Database server authentication setup:
Database manager authentication (AUTHENTICATION) = CLIENT
Cataloging allowed without authority (CATALOG_NOAUTH) = NO
Trust all clients (TRUST_ALLCLNTS) = YES
Trusted client authentication (TRUST_CLNTAUTH) = CLIENT
Note: UNIX environment uses NIS
On both the client and the server, the Db2 UNIX owner account is the same locally (on each machine). So this works if I use the db2 instance owner account. But of course my client can't use the db2 instance owner account.
This does NOT work if I attempt a conneciton using an NIS account (i.e. setup and configured on the NIS server). Here's what happens;
db2 => connect to xyz
SQL30082N Attempt to establish connection failed with security reason "3"
("PASSWORD MISSING"). SQLSTATE=08001
db2 => connect to xyz user johnsmith
Enter current password for johnsmith:
SQL30082N Attempt to establish connection failed with security reason "17"
("UNSUPPORTED FUNCTION"). SQLSTATE=08001
Is this an issue with NIS or my database setup? Any input is appreciated. Thank you.
$ db2 "? SQL30082N"
SQL30082N Attempt to establish connection failed with security
reason "<reason-code>" ("<reason-string>").
Explanation: The attempt to connect to the remote database
server was rejected due to invalid or incorrect security
information. The cause of the security error is described by the
<reason-code> and corresponding <reason-string> value.
The following is a list of reason codes and corresponding reason
0 (NOT SPECIFIED) The specific security error is not specified.
1 (PASSWORD EXPIRED) The password specified in the request has
2 (PASSWORD INVALID) The password specified in the request is not
3 (PASSWORD MISSING) The request did not include a password.
4 (PROTOCOL VIOLATION) The request violated security protocols.
5 (USERID MISSING) The request did not include a userid.
6 (USERID INVALID) The userid specified in the request is not
7 (USERID REVOKED) The userid specified in the request has been
8 (GROUP INVALID) The group specified in the request is not
9 (USERID REVOKED IN GROUP) The userid specified in the request
has been revoked in the group.
10 (USERID NOT IN GROUP) The userid specified in the request is
not in the group.
11 (USERID NOT AUTHORIZED AT REMOTE LU) The userid specified in
the request is not authorized at the remote Logical Unit.
12 (USERID NOT AUTHORIZED FROM LOCAL LU) The userid specified in
the request is not authorized at the remote Logical Unit when
coming from the local Logical Unit.
13 (USERID NOT AUTHORIZED TO TP) The userid specified in the
request is not authorized to access the Transaction Program.
14 (INSTALLATION EXIT FAILED) The installation exit failed.
15 (PROCESSING FAILURE) Security processing at the server
16 (NEW PASSWORD INVALID) the password specified on a change
password request did not meet the server's requirements.
[B]17 (UNSUPPORTED FUNCTION) the security mechanism specified by the
client is invalid for this server. Some typical examples:
o The client sent a new password value to a server that does
not support the DRDA change password function.
o The client sent DCE authentication information to a server
that does not support DCE.
o The client sent SERVER_ENCRYPT or DCS_ENCRYPT authentication
information to a server that does not support password
o The client sent a userid (but no password) to a server that
does not support authentication by userid only.[/B]
18 (NAMED PIPE ACCESS DENIED) The named pipe is inaccessible due
to a security violation.
19 (USERID DISABLED or RESTRICTED) The userid has been disabled,
or the userid has been restricted from accessing the operating
environment at this time.
20 (MUTUAL AUTHENTICATION FAILED) The server being contacted
failed to pass a mutual authentication check. The server is
either an imposter, or the ticket sent back was damaged.
21 (RESOURCE TEMPORARILY UNAVAILABLE) Security processing at the
server was terminated because a resource was temporarily
unavailable. For example, on AIX, no user licenses may have been
User Response: Ensure that the proper userid and/or password is
The userid may be disabled, the userid may be restricted to
accessing specific workstations, or the userid may be restricted
to certain hours of operation.
[B]For reason code 17, retry the command with a supported
For reason code 20, make sure the authentication mechanism for
the server is started, and retry.
Yes. Checking the error message information is the first thing I usually do. My setup, as far as I understand, should be a supported function, so reason code 17 seems incorrect. I'm doubting the error until I can find out just what DB2 thinks is "unsupported" in my enivronment.