DB2 7.1 -Authentication problem on NT

Dimitris Margaritis

DB2 7.1 -Authentication problem on NT
Hi all
I have just installed DB2 7.1 on an NT workstation machine. Db2 processes
starts using a local account.
I log on using mydomain account and when I try to create a database I got
message that my account has no priviledges to create database.
What I have to do in order domain account obtain sysadm priviledges without
add account to Administrators group of Primary domain Controler?

Thanks



David Booher

Re: DB2 7.1 -Authentication problem on NT
(in response to Dimitris Margaritis)
This may not be the perfect way, but:

I installed DB2 on my local machine and let it create the user DB2ADMIN.
After the SAMPLE databases were created, I then added my normal domain login
name as a user with all privileges to the database. There appears to be a
restriction to eight characters for a user name. Since my domain login was
david_booher, I had to create a new user on my machine as david_bo (8
characters). Once this was added as a user to the SAMPLE database (with
privileges) I have no problem maintaining it when I'm logged in under my
normal NT domain id.

However, any time I create a new database, I have to log on to the Control
Center using the DB2ADMIN password to create the database and then I add
david_bo to it's list of users.

I am fairly new to UDB on NT ( I work with DB2 on the mainframe), but this
seems to work OK for me.

Dave Booher
Systems Programmer
Quest Software

-----Original Message-----
From: Dimitris Margaritis [mailto:[login to unmask email]
Sent: Thursday, December 28, 2000 10:04 AM
To: [login to unmask email]
Subject: DB2 7.1 -Authentication problem on NT


Hi all
I have just installed DB2 7.1 on an NT workstation machine. Db2 processes
starts using a local account.
I log on using mydomain account and when I try to create a database I got
message that my account has no priviledges to create database.
What I have to do in order domain account obtain sysadm priviledges without
add account to Administrators group of Primary domain Controler?

Thanks





Scott Hayes

Fw: DB2 7.1 -Authentication problem on NT
(in response to David Booher)
Dimitris,

From a DB2 command line window, you can issue the command:
db2 get dbm cfg | more

You may find that SYSADM_GROUP, SYSCTRL_GROUP, and
SYSMAINT_GROUPS are all blank, or unspecified.

It is a good practice to create operating system groups for
these purposes (eg. PROD_SYSADM, TEST_SYSADM, PROD_SYSCTRL, ...)

Once you have created the OS groups, you can assign users to
these groups. For instance, add your domain account to the
PROD_SYSADM group.

Once you have your OS groups created, you can update the database
manager configuration:

db2 update dbm cfg using SYSADM_GROUP GROUPNAME
db2 update dbm cfg using SYSCTRL_GROUP GROUPNAME
etc.

After updating the DBM CFG, it'd be a good idea to stop and
start the database manager (db2stop, db2start) to ensure the CFG
changes take effect.

Provided that your domain account belongs to the SYSADM_GROUP,
it should now be able to successfully create databases and
whatever else you'd like to do.

As an extra note, try to use groups as much as possible. The
efficient DBA will grant object (table, view, ...) privileges
to groups (eg. ENDUSERS), then add user accounts to the OS
groups. This tends to make security administration much easier.
Also, if you need to take a table offline to users, one revoke
of the group's privileges does the trick.

Hope this helps, and happy new year!

Regards,
Scott

Win the e-Business race with high performance tools from
Database-GUYS(TM): http://www.database-guys.com/domore/


Dimitris Margaritis <[login to unmask email]> wrote in message news:
<[login to unmask email]>...
> Hi all
> I have just installed DB2 7.1 on an NT workstation machine. Db2 processes
> starts using a local account.
> I log on using mydomain account and when I try to create a database I got
> message that my account has no priviledges to create database.
> What I have to do in order domain account obtain sysadm priviledges without
> add account to Administrators group of Primary domain Controler?
>
> Thanks
>
>
>