By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
454,236 Members | 1,455 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 454,236 IT Pros & Developers. It's quick & easy.

Authentication in Windows XP Pro

P: n/a
Hi,

I cannot create/drop databases from the command line, only from the
GUI. Below is a detailed description of my installation and
configuration attempts (sorry about the long post).

I'm usually logged on to my PC as a domain user, IBE\ikovacs. As
IBE\ikovacs, I'm member of my PC's Administrators group. There's also a
local user Administrator, who's the default Windows admin user. I used
that account (using runas) to install DB2 (during my previous attempt,
I had problems creating the tools catalog, the installer reported that
IKOVACS had no right to create it). This is the command that I used
(logged on az IBE\ikovacs) to launch the installation:
runas /user:administrator "F:\tmp\db2\EXP\DB2\WINDOWS\wininst.exe -e
exp"

I chose to do a custom install.
I installed DB2 Express and all subfeatures to D:\Program
Files\IBM\SQLLIB.
On the "Set user information for the DB2 Administration Server" screen,
I had DB2 create a new local user, db2admin (the default), and accepted
the default setting of "Use the same user name and password for the
remaining DB2 services".
On the Prepare the DB2 tools catalog screen, I ticked the checkbox, and
left all the other settings (instance: DB2, database: TOOLSDB, schema:
SYSTOOLS) as defaults.
On the Enable operating system security for DB2 objects, I accepted the
default state, enabled. I also accepted the default group names,
DB2ADMNS and DB2USERS.

The installation finished fine, it created user db2admin as member of
Administrators and DB2ADMNS. It also created groups DB2ADMNS (with
db2admin as the only user) and DB2USERS (empty).

I launched the Control Center, and created a new database, FROMCC.
Before pressing Finish in the wizard, I had it output the command and
save it to a file. The command was:
CREATE DATABASE FROMCC AUTOMATIC STORAGE YES ON 'D:\' DBPATH ON 'D:\'
USING CODESET 1250 TERRITORY HU COLLATE USING SYSTEM PAGESIZE 4096;
The database was created fine.

I then opened the command line by running DB2CMD from Start->Run. In
the command window, I typed:
C:\>db2 CREATE DATABASE FROMCLP
SQL1092N "IKOVACS " does not have the authority to perform the
requested
command.

According to the reference, sysadm and sysctrl authority is needed to
run this command; SYSADM authority is assigned to the group specified
by the sysadm_group configuration parameter. At one place, the docs say
that the default for sysadm_group is NULL, and if it's null, and if
"NULL" is specified for this parameter, all members of the
Administrators group have SYSADM authority. IBE\ikovacs is member of
Administrators. According to get dbm configuration, it's not set.

At
http://publib.boulder.ibm.com/infoce...c/s0005900.htm
I read that if I wanted the client (my workstation) to do the
communication with the domain controller, I should issue
db2 update dbm cfg using authentication client
as admin. So I did:
db2 =attach to db2 user db2admin using db2

Instance Attachment Information

Instance server = DB2/NT 9.1.0
Authorization ID = DB2ADMIN
Local instance alias = DB2

db2 =update dbm cfg using authentication client
and restarted the database using db2stop and db2start.
After this, creating the database as ikovacs still failed.

I then read about group lookup at
http://publib.boulder.ibm.com/infoce...c/c0011958.htm
Since it seemed IBE\ikovacs is telling DB2 to look if I'm a member of
the domain controller's Administrators group, I issued the command:
db2set DB2_GRP_LOOKUP=LOCAL,TOKENLOCAL
This enables the access token support for enumerating local groups.
Group lookup for an authorization ID different from the connected user
is performed at the DB2 database server.
I then tried creating a database as ikovacs, but still got SQL1092N.

In desperation, I tried setting sysadm_group to Administrators:
db2 =update dbm configuration using sysadm_group Administrators
immediate

After a db2stop/db2start, ikovacs was still unable to create the
database.

I then tried to include my workstation name in the group specification,
no no avail.

What should I do?

TIA,
Kofa

Aug 9 '06 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.