Help with DB2 for NT (V5.2) Authentication

Philip Nelson

Help with DB2 for NT (V5.2) Authentication
I'm needing help with getting users able to access a DB2 for NT V5.2
server we're setting up (yes I know it is ancient / out-of-support but
we have a good reason).

Basically I can log in from a client using the install (db2admin) user
ID. However a user, set up by our Security Admin team, gets a "Invalid
User ID or password" when trying to connect.

As a Unix DBA I don't really understand NT authentication, although I
have read Appendix R in the Admin Guide.

Here's the scenario -

=== DBA Report ======

The server SERVER1 has had DB2 installed, with local admin user
db2admin.

From a DB2 side, I've connected to the database and issued the SQL
command :

GRANT SELECT, INSERT, UPDATE, DELETE ON table TO GROUP GROUP1;

for each table in the database.

=== End of DBA Report ======

=== Security Admin Report =====

SERVER1 has been added to NT resource domain DOMAINDEV. A local group
GROUP1 has been added to SERVER1.

User account USER1 have been created under our NT accounts domain
DOMAINACC.

DOMAINACC is trusted by DOMAINDEV, therefore the user's DOMAINACC NT
account have been added to the local groups on SERVER1.

This means that by signing on with his DOMAINACC account, the user has
the ability to access anything which the local groups on DOMAINDEV and
SERVER1 have been associated with.

=== End of Security Admin Report =====

What are we missing ?

TIA

Phil Nelson



Jeremy Schleicher

Re: Help with DB2 for NT (V5.2) Authentication
(in response to Philip Nelson)
The user has to setup within db2. Using the control center, go to users
and groups and add the user, you will have to grant them connect, and
select/update/insert/delete on the various table that you will need.

Hope this helps

Jeremy Schleicher
System DBA
May Department Stores Company



From: "Philip Nelson (DBA)" <[login to unmask email]>@RYCI.COM on 12/24/2001
09:44 AM

Please respond to DB2 Data Base Discussion List <[login to unmask email]>

Sent by: DB2 Data Base Discussion List <[login to unmask email]>


To: [login to unmask email]
cc:

Subject: Help with DB2 for NT (V5.2) Authentication


I'm needing help with getting users able to access a DB2 for NT V5.2
server we're setting up (yes I know it is ancient / out-of-support but
we have a good reason).

Basically I can log in from a client using the install (db2admin) user
ID. However a user, set up by our Security Admin team, gets a "Invalid
User ID or password" when trying to connect.

As a Unix DBA I don't really understand NT authentication, although I
have read Appendix R in the Admin Guide.

Here's the scenario -

=== DBA Report ======

The server SERVER1 has had DB2 installed, with local admin user
db2admin.

From a DB2 side, I've connected to the database and issued the SQL
command :

GRANT SELECT, INSERT, UPDATE, DELETE ON table TO GROUP GROUP1;

for each table in the database.

=== End of DBA Report ======

=== Security Admin Report =====

SERVER1 has been added to NT resource domain DOMAINDEV. A local group
GROUP1 has been added to SERVER1.

User account USER1 have been created under our NT accounts domain
DOMAINACC.

DOMAINACC is trusted by DOMAINDEV, therefore the user's DOMAINACC NT
account have been added to the local groups on SERVER1.

This means that by signing on with his DOMAINACC account, the user has
the ability to access anything which the local groups on DOMAINDEV and
SERVER1 have been associated with.

=== End of Security Admin Report =====

What are we missing ?

TIA

Phil Nelson








Gert van der Kooij

Re: Help with DB2 for NT (V5.2) Authentication
(in response to Jeremy Schleicher)
----- Original Message -----
From: "Philip Nelson (DBA)" <[login to unmask email]>
Newsgroups: bit.listserv.db2-l
To: <[login to unmask email]>
Sent: Monday, December 24, 2001 4:44 PM
Subject: Help with DB2 for NT (V5.2) Authentication


> I'm needing help with getting users able to access a DB2 for NT V5.2
> server we're setting up (yes I know it is ancient / out-of-support but
> we have a good reason).
>
> Basically I can log in from a client using the install (db2admin) user
> ID. However a user, set up by our Security Admin team, gets a "Invalid
> User ID or password" when trying to connect.
>
> As a Unix DBA I don't really understand NT authentication, although I
> have read Appendix R in the Admin Guide.
>
> Here's the scenario -
>
> === DBA Report ======
>
> The server SERVER1 has had DB2 installed, with local admin user
> db2admin.
>
> From a DB2 side, I've connected to the database and issued the SQL
> command :
>
> GRANT SELECT, INSERT, UPDATE, DELETE ON table TO GROUP GROUP1;
>
> for each table in the database.
>
> === End of DBA Report ======
>
> === Security Admin Report =====
>
> SERVER1 has been added to NT resource domain DOMAINDEV. A local group
> GROUP1 has been added to SERVER1.
>
> User account USER1 have been created under our NT accounts domain
> DOMAINACC.
>
> DOMAINACC is trusted by DOMAINDEV, therefore the user's DOMAINACC NT
> account have been added to the local groups on SERVER1.
>
> This means that by signing on with his DOMAINACC account, the user has
> the ability to access anything which the local groups on DOMAINDEV and
> SERVER1 have been associated with.
>
> === End of Security Admin Report =====
>
> What are we missing ?
>
> TIA
>
> Phil Nelson
>
>
>


>



Gert van der Kooij

Re: Help with DB2 for NT (V5.2) Authentication
(in response to Gert van der Kooij)
Sorry, something went wrong with my first reply.

Philip, your domain group DOMAINACC exceeds the 8 character limit. I think
that 's causing the problem.

Hope this helps.

Best regards, Gert