Solved

Getting SQL30082N  Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID").  SQLSTATE=08001

Posted on 2014-02-13
20
6,261 Views
Last Modified: 2014-03-03
I'm trying to connect to a local database but keep getting errors that my password is wrong or invalid. I know it is a valid password that conforms to what DB2 expects:

SQL30082N Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001

db2 connect to mydb user app1 using my_password

When I try to connect to the database using the above command, I get the SQL30082N error.

When I just enter db2 connect to mydb, it works!

Here are some of the settings of interest
DB2COMM=tcpip
Database manager authentication (AUTHENTICATION) = SERVER
Trusted client authentication (TRUST_CLNTAUTH) = CLIENT
Trust all clients (TRUST_ALLCLNTS) = YES

The server is AIX.

What am I missing here?

I even tried enclosing the connect command in quotes.
0
Comment
Question by:data_bits
20 Comments
 
LVL 28

Expert Comment

by:sammySeltzer
Comment Utility
Disclaimer: It's been quite a long time since I last used DB2 but I think I found someting for you: http://publib.boulder.ibm.com/infoce...c/c0005435.htm Table 1 on this page explains how authentication will happen if you set TRUST_ALLCLNTS to DRDAONLY and TRUST_CLNTAUTH to CLIENT (I believe this is what you need).

Please check it out and see if it helps.

I hope it does.
0
 

Author Comment

by:data_bits
Comment Utility
Unfortuantely, I'm not able to change the parameters at this time.
0
 
LVL 45

Expert Comment

by:Kdo
Comment Utility
Hi data_bits,

The settings that you show are the default setting from a base installation.  No one has changed them, so they should "just work".

Unless Kerberos or similar tool is installed, authentication is deferred to the O/S.  You must have a user name on the server to connect to the database.

For most users, connection is simply:

  connect to {db}

To connect with a specific user:

  connect to {db} user {me} using {password}
  connect to {db} user {me} using '{password}'
  connect to {db} user {me} using "{password}"

The DB2 CLP is quite forgiving and allows the password to be open, enclosed in single quotes, or enclosed in double quotes.  If the password contains some of the "special characters" it must be enclosed in quotes.


Kent
0
 

Author Comment

by:data_bits
Comment Utility
I am checking whether they can login remotely using a client like TOAD or Data Studio. But it sounds like that doesn't work either.

I was able to login as the user to the OS, and then used
       db2 connect to mydb
and I was able to connect to the database.

It's still giving me the SQL30082N when I try from OS prompt using the full connect with user/using syntax.

I think everything is working for everyone else or we would have heard big time since its a production database. It's just 4 new users that are having this problem.

Since its set to server authentication, I suppose that's why the straight "connect to mydb" works.

But I don't know why the other syntax is not working. I have these same settings in other environments (Linux) and they work fine. We should be able to connect a server and then connect as a different user to a database if we provide the credentials.

Is there something in AIX that may be preventing this from working?

As far as I know, nothing has changed there on the server.
0
 
LVL 45

Expert Comment

by:Kdo
Comment Utility
> 4 new users that are having this problem.


Can you read the system files on the AIX server?  If so, check the /etc/passwd file to see what users are defined on the server.  There's a good chance that everyone with an explicit login (CONNECT TO db USER xxx USING xxx) is listed there.


Kent
0
 

Author Comment

by:data_bits
Comment Utility
The user is in /etc/passwd.

I see these in the diag.log file:

2014-02-14-08.16.17.062822-360 I4214330A442       LEVEL: Warning
PID     : 13566122             TID  : 17514       PROC : db2sysc 0
INSTANCE: dbeme1p              NODE : 000         DB   : PEMEDB
APPHDL  : 0-14331
EDUID   : 17514                EDUNAME: db2agent (PEMEDB) 0
FUNCTION: DB2 UDB, bsu security, sqlexLogPluginMessage, probe:20
DATA #1 : String with size, 66 bytes
Password validation for user starkusr failed with rc = -2146500502

The password is pretty simple just numbers and alphabetics. It is 8 characters in length. Should we change it to something shorter?
0
 
LVL 45

Expert Comment

by:Kdo
Comment Utility
8 characters shouldn't be a problem.

Oracle passwords are usually not case sensitive, but unix based passwords are.  Make sure that the password given to DB2 is in the correct case.

Kent
0
 

Author Comment

by:data_bits
Comment Utility
The password is entered correctly in the matching case.
0
 
LVL 45

Expert Comment

by:Kdo
Comment Utility
Ask your DB2 and AIX admins if they've installed any 3rd party authentication packages.  Based on the settings that you show, your process should work.  To prove it, I tested this be creating the user 'db2user' on my DB2 server, password 'db2User' (note the capital 'U').  I then connected to the SAMPLE database.

db2 => list database directory

 System Database Directory

 Number of entries in the directory = 3

Database 1 entry:

 Database alias                       = xxxxx
 Database name                        = xxxxx
 Local database directory             = K:
 Database release level               = d.00
 Comment                              =
 Directory entry type                 = Indirect
 Catalog database partition number    = 0
 Alternate server hostname            =
 Alternate server port number         =

Database 2 entry:

 Database alias                       = TOOLSDB
 Database name                        = TOOLSDB
 Local database directory             = K:
 Database release level               = d.00
 Comment                              =
 Directory entry type                 = Indirect
 Catalog database partition number    = 0
 Alternate server hostname            =
 Alternate server port number         =

Database 3 entry:

 Database alias                       = SAMPLE
 Database name                        = SAMPLE
 Local database directory             = K:
 Database release level               = d.00
 Comment                              =
 Directory entry type                 = Indirect
 Catalog database partition number    = 0
 Alternate server hostname            =
 Alternate server port number         =

db2 => connect to sample user db2user using db2user
SQL30082N  Security processing failed with reason "24" ("USERNAME AND/OR
PASSWORD INVALID").  SQLSTATE=08001
db2 => connect to sample user db2user using db2User

   Database Connection Information

 Database server        = DB2/NT 9.7.4
 SQL authorization ID   = DB2USER
 Local database alias   = SAMPLE

db2 => connect to sample user db2user using 'db2User'

   Database Connection Information

 Database server        = DB2/NT 9.7.4
 SQL authorization ID   = DB2USER
 Local database alias   = SAMPLE

db2 => connect to sample user db2user using "db2User"

   Database Connection Information

 Database server        = DB2/NT 9.7.4
 SQL authorization ID   = DB2USER
 Local database alias   = SAMPLE

db2 =>


As long as the user/password is in the correct case, all is well.


Kent
0
 

Author Comment

by:data_bits
Comment Utility
I asked the AIX admins about 3rd party authentication tools and none are in place here.

I made sure the password was entered correctly.

Remote connections by clients do not work either from TOAD or Data Studio.

Is it possible the db2ckpw process needs to be recycled due to the security plug-in responsible for the authentication (IBMOSauthclient.so) maybe having reached a saturation point?

I haven't heard of this before but wonder if this is the case? Has anyone else ever had this problem?

If so, what was done to resolve it? Do I need to bounce the DB2 instance to get everything back to a level state?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 45

Assisted Solution

by:Kdo
Kdo earned 250 total points
Comment Utility
Remote connections by clients do not work either from TOAD or Data Studio.


That's a big red flag.  Something in the server is different than you expect, or something in the local driver isn't set up correctly.

Someone needs to run the user specific connection statement from the DB2 CLP on the server.  If the connection is successful, the client machines have an issue.  If the connection fails, the server is the problem.

I assume that the desktop environments are Window running the DB2 client?
0
 

Author Comment

by:data_bits
Comment Utility
It looks like its a problem with the DB2 server.

I'm at my wits end.

I stumbled on something that suggested shutting down the instance and doing a db2iupdt to get the security commands relinked. Does that sound like it would work?

I don't have root access.
0
 
LVL 45

Expert Comment

by:Kdo
Comment Utility
If the problem is on the server, your DBA needs to fix it.  That's his job.  The system security prevents you from getting to the things that need analyzing and modifying.
0
 

Author Comment

by:data_bits
Comment Utility
Kdo-what do i need to tell the dba to do?
0
 
LVL 45

Expert Comment

by:Kdo
Comment Utility
The DBA should know.  He's apparently made changes to the base install that are affecting this.  He should have some idea what he did and why.

Start by telling him just what you told me -- you cannot connect to DB2 from any of the remote clients.  It should take him just a few minutes to understand why.


Kent
0
 

Author Comment

by:data_bits
Comment Utility
He claims he has done not done anything to the environment. All old users are working ok. its just new users that can't connect using passwords.
0
 
LVL 45

Expert Comment

by:Kdo
Comment Utility
It sounds like he's not being very cooperative.

For your new users, is the database cataloged correctly?

  db2 connect to mydb user app1 using my_password

That requires that mydb be cataloged to the client machine.  If that's not done, you won't be able to log onto DB2, though I would expect a connection error, not an authentication error.
0
 

Author Comment

by:data_bits
Comment Utility
It doesnt even work locally on the same server as where the database resides. And it only affects these new users.
0
 
LVL 45

Expert Comment

by:Kdo
Comment Utility
That tells me a ton.

Can the old users create a telnet session to the AIX server?
0
 
LVL 8

Accepted Solution

by:
mustaccio earned 250 total points
Comment Utility
It might be something related to the authentication policies on the server, not directly related to DB2. Typically if a new user is created on AIX it cannot log in until the user changes the password. The user IDs should also be allowed remote login, which may not be the default setting on this particular server.

You could try changing the password upon connection:

connect to yourdb user blah using currentpassword new newpassword confirm newpassword

Open in new window


If that doesn't work, try also logging in to the server as one of the new users using a terminal (telnet or ssh), as Kdo suggested, and see if it prompts you to change the password.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Recursive SQL in UDB/LUW (you can use 'recursive' and 'SQL' in the same sentence) A growing number of database queries lend themselves to recursive solutions.  It's not always easy to spot when recursion is called for, especially for people una…
Recursive SQL in UDB/LUW (it really isn't that hard to do) Recursive SQL is most often used to convert columns to rows or rows to columns.  A previous article described the process of converting rows to columns.  This article will build off of th…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now