We are running V8.1 on AIX 5.1. We have set up a new user on AIX and this has been given necessary admin privileges on a database. If we log on to the OS using this user and then try connecting to the DB it connects successfully. However if we use the command :-

connect to db user abc using xyz
it returns SQL30082N with reason 24.

Our dbm cfg parameters are as follows :-
(AUTHENTICATION) = SERVER
(CATALOG_NOAUTH) = NO
(TRUST_ALLCLNTS) = YES
(TRUST_CLNTAUTH) = CLIENT

However we are able to use the users created by DB2 while creating the instance using the connect to db user abc using xyz.

Has anyone faced this problem before or may be having an idea ?

Hi,

Can you please elaborate where are you trying to connect from. This would help us to understand your problem better.


What i feel is the reason that you are not able to connect is simply because the user's profile has not been able to execute.

Please throw more light

Nitin

1) The connection works if I issue :-
connect to database ( after logging on to the server as the user of the database).

2) The connection does not work if I log on to the server as any other user and issue the command :-
connect to db user abc using xyz.

3) The connection does not work if I try using this user to connect to the database.

What are the steps in setting up the user and giving it access rights ?

1) Set up an user on the OS from the OS
2) Give access rights to the user from DB2.

But these 2 steps does not set up the user for executing the db2profile.Do we need to execute it ?

Hi,

Yes you will need to put an entry for db2profile in the user's profile that woud set the environment for the db2user.

Are you trying something like this

logged in as user nitin.
$ su abc (user i wish to connect to db2)
$ connect to sample user abc using abc ( i assume nitin has 'su' abc so abc is the current alias). In this case probably abc's profile is not being executed hence the issue. Try su -c option.

Please correct me if my interpretation is wrong

Nitin.

I was executing the db2profile manually - however now I have added it into my user's .profile.
Here's what I am doing :-


1 Initially I had executed the following command using the instance owner's id:-

Grant connect on database to user abc

2. Looging on to AIX as user abc

3. If I say :- connect to database then it connects to the db with abc authorisation id.

4. However, if I say :-
connect to database user abc using abc it returns SQL30082N with RC=24.

I am completely baffled by this and any help will be useful because this is preventing me from enforcing security on the db.

Hi Dipanjan

Indeed the problem is really baffling.

What I suggest is can you reset the password of the user using the db2 alter user command. Dunno the proper syntax but maybe that could be the solution.

Secondly try and catalog the node using windows machine and there by from the graphical control center see if the schema in which the user belongs has proper rights to perform operations.

Probably there could be a missing link there.

Hope that helps you.

Nitin.

I could not find the db2 ALTER USER command . However, there is an ALTER USER MAPPING command which is associated with federated db.

Also, I have used the control centre to check the necessary authorities for the user ( remember, it is connecting if I do not give the userid and password - so it is not an authorisation problem).

I think it has got more to do we the interaction of DB2 with the OS when it validates the password.

Accordign to messages and codes there's no RC=24 in DB2 up tu 7.2, but that's not neccessarily true. In DB2 UDB 8 there is une, and it says:

24 (USERNAME AND/OR PASSWORD
INVALID)
The username specified, password
specified, or both, are invalid.
User Response: Ensure that the proper userid
and/or password is supplied.

Did you verify the true logon with Username and Password in AIX?

Possibly there's a damage in AIX's password database. Duplicate entries in /etc/security/passwd typically cause faults where you can reset the password w/o problem but no one can login.

Regards,
Volker.

Regards,
Volker.

as I have mentioned in my origianl message that I can log on to the OS using the same user and pwd. Even, I can connect to the db if I say connect to db ( after I log on to the OS using this user ).

However, only when I say connect to db user abc using pwd , it does not work.

Hi,

so you are saying that, from the command line,

userabc$ db2 connect to db dbabc

works, but

db2inst1$ db2 connect to db dbabc user userabc

does not, even after providing the correct password?

In that case, I would cross check and connect through a client workstation and if that fails as well open a pmr with IBM support.

Johann

Johann,

That's correct . I have tried using this user from client workstations to connect to the db and it returns SQL30082N.

Hi,

sorry to insist, but I guess you have tried this approach on the server as well, and if failed there as well?

This is important to spot the problem.

Johann

Johann,

no problem.

As to the reply of your question - yes.

I have tried using the user from both the server and the client.
Its a bit strange that when I log on to the OS using this user ( on the server) and then issue only the connect command ( without the user and pwd ) it connects to the db which leads me to think that something (??) is wrong when DB2 goes to the OS for validating the user and pwd.

Hi,

I hope that the OS password and the db password for the user is the same.

Remember unlike oracle db2 needs both the passowrds to be the same.

Else it's better you log a service request with IBM.

Thks

Nitin.

Hi Dipanjan,

connect from the command line tries to connect to the instance's default database, so that is OK.

Regarding your problem, I would file a PMR with IBM support.

Johann