetworkManager

search companyname.corp

nameserver 10.0.5.3

nameserver 10.0.5.6

The two IP addresses point to our AD servers:

[informix]$ nslookup 10.0.5.3

3.5.0.10.in-addr.arpa   name = dnsAD01.companyname.corp.

[informix]$ nslookup 10.0.5.6

6.5.0.10.in-addr.arpa   name = dnsAD02.companyname.corp.

Running nslookup from my PC confirms that at least the 10.0.5.6 address is being used for DNS:

C:\Users\mark >nslookup appserver1.companyname.corp

Server:  dnsAD02.companyname.corp

Address:  10.0.5.6

Name:    nslookup appserver1.companyname.corp

Address:  10.15.20.30

That's about the limit of my access for checking DNS and resolv.conf.  I can check with the sysadm tomorrow to see if he can get any further with it.

Mark

Hi Paul,

Thanks.  I do have both the short name and the FQDN for the host.  I just was hoping not to have to include the IP address.  Otherwise, what's the point of DNS in the first place?  And the fact that the onstat -m output includes both the IP address and the FQDN makes me believe that the address-to-hostname resolution process was successful.

Mark

All,

I tried posting this via the web, but every time I click on the "Post" link, I get a pop-up stating:

Access Denied

You don't have permission to access "http://community.ibm.com/higherlogic/ui/mvc/contributedcontent/contributedcontent/createQuestion" on this server.

Reference #18.9e0c0317.1766436968.5bb9eaa4

https://errors.edgesuite.net/18.9e0c0317.1766436968.5bb9eaa4

Yes, I've logged in at TechXchange.  Maybe I'm cursed right now and that's the reason I'm having the issue described below.  I just wanted to state up front that since this is being posted via email, some of the formatting below may get lost.  I'm hoping it is readable whatever the format.

Anyway, the problem I'm having involves IDS 14.10.FC11W1 on RHEL 8.10.  One server (appserver1) is our application server, connecting to our test database server (dbsrv1).  Trying to connect to the database via dbaccess gives a -956 "Client or user is not trusted by server".  The user has entries in /etc/passwd on both appserver1 and dbsrv1, and the instance is configured to use the REMOTE_SERVER_CFG file to allow authentication based on client servername.  

The value of REMOTE_SERVER_CFG for this instance:

[informix]$ onstat -c REMOTE_SERVER_CFG

test_remote_servers

The contents of $INFORMIXDIR/etc/test_remote_servers:

lgcyserver1.companyname.corp

lgcy_server1

webapp1.companyname.corp

webapp1

dbsrv2.companyname.corp

dbsrv2

dbsrv3.companyname.corp

dbsrv3

appserver1.companyname.corp

appserver1

I suspect that I don't technically need both the long and short versions of each server's name, but that's not the key point here.  In online.log, the error is logged as:

2025-12-22 10:07:19.133  listener-thread: err = -956: oserr = 0: errstr = userabc1@10.15.20.30[appserver1.companyname.corp]: Client host or user userabc1@10.15.20.30[appserver1.companyname.corp] is not trusted by the server.

To get around this, I added the IP address for the server to the test_remote_servers file.  Once that was done, user userabc1 was able to connect to the database with no issues.

But unless I'm mistaken, I shouldn't have to do this workaround.  The hostname should be the correct value to put in REMOTE_SERVER_CFG.  And based on the error message, the instance is able to resolve the IP address to the servername.  So why is this not working in this case?  What do I need to check?

And if anyone has any suggestions on how to clear up the "ACCESS DENIED" error I'm getting on the TechXchange website, please pass that along as well.

Thanks.

Mark

Hi Paul,

The contents of /etc/resolv.conf are:

# Generated by NetworkManager

search companyname.corp

nameserver 10.0.5.3

nameserver 10.0.5.6

The two IP addresses point to our AD servers:

[informix]$ nslookup 10.0.5.3

3.5.0.10.in-addr.arpa   name = dnsAD01.companyname.corp.

[informix]$ nslookup 10.0.5.6

6.5.0.10.in-addr.arpa   name = dnsAD02.companyname.corp.

Running nslookup from my PC confirms that at least the 10.0.5.6 address is being used for DNS:

C:\Users\mark >nslookup appserver1.companyname.corp

Server:  dnsAD02.companyname.corp

Address:  10.0.5.6

Name:    nslookup appserver1.companyname.corp

Address:  10.15.20.30

That's about the limit of my access for checking DNS and resolv.conf.  I can check with the sysadm tomorrow to see if he can get any further with it.

Mark

Hi Paul,

Thanks.  I do have both the short name and the FQDN for the host.  I just was hoping not to have to include the IP address.  Otherwise, what's the point of DNS in the first place?  And the fact that the onstat -m output includes both the IP address and the FQDN makes me believe that the address-to-hostname resolution process was successful.

Mark

All,

I tried posting this via the web, but every time I click on the "Post" link, I get a pop-up stating:

Access Denied

You don't have permission to access "http://community.ibm.com/higherlogic/ui/mvc/contributedcontent/contributedcontent/createQuestion" on this server.

Reference #18.9e0c0317.1766436968.5bb9eaa4

https://errors.edgesuite.net/18.9e0c0317.1766436968.5bb9eaa4

Yes, I've logged in at TechXchange.  Maybe I'm cursed right now and that's the reason I'm having the issue described below.  I just wanted to state up front that since this is being posted via email, some of the formatting below may get lost.  I'm hoping it is readable whatever the format.

Anyway, the problem I'm having involves IDS 14.10.FC11W1 on RHEL 8.10.  One server (appserver1) is our application server, connecting to our test database server (dbsrv1).  Trying to connect to the database via dbaccess gives a -956 "Client or user is not trusted by server".  The user has entries in /etc/passwd on both appserver1 and dbsrv1, and the instance is configured to use the REMOTE_SERVER_CFG file to allow authentication based on client servername.  

The value of REMOTE_SERVER_CFG for this instance:

[informix]$ onstat -c REMOTE_SERVER_CFG

test_remote_servers

The contents of $INFORMIXDIR/etc/test_remote_servers:

lgcyserver1.companyname.corp

lgcy_server1

webapp1.companyname.corp

webapp1

dbsrv2.companyname.corp

dbsrv2

dbsrv3.companyname.corp

dbsrv3

appserver1.companyname.corp

appserver1

I suspect that I don't technically need both the long and short versions of each server's name, but that's not the key point here.  In online.log, the error is logged as:

2025-12-22 10:07:19.133  listener-thread: err = -956: oserr = 0: errstr = userabc1@10.15.20.30[appserver1.companyname.corp]: Client host or user userabc1@10.15.20.30[appserver1.companyname.corp] is not trusted by the server.

To get around this, I added the IP address for the server to the test_remote_servers file.  Once that was done, user userabc1 was able to connect to the database with no issues.

But unless I'm mistaken, I shouldn't have to do this workaround.  The hostname should be the correct value to put in REMOTE_SERVER_CFG.  And based on the error message, the instance is able to resolve the IP address to the servername.  So why is this not working in this case?  What do I need to check?

And if anyone has any suggestions on how to clear up the "ACCESS DENIED" error I'm getting on the TechXchange website, please pass that along as well.

Thanks.

Mark