Java - DB2 Connection Error SQL30082N "USERNAME AND/OR PASSWORD INVALID"

1
votes

I'm trying to connect to a remote IBM DB2 9.7 database from a java application. The connect fails with the following error:

SQL30082N Security processing failed with reason "24" ("USERNAME AND/OR PASSWORD INVALID"). SQLSTATE=08001

This says that there's something wrong with the username and password. However, I am quite sure that I used the correct username and the correct password.

I've already tried the following things in order to solve this problem:

  • I'm on HP-UX and the user account for db2 is called "db2inst1". This should work according to the naming rules I found.
  • SSH connect to the machine with exactly the same username and password works fine.
  • Once logged in over SSH as user db2inst1, "db2 connect to SAMPLE" works. However, "db2 connect to SAMPLE user db2inst1" produces the error above, even with the correct password.
  • Through google I found that "Database manager authentication" in the dbm cfg has to be set to SERVER. It was already set to SERVER all this time.
  • "db2 get dbm cfg | grep -i auth" produces this result:
 GSS Plugin for Local Authorization    (LOCAL_GSSPLUGIN) = 
 Server Connection Authentication          (SRVCON_AUTH) = SERVER   
 Database manager authentication        (AUTHENTICATION) = SERVER   
 Alternate authentication           (ALTERNATE_AUTH_ENC) = NOT_SPECIFIED 
 Cataloging allowed without authority   (CATALOG_NOAUTH) = NO   
 Trusted client authentication          (TRUST_CLNTAUTH) = CLIENT   
 Bypass federated authentication            (FED_NOAUTH) = NO

Edit: The problem still isn't solved, but I have found out more about it:

Db2diag contains the following warnings:

2012-07-20-06.18.24.445983-360 I122110A443 LEVEL: Warning PID
: 24470 TID : 223 PROC : db2sysc 0 INSTANCE: db2inst1 NODE : 000 DB : SAMPLE APPHDL : 0-25775 EDUID : 223 EDUNAME: db2agent (SAMPLE) 0 FUNCTION: DB2 UDB, bsu security, sqlexLogPluginMessage, probe:20 DATA 1 : String with size, 67 bytes Password validation for user db2inst1 failed with rc = -2146500507

2012-07-20-06.18.24.446251-360 I122554A436 LEVEL: Warning PID
: 24470 TID : 223 PROC : db2sysc 0 INSTANCE: db2inst1 NODE : 000 DB : SAMPLE APPHDL : 0-25775 EDUID : 223 EDUNAME: db2agent (SAMPLE) 0 FUNCTION: DB2 UDB, bsu security, sqlexSlsSystemAuthenticate, probe:150 MESSAGE : application id: DATA #1 : String with size, 26 bytes C0A8150A.D350.120720121824

Also, some queries to the SYSPROC generate the error as well. For example this one:

db2 "values SYSPROC.AUTH_GET_INSTANCE_AUTHID()"

I am now guessing it has to do with the access rights. I can see some rights by using the query

"SELECT * FROM TABLE (SYSPROC.AUTH_LIST_AUTHORITIES_FOR_AUTHID ('db2inst1', 'U') ) AS T ORDER BY AUTHORITY"

The result of this is, CONNECT is on "N" for D_USER, but on "Y" for D_GROUP.

I'm guessing D_USER should be on "Y", so that db2inst1 is allowed to connect. Therefore, I've tried to grant the rights for this by using

db2 “GRANT CONNECT ON DATABASE TO USER db2inst1”

but no luck, D_USER is still on "N", and the error still occurs.

Any more ideas what I can do?

I'd very much appreciate help on this issue!

2
javadb2
Perhaps there are wrong username/password for the network host, not for DB2 database. Is that possible that you need to be authorized on a network host, before connecting the DB2 database that located on it?user784540
Also check this link: www-01.ibm.com/support/docview.wss?uid=swg21222806user784540
Thank you very much for your help! I've checked the link, but unfortunately this doesn't seem to be the case for me. I've got other errors in the db2diag than the ones mentioned there. To your first suggestion: I can ssh to the server that DB2 is located on without problems - login to the server and to DB2 should be the same. As far as I understand it, DB2 uses username & password from the OS.daniela
Ssh does most likely not use the same authentication mechanism as db2Thorbjørn Ravn Andersen
Daniela, is it possible to connect to DB2 via IBM Data Studio? It is an official DB2 Administration client. You can download it here http://www-01.ibm.com/software/data/db2/express/download.htmluser784540

2 Answers

1
votes

Everyone, thank you so much for your ideas and suggestions! I finally managed to solve this problem today. The solution is very trivial. The password was indeed wrong. My instance as well as the database was set up automatically by a script. It turned out that this script uses different passwords for the db2inst1 user account on the operating system and the db2inst1 user account for the database. For the whole time I didn't understand that these are two different user accounts that can have different passwords. Going through the installation script and comparing it with online db2 installation tutorials made it clear to me. Again, thank you very much :)

0
votes

I suspect that some of the file permissions in ~db2inst1/sqllib (specifically ~db2inst1/sqllib/security/db2ckpw) have been altered.

You can fix this (and other issues) by using the db2iupdt utility. You'll need to run this as root while your instance is stopped. Documentation: db2iupdt - Update instances command