Results 1 to 3 of 3
  1. #1
    Join Date
    Mar 2003
    Location
    Sacramento, California
    Posts
    14

    Unanswered: DB2 UDB UNIX authentication problem

    I've searched this forum as well as IBM's manuals and Tech Support site and cannot find the solution. Here's my problem.

    Client wants to connect to the database without providing a username/password.

    Client Server: AIX 5.2, Db2UDB 8.1 fixpak 7 (8.2)
    Database Server: AIX 5.3, Db2UDB 8.1 fixpak 7 (8.2).

    Database server authentication setup:
    Database manager authentication (AUTHENTICATION) = CLIENT
    Cataloging allowed without authority (CATALOG_NOAUTH) = NO
    Trust all clients (TRUST_ALLCLNTS) = YES
    Trusted client authentication (TRUST_CLNTAUTH) = CLIENT

    Note: UNIX environment uses NIS

    On both the client and the server, the Db2 UNIX owner account is the same locally (on each machine). So this works if I use the db2 instance owner account. But of course my client can't use the db2 instance owner account.

    This does NOT work if I attempt a conneciton using an NIS account (i.e. setup and configured on the NIS server). Here's what happens;

    db2 => connect to xyz
    SQL30082N Attempt to establish connection failed with security reason "3"
    ("PASSWORD MISSING"). SQLSTATE=08001
    db2 => connect to xyz user johnsmith
    Enter current password for johnsmith:
    SQL30082N Attempt to establish connection failed with security reason "17"
    ("UNSUPPORTED FUNCTION"). SQLSTATE=08001

    Is this an issue with NIS or my database setup? Any input is appreciated. Thank you.

  2. #2
    Join Date
    Aug 2002
    Location
    Chennai, India
    Posts
    184
    Quote Originally Posted by Kedison
    Any input is appreciated. Thank you.

    Hope you checked this out...

    HTML Code:
    $ db2 "? SQL30082N"
    
     SQL30082N Attempt to establish connection failed with security
              reason "<reason-code>" ("<reason-string>").
    
    Explanation:  The attempt to connect to the remote database
    server was rejected due to invalid or incorrect security
    information.  The cause of the security error is described by the
    <reason-code> and corresponding <reason-string> value.
    
    The following is a list of reason codes and corresponding reason
    strings:
    
    
    0 (NOT SPECIFIED) The specific security error is not specified.
    
    1 (PASSWORD EXPIRED) The password specified in the request has
    expired.
    
    2 (PASSWORD INVALID) The password specified in the request is not
    valid.
    
    3 (PASSWORD MISSING) The request did not include a password.
    
    4 (PROTOCOL VIOLATION) The request violated security protocols.
    
    5 (USERID MISSING) The request did not include a userid.
    
    6 (USERID INVALID) The userid specified in the request is not
    valid.
    
    7 (USERID REVOKED) The userid specified in the request has been
    revoked.
    
    8 (GROUP INVALID) The group specified in the request is not
    valid.
    
    9 (USERID REVOKED IN GROUP) The userid specified in the request
    has been revoked in the group.
    
    10 (USERID NOT IN GROUP) The userid specified in the request is
    not in the group.
    
    11 (USERID NOT AUTHORIZED AT REMOTE LU) The userid specified in
    the request is not authorized at the remote Logical Unit.
    
    12 (USERID NOT AUTHORIZED FROM LOCAL LU) The userid specified in
    the request is not authorized at the remote Logical Unit when
    coming from the local Logical Unit.
    
    13 (USERID NOT AUTHORIZED TO TP) The userid specified in the
    request is not authorized to access the Transaction Program.
    
    14 (INSTALLATION EXIT FAILED) The installation exit failed.
    
    15 (PROCESSING FAILURE) Security processing at the server
    failed.
    
    16 (NEW PASSWORD INVALID) the password specified on a change
    password request did not meet the server's requirements.
    
    [B]17 (UNSUPPORTED FUNCTION) the security mechanism specified by the
    client is invalid for this server.  Some typical examples:
    
    o   The client sent a new password value to a server that does
        not support the DRDA change password function.
    
    o   The client sent DCE authentication information to a server
        that does not support DCE.
    
    o   The client sent SERVER_ENCRYPT or DCS_ENCRYPT authentication
        information to a server that does not support password
        encryption.
    
    o   The client sent a userid (but no password) to a server that
        does not support authentication by userid only.[/B]
    
    18 (NAMED PIPE ACCESS DENIED) The named pipe is inaccessible due
    to a security violation.
    
    19 (USERID DISABLED or RESTRICTED) The userid has been disabled,
    or the userid has been restricted from accessing the operating
    environment at this time.
    
    20 (MUTUAL AUTHENTICATION FAILED) The server being contacted
    failed to pass a mutual authentication check. The server is
    either an imposter, or the ticket sent back was damaged.
    
    21 (RESOURCE TEMPORARILY UNAVAILABLE) Security processing at the
    server was terminated because a resource was temporarily
    unavailable. For example, on AIX, no user licenses may have been
    available.
    
    User Response:  Ensure that the proper userid and/or password is
    supplied.
    
    The userid may be disabled, the userid may be restricted to
    accessing specific workstations, or the userid may be restricted
    to certain hours of operation.
    
    [B]For reason code 17, retry the command with a supported
    authentication type.[/B]
    
    For reason code 20, make sure the authentication mechanism for
    the server is started, and retry.
    
    sqlcode:  -30082
    
    sqlstate:  08001
    
    $
    HTH

  3. #3
    Join Date
    Mar 2003
    Location
    Sacramento, California
    Posts
    14
    HTH,

    Yes. Checking the error message information is the first thing I usually do. My setup, as far as I understand, should be a supported function, so reason code 17 seems incorrect. I'm doubting the error until I can find out just what DB2 thinks is "unsupported" in my enivronment.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •