All,

I tried posting this via the web, but every time I click on the "Post" link, I get a pop-up stating:

Access Denied

You don't have permission to access "http://community.ibm.com/higherlogic/ui/mvc/contributedcontent/contributedcontent/createQuestion" on this server.

Reference #18.9e0c0317.1766436968.5bb9eaa4

https://errors.edgesuite.net/18.9e0c0317.1766436968.5bb9eaa4

Yes, I've logged in at TechXchange.  Maybe I'm cursed right now and that's the reason I'm having the issue described below.  I just wanted to state up front that since this is being posted via email, some of the formatting below may get lost.  I'm hoping it is readable whatever the format.

Anyway, the problem I'm having involves IDS 14.10.FC11W1 on RHEL 8.10.  One server (appserver1) is our application server, connecting to our test database server (dbsrv1).  Trying to connect to the database via dbaccess gives a -956 "Client or user is not trusted by server".  The user has entries in /etc/passwd on both appserver1 and dbsrv1, and the instance is configured to use the REMOTE_SERVER_CFG file to allow authentication based on client servername.  

The value of REMOTE_SERVER_CFG for this instance:

[informix]$ onstat -c REMOTE_SERVER_CFG

test_remote_servers

The contents of $INFORMIXDIR/etc/test_remote_servers:

lgcyserver1.companyname.corp

lgcy_server1

webapp1.companyname.corp

webapp1

dbsrv2.companyname.corp

dbsrv2

dbsrv3.companyname.corp

dbsrv3

appserver1.companyname.corp

appserver1

I suspect that I don't technically need both the long and short versions of each server's name, but that's not the key point here.  In online.log, the error is logged as:

2025-12-22 10:07:19.133  listener-thread: err = -956: oserr = 0: errstr = userabc1@10.15.20.30[appserver1.companyname.corp]: Client host or user userabc1@10.15.20.30[appserver1.companyname.corp] is not trusted by the server.

To get around this, I added the IP address for the server to the test_remote_servers file.  Once that was done, user userabc1 was able to connect to the database with no issues.

But unless I'm mistaken, I shouldn't have to do this workaround.  The hostname should be the correct value to put in REMOTE_SERVER_CFG.  And based on the error message, the instance is able to resolve the IP address to the servername.  So why is this not working in this case?  What do I need to check?

And if anyone has any suggestions on how to clear up the "ACCESS DENIED" error I'm getting on the TechXchange website, please pass that along as well.

Thanks.

Mark

All,

I tried posting this via the web, but every time I click on the "Post" link, I get a pop-up stating:

Access Denied

You don't have permission to access "http://community.ibm.com/higherlogic/ui/mvc/contributedcontent/contributedcontent/createQuestion" on this server.

Reference #18.9e0c0317.1766436968.5bb9eaa4

https://errors.edgesuite.net/18.9e0c0317.1766436968.5bb9eaa4

Yes, I've logged in at TechXchange.  Maybe I'm cursed right now and that's the reason I'm having the issue described below.  I just wanted to state up front that since this is being posted via email, some of the formatting below may get lost.  I'm hoping it is readable whatever the format.

Anyway, the problem I'm having involves IDS 14.10.FC11W1 on RHEL 8.10.  One server (appserver1) is our application server, connecting to our test database server (dbsrv1).  Trying to connect to the database via dbaccess gives a -956 "Client or user is not trusted by server".  The user has entries in /etc/passwd on both appserver1 and dbsrv1, and the instance is configured to use the REMOTE_SERVER_CFG file to allow authentication based on client servername.  

The value of REMOTE_SERVER_CFG for this instance:

[informix]$ onstat -c REMOTE_SERVER_CFG

test_remote_servers

The contents of $INFORMIXDIR/etc/test_remote_servers:

lgcyserver1.companyname.corp

lgcy_server1

webapp1.companyname.corp

webapp1

dbsrv2.companyname.corp

dbsrv2

dbsrv3.companyname.corp

dbsrv3

appserver1.companyname.corp

appserver1

I suspect that I don't technically need both the long and short versions of each server's name, but that's not the key point here.  In online.log, the error is logged as:

2025-12-22 10:07:19.133  listener-thread: err = -956: oserr = 0: errstr = userabc1@10.15.20.30[appserver1.companyname.corp]: Client host or user userabc1@10.15.20.30[appserver1.companyname.corp] is not trusted by the server.

To get around this, I added the IP address for the server to the test_remote_servers file.  Once that was done, user userabc1 was able to connect to the database with no issues.

But unless I'm mistaken, I shouldn't have to do this workaround.  The hostname should be the correct value to put in REMOTE_SERVER_CFG.  And based on the error message, the instance is able to resolve the IP address to the servername.  So why is this not working in this case?  What do I need to check?

And if anyone has any suggestions on how to clear up the "ACCESS DENIED" error I'm getting on the TechXchange website, please pass that along as well.

Thanks.

Mark

Hi Paul,

Thanks.  I do have both the short name and the FQDN for the host.  I just was hoping not to have to include the IP address.  Otherwise, what's the point of DNS in the first place?  And the fact that the onstat -m output includes both the IP address and the FQDN makes me believe that the address-to-hostname resolution process was successful.

Mark

All,

I tried posting this via the web, but every time I click on the "Post" link, I get a pop-up stating:

Access Denied

You don't have permission to access "http://community.ibm.com/higherlogic/ui/mvc/contributedcontent/contributedcontent/createQuestion" on this server.

Reference #18.9e0c0317.1766436968.5bb9eaa4

https://errors.edgesuite.net/18.9e0c0317.1766436968.5bb9eaa4

Yes, I've logged in at TechXchange.  Maybe I'm cursed right now and that's the reason I'm having the issue described below.  I just wanted to state up front that since this is being posted via email, some of the formatting below may get lost.  I'm hoping it is readable whatever the format.

Anyway, the problem I'm having involves IDS 14.10.FC11W1 on RHEL 8.10.  One server (appserver1) is our application server, connecting to our test database server (dbsrv1).  Trying to connect to the database via dbaccess gives a -956 "Client or user is not trusted by server".  The user has entries in /etc/passwd on both appserver1 and dbsrv1, and the instance is configured to use the REMOTE_SERVER_CFG file to allow authentication based on client servername.  

The value of REMOTE_SERVER_CFG for this instance:

[informix]$ onstat -c REMOTE_SERVER_CFG

test_remote_servers

The contents of $INFORMIXDIR/etc/test_remote_servers:

lgcyserver1.companyname.corp

lgcy_server1

webapp1.companyname.corp

webapp1

dbsrv2.companyname.corp

dbsrv2

dbsrv3.companyname.corp

dbsrv3

appserver1.companyname.corp

appserver1

I suspect that I don't technically need both the long and short versions of each server's name, but that's not the key point here.  In online.log, the error is logged as:

2025-12-22 10:07:19.133  listener-thread: err = -956: oserr = 0: errstr = userabc1@10.15.20.30[appserver1.companyname.corp]: Client host or user userabc1@10.15.20.30[appserver1.companyname.corp] is not trusted by the server.

To get around this, I added the IP address for the server to the test_remote_servers file.  Once that was done, user userabc1 was able to connect to the database with no issues.

But unless I'm mistaken, I shouldn't have to do this workaround.  The hostname should be the correct value to put in REMOTE_SERVER_CFG.  And based on the error message, the instance is able to resolve the IP address to the servername.  So why is this not working in this case?  What do I need to check?

And if anyone has any suggestions on how to clear up the "ACCESS DENIED" error I'm getting on the TechXchange website, please pass that along as well.

Thanks.

Mark

Hi Paul,

Thanks.  I do have both the short name and the FQDN for the host.  I just was hoping not to have to include the IP address.  Otherwise, what's the point of DNS in the first place?  And the fact that the onstat -m output includes both the IP address and the FQDN makes me believe that the address-to-hostname resolution process was successful.

Mark

All,

I tried posting this via the web, but every time I click on the "Post" link, I get a pop-up stating:

Access Denied

You don't have permission to access "http://community.ibm.com/higherlogic/ui/mvc/contributedcontent/contributedcontent/createQuestion" on this server.

Reference #18.9e0c0317.1766436968.5bb9eaa4

https://errors.edgesuite.net/18.9e0c0317.1766436968.5bb9eaa4

Yes, I've logged in at TechXchange.  Maybe I'm cursed right now and that's the reason I'm having the issue described below.  I just wanted to state up front that since this is being posted via email, some of the formatting below may get lost.  I'm hoping it is readable whatever the format.

Anyway, the problem I'm having involves IDS 14.10.FC11W1 on RHEL 8.10.  One server (appserver1) is our application server, connecting to our test database server (dbsrv1).  Trying to connect to the database via dbaccess gives a -956 "Client or user is not trusted by server".  The user has entries in /etc/passwd on both appserver1 and dbsrv1, and the instance is configured to use the REMOTE_SERVER_CFG file to allow authentication based on client servername.  

The value of REMOTE_SERVER_CFG for this instance:

[informix]$ onstat -c REMOTE_SERVER_CFG

test_remote_servers

The contents of $INFORMIXDIR/etc/test_remote_servers:

lgcyserver1.companyname.corp

lgcy_server1

webapp1.companyname.corp

webapp1

dbsrv2.companyname.corp

dbsrv2

dbsrv3.companyname.corp

dbsrv3

appserver1.companyname.corp

appserver1

I suspect that I don't technically need both the long and short versions of each server's name, but that's not the key point here.  In online.log, the error is logged as:

2025-12-22 10:07:19.133  listener-thread: err = -956: oserr = 0: errstr = userabc1@10.15.20.30[appserver1.companyname.corp]: Client host or user userabc1@10.15.20.30[appserver1.companyname.corp] is not trusted by the server.

To get around this, I added the IP address for the server to the test_remote_servers file.  Once that was done, user userabc1 was able to connect to the database with no issues.

But unless I'm mistaken, I shouldn't have to do this workaround.  The hostname should be the correct value to put in REMOTE_SERVER_CFG.  And based on the error message, the instance is able to resolve the IP address to the servername.  So why is this not working in this case?  What do I need to check?

And if anyone has any suggestions on how to clear up the "ACCESS DENIED" error I'm getting on the TechXchange website, please pass that along as well.

Thanks.

Mark