PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 08/07/2017 5:33 PM by  Sandy Spangler
Removing LASE
 5 Replies
Sort:
You are not authorized to post a reply.
Author Messages
Sandy Spangler
Sr. MIS Project Manager
Private
Basic Member
(10 points)
Basic Member
Posts:4


Send Message:

--
08/04/2017 3:31 PM

    We are creating a historical archive of our one of our production servers that is running LSF9 on Windows.  We've successfully created a VM clone and now want to remove LASE.  Since it is a historical archive, we only want to use LAUA security and access the system via LID (since access will be limited).  The IBM WebSphere services are off/removed.  What would be the next steps for removing LASE?

     

    Kwane McNeal
    Private
    Private
    Veteran Member
    (1197 points)
    Veteran Member
    Posts:399


    Send Message:

    --
    08/04/2017 3:49 PM

    Sandy,
    You don't mention exactly which release of LSF9 you're on, so my advise will be constrained accordingly.

    First, LASE means a few different things. I'll address each in context to your question:
    1) LASE the service (the lase.exe process, controlled via startlase/stoplase) CANNOT be disabled. It HAS to be listed and running, meaning the LDAP (presumably ADAM/ADLDS) must also be running

    2) LASE the security concept, more frequently referred to as new Lawson Security, CAN be disabled.
    Execute the command : lsconfig -c #SSOCONFIG_PASSWORD# OFF
    NOTE: Depending on your ESP, this command may not be available. the other options are to start WebSphere and disable it using the LSA tool, or manually do it in the LDAP. I can post these instructions offline if you're interested

    Now, beyond that, you may need to revert user accounts back to LAUA profiles, depending on the state of your previous security setup. A short list of possible considerations are as follows:
    1) CheckLS flag in RM
    2) LAUA Classes in GEN
    3) LAUA assignments in GEN

    Beyond this, the community would need a bit more information to give more specific information. 
      

    Kwane

     

    EDITED: The original posting removed the hyperlink-style tag

     

     

    Sandy Spangler
    Sr. MIS Project Manager
    Private
    Basic Member
    (10 points)
    Basic Member
    Posts:4


    Send Message:

    --
    08/04/2017 4:04 PM

    Apologies, full version is 9.0.1.10.288 (yes, it's an older box )

    And I am referring to just Item 2, so any documentation you have would be greatly appreciated!

    BTW, we do have security built out for the various security classes in LAUA/GEN.  And the RM profiles have CheckLS set to No.

    Sandy Spangler
    Sr. MIS Project Manager
    Private
    Basic Member
    (10 points)
    Basic Member
    Posts:4


    Send Message:

    --
    08/07/2017 4:08 PM

    Thanks for the info Kwane.  I can disable Lawson security, however, the other problem that I'm encountering is that I cannot start the Lawson environment, which seems to be hung on the lase service. Listed below is the latest output from the lase.log.  Do note that we have seen these Warnings previously but they haven't stopped lase from starting.

    Mon Aug 07 13:41:18 2017: Timeout value is adjusted to 90 Secs

    Mon Aug 07 13:41:18 2017: Security Environment Version 9.0.1.10.288 2012-03-11 04:00:00 (201205) starting.

    Mon Aug 07 13:41:18 2017: Security Environment Version 9.0.1.10.288 2012-03-11 04:00:00 (201205) started.

    Mon Aug 07 13:41:18 2017: Checking authen.dat and .ssokeystore access:
    Mon Aug 07 13:41:18 2017: WARNING: authen.dat is NOT owned by LAWSON (current owner is: Administrators)
    Mon Aug 07 13:41:18 2017: WARNING: authen.dat is NOT secured from group/world
    Mon Aug 07 13:41:18 2017: WARNING: .ssokeystore is NOT owned by LAWSON (current owner is: Administrators)
    Mon Aug 07 13:41:18 2017: WARNING: .ssokeystore is NOT secured from group/world
    Mon Aug 07 13:41:18 2017: Checking authen.dat and .ssokeystore access: DONE

    Mon Aug 07 13:41:18 2017: Security Environment terminated with an exit status of:  1
    Mon Aug 07 13:41:18 2017: Security Environment Version 9.0.1.10.288 2012-03-11 04:00:00 (201205) Stopped.


    Kwane McNeal
    Private
    Private
    Veteran Member
    (1197 points)
    Veteran Member
    Posts:399


    Send Message:

    --
    08/07/2017 4:28 PM
    So there are a ton of possible issues here.
    This might be better with a phone call.

    Feel free to call me, 505-433-7744
    Sandy Spangler
    Sr. MIS Project Manager
    Private
    Basic Member
    (10 points)
    Basic Member
    Posts:4


    Send Message:

    --
    08/07/2017 5:33 PM

    Thanks for the offer Kwane, tried calling and voice mail was full.  I can be reached anytime via cell 510-828-1085  (I'm in California).

    You are not authorized to post a reply.