?
Solved

Domino Access List Issues - New 8.5 Mail databases

Posted on 2011-10-07
11
Medium Priority
?
342 Views
Last Modified: 2013-12-18
Hello,

We are in the process of rolling out Domino 8.5. Im also creating new mailbox's for the users. I do this by creating the mailbox on the shore server and then pushing it out to the vessels.

When i logon to the vessel and start nlnotes.exe (logged on as the server, with server ID) i can’t open the new databases i have created even though i have got the server clearly listed in the access list with full rights. In order to access the database i need to use my own ID (full administrator) or use the users ID.

The strange thing is - if i try to open all 6 of the new mailbox's i can open 2 or 3 of them but others i cant??

I have checked and double checked the access lists and they are all identical.

Can anyone advise why this might be happening and how i can fix it?

Attached is what the access control list looks like.

Thanks
 Access list of database that will not let server Navion Oslo into the database
0
Comment
Question by:TeekayVSS
  • 4
  • 2
  • 2
  • +3
11 Comments
 
LVL 7

Expert Comment

by:DominoG
ID: 36930481
Can I first ask what is the purpose of the # symbol in

#Admins
#Servers
0
 
LVL 6

Expert Comment

by:bluemeln
ID: 36936150
Check if the server ID is listed as an Administrator in the Configuration document.
Domino Admin > Configuration tab > Server Document > Security tab.

Is there a reason you log on with the Server ID rather than an admin ID?

DominoG: The #sign at the beginning indicates that it is a group, it is a naming convention to easily distinguish groups from individuals.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 36938643
The server's access rights have little to do with the user's access rights. It is a bad idea to log on as a server.  A server (as indicated by the ACL) does not have the same operations on a database as a user.

Additional remarks/questions:
- What error message do you get??
- Is a vessel also a server?
- How do you "push out" mail databases?
- Who is the owner of these mail databases? What is their ACL?
- Why do you use nlnotes.exe ?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:TeekayVSS
ID: 36941699
Hi,

First of all, thanks for your responses.

Additional remarks/questions:
- What error message do you get??
When i try to access the data base i get the alert "You are not autherised to access that database"

- Is a vessel also a server?
Each vessel is a server - every pysical vessel has its own Domino server.

- How do you "push out" mail databases?
I first create the mail databases (logged in with my own ID) and give them the correct owner and access rights. I then create a new replica on the server and setup a connection document. The system then pushes them out over night.

- Who is the owner of these mail databases? What is their ACL?
The owner is set as the user who will be using the mail database (Cheng - Vessel Name, Choff, Master or Mates). The example above is a system mail database and its just used to email files to the vessel, however i have attached a example of a user mail databases (Cheng) that i cant access with the server ID.

- Why do you use nlnotes.exe ?
We use nlnotes to access the domino server and database, we logon as the consloe to the sever (server 2003 in workstation mode),  and then start nlnotes from D:\Notes and this allows us to access the databases. We dont have the Admin program installed as its a shared server and secirity is less than aditquit to be honest.

Im aware that we should not be using the server ID to logon, however the server ID is in the D:\Notes folder and we dont want to transfer the admin ID's to the vessels server everytime we logon (very low 80k bandwidth) and then leave them there. We have a few different poeple doing this.


bluemeln:
Check if the server ID is listed as an Administrator in the Configuration document.
Domino Admin > Configuration tab > Server Document > Security tab.

I checked this and we have the #Servers group in there - It has all the vessels in there.

Thanks!

   Cheng mail database ACL - Cant be accessed by server ID Amundsen Spirit
0
 

Author Comment

by:TeekayVSS
ID: 36941721
Here i have also attched the Choff mail ACL - I can access this database fine?

 Choff mail database ACL -  Can be accessed by Amundsen Spirit server ID
0
 

Author Comment

by:TeekayVSS
ID: 36941725
Sorry - now with the server selected:

 Choff mail database ACL -  Can be accessed by Amundsen Spirit server ID
0
 
LVL 10

Expert Comment

by:doninja
ID: 36948514
If a server ID is explicitly listed or added to a group in the ACL that has the User Type of Server then you will not be able to us notes.exe to logon as that server. It will only work when used as part of a domino server.

This si a security feature to stop people getting a server id file that normally has no password and trying to use it to access databases.

Some of the databases may not have the server name explictly listed and is therfore allowing access to the mailfile or has anonymous or default permissions set to allow access.

First I would try this again not logged on as server but with server started, then to test access to a db using the server, from the console try a simple compact of the database
load compact database options
you can only run compact if you have access.

To test user access then get an ID to use with nlnotes.exe that is a member of your #Admins group

0
 
LVL 15

Expert Comment

by:akhafaf
ID: 36995487
  Hi there TeekayVSS ,,,

- >>> The strange thing is - if i try to open all 6 of the new mailbox's i can open 2 or 3 of them but others i cant??<<< is possible to make a small try over here ???
Is it possible to copy the ACL of one of Mailboxes you are able to access to one of the mailboxes you are able to access then check ??? I am not really sure about this but just I would like to try .

Moreover, could you have a fast look on the server documents and the configuration documents of all domino servers ( just for checking )

http://www.ibm.com/developerworks/lotus/documentation/notes/

Best Wishes
0
 

Author Comment

by:TeekayVSS
ID: 37045669
Hello,

After leaving this setup for some time (days), i can now access everything as i want. No one made any changes.

Strange one.

Anyway it works now.
0
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 1000 total points
ID: 37045712
Maybe because you installed R8.5.3 recently? ;-)
0
 
LVL 15

Assisted Solution

by:akhafaf
akhafaf earned 1000 total points
ID: 37046518
Or maybe you installed a Fix Pack on the domino server ......
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Notes Document Link used by IBM Notes is a link file which aids in the sharing of links to documents in email and webpages. The posts describe the importance and steps to create a Lotus Notes NDL file in brief.
Article by: Rob
Notes 8.5 Archiving Steps and Tips This article covers setting up a Notes archive, and helps understand some of the menu choices making setting up and maintaining a Notes archive file easier.
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question