We’ve successfully installed and tested IBM MFA on one LPAR in a sysplex sharing an ACF2 database with other systems.
When attempting to start the MFA STC AZFMFA on another LPAR we get the following error: AZF2411S STC Settings could not be loaded from RACF.
When we attempt to run the EXEC to define the STC we're getting an error message NO Factor Wide Data:
AZFM106 Either the factor is not defined to RACF or you do not have permission to access it.
The associated factor profile in the MFADEF class must be defined and take the name FACTOR.Factor-name.
The profile IRR.RFACTOR.MFADEF.Factor-name must be defined in the FACILITY class and you must have appropriate access to this profile for the operation you are trying to perform.
User Response: Contact your security administrator.
Since Masked SYSID is broken, you can either default to the sysid of the LPAR by not specifying any sysid, or apply test fix that will correct the error.(ST01634 - Allow masking of SYSID for Factor Records.)
Verify you are observing the following in AZF#IN00 started task joblog:
.. AZF2109I Authenticator initialized : entry 0xA1690A0, name AZFRADP1 (strong) ..
... ( the 0xA1690A0 part might be different at your site)
If the Profile records are new, do F ACF2,REBUILD(USR),C(P)
And for the factor records: ........ F ACF2,REFRESH(FAC),T(FAC)
Also, make sure the Logonid/s is/are not in the MFABYPASS rule.
Deleting records with SYSID(*****) should resolve the problem. If both, lpar specific and **** are present, delete the **** record.