By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,590 Members | 2,174 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,590 IT Pros & Developers. It's quick & easy.

Group Authentication

P: n/a
We are adding a new DB2 server to our domain. DB2 is version
8.1.7.445, and it is installed on a Windows 2003 server. The server is
a domain controller and the domain uses Active Directory. It was made
a domain controller because it could not see the domain ID's or domain
groups. After it was made a domain controller, it could see the domain
ID's, but still could not see the domain groups.

If I grant someone privleges under their domain ID, they are able to do
whatever tasks they have been granted rights to. When I click the Add
User button, the domain ID's are in the list. If I go to the group
tab, and click Add Group, no groups display. I have tried typing in
the name of a group that I know exists, then had someone in the group
try to connect. They are not allowed to connect. It is not
authenticating using domain groups.

I have used the db2set command to set the DB2_GRP_LOOKUP setting to
equal domain, but it did not work. I also tried domain, tokendomain
and domain, token_domain, but these did not work either.

Does anyone have any idea what the issue could be, or where I might
look to find additional information? I have looked over the Redbook,
and it looks like it should work, but it isn't. Thanks in advance for
any information or suggestions.

Bob

Mar 28 '06 #1
Share this Question
Share on Google+
2 Replies


P: n/a
In article <11**********************@t31g2000cwb.googlegroups .com>,
bg********@msn.com says...
We are adding a new DB2 server to our domain. DB2 is version
8.1.7.445, and it is installed on a Windows 2003 server. The server is
a domain controller and the domain uses Active Directory. It was made
a domain controller because it could not see the domain ID's or domain
groups. After it was made a domain controller, it could see the domain
ID's, but still could not see the domain groups.

If I grant someone privleges under their domain ID, they are able to do
whatever tasks they have been granted rights to. When I click the Add
User button, the domain ID's are in the list. If I go to the group
tab, and click Add Group, no groups display. I have tried typing in
the name of a group that I know exists, then had someone in the group
try to connect. They are not allowed to connect. It is not
authenticating using domain groups.

I have used the db2set command to set the DB2_GRP_LOOKUP setting to
equal domain, but it did not work. I also tried domain, tokendomain
and domain, token_domain, but these did not work either.

Does anyone have any idea what the issue could be, or where I might
look to find additional information? I have looked over the Redbook,
and it looks like it should work, but it isn't. Thanks in advance for
any information or suggestions.

Bob

Just a guess, but maybe the userid which is defined to run the db2
security service under doesn't have the necessary rights to check the
group on the domain controller?
Mar 28 '06 #2

P: n/a
1) When you installed DB2 you had to choose an account to run specific
services. That account needs to be a domain account, and it needs to have
the rights to see the groups. You may need to change the account or grant it
rights.
2) DB2 doesn't support group nesting (groan, mutter). If this is your issue,
all I can do is suggest you open a requirement.

"blogan" <bg********@msn.com> wrote in message
news:11**********************@t31g2000cwb.googlegr oups.com...
We are adding a new DB2 server to our domain. DB2 is version
8.1.7.445, and it is installed on a Windows 2003 server. The server is
a domain controller and the domain uses Active Directory. It was made
a domain controller because it could not see the domain ID's or domain
groups. After it was made a domain controller, it could see the domain
ID's, but still could not see the domain groups.

If I grant someone privleges under their domain ID, they are able to do
whatever tasks they have been granted rights to. When I click the Add
User button, the domain ID's are in the list. If I go to the group
tab, and click Add Group, no groups display. I have tried typing in
the name of a group that I know exists, then had someone in the group
try to connect. They are not allowed to connect. It is not
authenticating using domain groups.

I have used the db2set command to set the DB2_GRP_LOOKUP setting to
equal domain, but it did not work. I also tried domain, tokendomain
and domain, token_domain, but these did not work either.

Does anyone have any idea what the issue could be, or where I might
look to find additional information? I have looked over the Redbook,
and it looks like it should work, but it isn't. Thanks in advance for
any information or suggestions.

Bob

Mar 29 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.