Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Getting SQL30082N  Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID").  SQLSTATE=08001

Posted on 2014-02-13
20
Medium Priority
?
7,715 Views
Last Modified: 2014-03-03
I'm trying to connect to a local database but keep getting errors that my password is wrong or invalid. I know it is a valid password that conforms to what DB2 expects:

SQL30082N Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001

db2 connect to mydb user app1 using my_password

When I try to connect to the database using the above command, I get the SQL30082N error.

When I just enter db2 connect to mydb, it works!

Here are some of the settings of interest
DB2COMM=tcpip
Database manager authentication (AUTHENTICATION) = SERVER
Trusted client authentication (TRUST_CLNTAUTH) = CLIENT
Trust all clients (TRUST_ALLCLNTS) = YES

The server is AIX.

What am I missing here?

I even tried enclosing the connect command in quotes.
0
Comment
Question by:data_bits
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
20 Comments
 
LVL 29

Expert Comment

by:sammySeltzer
ID: 39857508
Disclaimer: It's been quite a long time since I last used DB2 but I think I found someting for you: http://publib.boulder.ibm.com/infoce...c/c0005435.htm Table 1 on this page explains how authentication will happen if you set TRUST_ALLCLNTS to DRDAONLY and TRUST_CLNTAUTH to CLIENT (I believe this is what you need).

Please check it out and see if it helps.

I hope it does.
0
 

Author Comment

by:data_bits
ID: 39857568
Unfortuantely, I'm not able to change the parameters at this time.
0
 
LVL 46

Expert Comment

by:Kent Olsen
ID: 39858982
Hi data_bits,

The settings that you show are the default setting from a base installation.  No one has changed them, so they should "just work".

Unless Kerberos or similar tool is installed, authentication is deferred to the O/S.  You must have a user name on the server to connect to the database.

For most users, connection is simply:

  connect to {db}

To connect with a specific user:

  connect to {db} user {me} using {password}
  connect to {db} user {me} using '{password}'
  connect to {db} user {me} using "{password}"

The DB2 CLP is quite forgiving and allows the password to be open, enclosed in single quotes, or enclosed in double quotes.  If the password contains some of the "special characters" it must be enclosed in quotes.


Kent
0
RHCE - Red Hat OpenStack Prep Course

This course will provide in-depth training so that students who currently hold the EX200 & EX210 certifications can sit for the EX310 exam. Students will learn how to deploy & manage a full Red Hat environment with Ceph block storage, & integrate Ceph into other OpenStack service

 

Author Comment

by:data_bits
ID: 39859080
I am checking whether they can login remotely using a client like TOAD or Data Studio. But it sounds like that doesn't work either.

I was able to login as the user to the OS, and then used
       db2 connect to mydb
and I was able to connect to the database.

It's still giving me the SQL30082N when I try from OS prompt using the full connect with user/using syntax.

I think everything is working for everyone else or we would have heard big time since its a production database. It's just 4 new users that are having this problem.

Since its set to server authentication, I suppose that's why the straight "connect to mydb" works.

But I don't know why the other syntax is not working. I have these same settings in other environments (Linux) and they work fine. We should be able to connect a server and then connect as a different user to a database if we provide the credentials.

Is there something in AIX that may be preventing this from working?

As far as I know, nothing has changed there on the server.
0
 
LVL 46

Expert Comment

by:Kent Olsen
ID: 39859131
> 4 new users that are having this problem.


Can you read the system files on the AIX server?  If so, check the /etc/passwd file to see what users are defined on the server.  There's a good chance that everyone with an explicit login (CONNECT TO db USER xxx USING xxx) is listed there.


Kent
0
 

Author Comment

by:data_bits
ID: 39859142
The user is in /etc/passwd.

I see these in the diag.log file:

2014-02-14-08.16.17.062822-360 I4214330A442       LEVEL: Warning
PID     : 13566122             TID  : 17514       PROC : db2sysc 0
INSTANCE: dbeme1p              NODE : 000         DB   : PEMEDB
APPHDL  : 0-14331
EDUID   : 17514                EDUNAME: db2agent (PEMEDB) 0
FUNCTION: DB2 UDB, bsu security, sqlexLogPluginMessage, probe:20
DATA #1 : String with size, 66 bytes
Password validation for user starkusr failed with rc = -2146500502

The password is pretty simple just numbers and alphabetics. It is 8 characters in length. Should we change it to something shorter?
0
 
LVL 46

Expert Comment

by:Kent Olsen
ID: 39859161
8 characters shouldn't be a problem.

Oracle passwords are usually not case sensitive, but unix based passwords are.  Make sure that the password given to DB2 is in the correct case.

Kent
0
 

Author Comment

by:data_bits
ID: 39859185
The password is entered correctly in the matching case.
0
 
LVL 46

Expert Comment

by:Kent Olsen
ID: 39859230
Ask your DB2 and AIX admins if they've installed any 3rd party authentication packages.  Based on the settings that you show, your process should work.  To prove it, I tested this be creating the user 'db2user' on my DB2 server, password 'db2User' (note the capital 'U').  I then connected to the SAMPLE database.

db2 => list database directory

 System Database Directory

 Number of entries in the directory = 3

Database 1 entry:

 Database alias                       = xxxxx
 Database name                        = xxxxx
 Local database directory             = K:
 Database release level               = d.00
 Comment                              =
 Directory entry type                 = Indirect
 Catalog database partition number    = 0
 Alternate server hostname            =
 Alternate server port number         =

Database 2 entry:

 Database alias                       = TOOLSDB
 Database name                        = TOOLSDB
 Local database directory             = K:
 Database release level               = d.00
 Comment                              =
 Directory entry type                 = Indirect
 Catalog database partition number    = 0
 Alternate server hostname            =
 Alternate server port number         =

Database 3 entry:

 Database alias                       = SAMPLE
 Database name                        = SAMPLE
 Local database directory             = K:
 Database release level               = d.00
 Comment                              =
 Directory entry type                 = Indirect
 Catalog database partition number    = 0
 Alternate server hostname            =
 Alternate server port number         =

db2 => connect to sample user db2user using db2user
SQL30082N  Security processing failed with reason "24" ("USERNAME AND/OR
PASSWORD INVALID").  SQLSTATE=08001
db2 => connect to sample user db2user using db2User

   Database Connection Information

 Database server        = DB2/NT 9.7.4
 SQL authorization ID   = DB2USER
 Local database alias   = SAMPLE

db2 => connect to sample user db2user using 'db2User'

   Database Connection Information

 Database server        = DB2/NT 9.7.4
 SQL authorization ID   = DB2USER
 Local database alias   = SAMPLE

db2 => connect to sample user db2user using "db2User"

   Database Connection Information

 Database server        = DB2/NT 9.7.4
 SQL authorization ID   = DB2USER
 Local database alias   = SAMPLE

db2 =>


As long as the user/password is in the correct case, all is well.


Kent
0
 

Author Comment

by:data_bits
ID: 39859995
I asked the AIX admins about 3rd party authentication tools and none are in place here.

I made sure the password was entered correctly.

Remote connections by clients do not work either from TOAD or Data Studio.

Is it possible the db2ckpw process needs to be recycled due to the security plug-in responsible for the authentication (IBMOSauthclient.so) maybe having reached a saturation point?

I haven't heard of this before but wonder if this is the case? Has anyone else ever had this problem?

If so, what was done to resolve it? Do I need to bounce the DB2 instance to get everything back to a level state?
0
 
LVL 46

Assisted Solution

by:Kent Olsen
Kent Olsen earned 1000 total points
ID: 39860019
Remote connections by clients do not work either from TOAD or Data Studio.


That's a big red flag.  Something in the server is different than you expect, or something in the local driver isn't set up correctly.

Someone needs to run the user specific connection statement from the DB2 CLP on the server.  If the connection is successful, the client machines have an issue.  If the connection fails, the server is the problem.

I assume that the desktop environments are Window running the DB2 client?
0
 

Author Comment

by:data_bits
ID: 39864798
It looks like its a problem with the DB2 server.

I'm at my wits end.

I stumbled on something that suggested shutting down the instance and doing a db2iupdt to get the security commands relinked. Does that sound like it would work?

I don't have root access.
0
 
LVL 46

Expert Comment

by:Kent Olsen
ID: 39864820
If the problem is on the server, your DBA needs to fix it.  That's his job.  The system security prevents you from getting to the things that need analyzing and modifying.
0
 

Author Comment

by:data_bits
ID: 39864829
Kdo-what do i need to tell the dba to do?
0
 
LVL 46

Expert Comment

by:Kent Olsen
ID: 39864845
The DBA should know.  He's apparently made changes to the base install that are affecting this.  He should have some idea what he did and why.

Start by telling him just what you told me -- you cannot connect to DB2 from any of the remote clients.  It should take him just a few minutes to understand why.


Kent
0
 

Author Comment

by:data_bits
ID: 39864877
He claims he has done not done anything to the environment. All old users are working ok. its just new users that can't connect using passwords.
0
 
LVL 46

Expert Comment

by:Kent Olsen
ID: 39864912
It sounds like he's not being very cooperative.

For your new users, is the database cataloged correctly?

  db2 connect to mydb user app1 using my_password

That requires that mydb be cataloged to the client machine.  If that's not done, you won't be able to log onto DB2, though I would expect a connection error, not an authentication error.
0
 

Author Comment

by:data_bits
ID: 39865007
It doesnt even work locally on the same server as where the database resides. And it only affects these new users.
0
 
LVL 46

Expert Comment

by:Kent Olsen
ID: 39865129
That tells me a ton.

Can the old users create a telnet session to the AIX server?
0
 
LVL 8

Accepted Solution

by:
mustaccio earned 1000 total points
ID: 39868556
It might be something related to the authentication policies on the server, not directly related to DB2. Typically if a new user is created on AIX it cannot log in until the user changes the password. The user IDs should also be allowed remote login, which may not be the default setting on this particular server.

You could try changing the password upon connection:

connect to yourdb user blah using currentpassword new newpassword confirm newpassword

Open in new window


If that doesn't work, try also logging in to the server as one of the new users using a terminal (telnet or ssh), as Kdo suggested, and see if it prompts you to change the password.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recursive SQL in UDB/LUW (you can use 'recursive' and 'SQL' in the same sentence) A growing number of database queries lend themselves to recursive solutions.  It's not always easy to spot when recursion is called for, especially for people una…
Recursive SQL in UDB/LUW (it really isn't that hard to do) Recursive SQL is most often used to convert columns to rows or rows to columns.  A previous article described the process of converting rows to columns.  This article will build off of th…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question