We are using db2 v8.1 and Fixpak 11 and oslevel as Aix 5.2.0 server. In that we added one user to the already existing group say...db2grp at the oslevel.Now the user is able to logon to the server but not able to connect to the database eventhough the group..here db2grp is having connectauth privilege. He is getting error like
SQL30082N Attempt to establish connection failed with security reason "24"
("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001
SQL30082N Attempt to establish connection failed with security
reason "<reason-code>" ("<reason-string>").
The attempt to connect to the remote database server was rejected
due to invalid or incorrect security information. The cause of
the security error is described by the <reason-code> and
corresponding <reason-string> value.
The following is a list of reason codes and corresponding reason
0 (NOT SPECIFIED) The specific security error is not
1 (PASSWORD EXPIRED) The password specified in the request has
2 (PASSWORD INVALID) The password specified in the request is
3 (PASSWORD MISSING) The request did not include a password.
4 (PROTOCOL VIOLATION) The request violated security
5 (USERID MISSING) The request did not include a userid.
6 (USERID INVALID) The userid specified in the request is not
7 (USERID REVOKED) The userid specified in the request has been
8 (GROUP INVALID) The group specified in the request is not
9 (USERID REVOKED IN GROUP) The userid specified in the request
has been revoked in the group.
10 (USERID NOT IN GROUP) The userid specified in the request is
not in the group.
11 (USERID NOT AUTHORIZED AT REMOTE LU) The userid specified in
the request is not authorized at the remote Logical Unit.
12 (USERID NOT AUTHORIZED FROM LOCAL LU) The userid specified in
the request is not authorized at the remote Logical Unit when
coming from the local Logical Unit.
13 (USERID NOT AUTHORIZED TO TP) The userid specified in the
request is not authorized to access the Transaction Program.
14 (INSTALLATION EXIT FAILED) The installation exit failed.
15 (PROCESSING FAILURE) Security processing at the server
16 (NEW PASSWORD INVALID) the password specified on a change
password request did not meet the server's requirements.
17 (UNSUPPORTED FUNCTION) the security mechanism specified by
the client is invalid for this server. Some typical examples:
o The client sent a new password value to a server that does
not support the change password function.
o The client sent SERVER_ENCRYPT authentication information to
a server that does not support password encryption.
o The client sent a userid (but no password) to a server that
does not support authentication by userid only.
o The client has not specified an authentication type, and the
server has not responded with a supported type. This may
include the server returning multiple types from which the
client is unable to choose.
18 (NAMED PIPE ACCESS DENIED) The named pipe is inaccessible due
to a security violation.
19 (USERID DISABLED or RESTRICTED) The userid has been disabled,
or the userid has been restricted from accessing the operating
environment at this time.
20 (MUTUAL AUTHENTICATION FAILED) The server being contacted
failed to pass a mutual authentication check. The server is
either an imposter, or the ticket sent back was damaged.
21 (RESOURCE TEMPORARILY UNAVAILABLE) Security processing at the
server was terminated because a resource was temporarily
unavailable. For example, on AIX, no user licenses may have been
24 (USERNAME AND/OR PASSWORD INVALID) The username specified,
password specified, or both, are invalid.
25 (Connection disallowed) The connection is disallowed by the
26 (Server security plugin error) Security plugin encountered an
unexpected error on the database server.
27 (Server security plugin error) Invalid server credential.
28 (Server security plugin error) Server credential expired on
the database server.
29 (Server security plugin error) Security plugin received an
invalid security token on the database server.
30 (Client security plugin error) Required API is missing in the
client security plugin.
39 (Client security plugin error) Client security plugin
received an expired credential.
40 (Client security plugin error) Client security plugin
received an invalid security token.
Ensure that the proper userid and/or password is supplied.
The userid may be disabled, the userid may be restricted to
accessing specific workstations, or the userid may be restricted
to certain hours of operation.
For reason code 17, retry the command with a supported
For reason code 20, make sure the authentication mechanism for
the server is started, and retry.
For reason code 26, 33, and 36, check the administration
notification log file on the client and on the server for more
information. Fix the problem identified by the error message text
in the administration notification log.
For reason code 27, verify that the server credential is provided
during security plugin initialization and that it is in a format
recognized by the security plugin. As the credential will be
used to accept contexts, it must be an ACCEPT or BOTH
For reason code 28, renew the server's credential and then
resubmit the statement. If renewing alters the credential handle,
then a db2stop and db2start will be necessary.
For reason code 29 and 40, resubmit the statement. If the problem
still exists, then verify that the partner security plugin is
generating a valid security token.
For reason code 30, check the administration notification log
file for the name of the required missing API. Add the missing
API to the security plugin.
For reason code 31, specify the right type of security plugin in
the appropriate database manager configuration parameter. For
example, do not specify a userid-password based security plugin
for the SRVCON_GSSPLUGIN_LIST database manager configuration
For reason code 32, install the matching security plugin that the
database server used on the client. Ensure that the indicated
security plugin is located in the client-plugin directory.
For reason code 34, specify a valid security plugin name. The
name should not contain any directory path information.
For reason code 35, ensure that the security plugin is using a
supported version of the APIs and that it is reporting a correct
For reason code 37, check the administration notification log
file for the principal name. Make sure the prinicpal name is in a
format that is recognized by the security plugin.
For reason code 38, verify that the client credential (generated
by db2secGenerateInitialCred or provided as an inbound delegated
credential) is in a format recognized by the security plugin. As
the credential will be used to initate contexts, it must be an
INITIATE or BOTH credential.
For reason code 39, the user issuing the statement must obtain
the appropriate credentials (or re-obtain their initial
credentials) and then resubmit the statement.
sqlcode : -30082
sqlstate : 08001
Reason 24 states that the username and or password is invalid. Please check them.