Skip to main content

developerWorks >  Information Management  >  Forums  >  DB2 for Linux, UNIX, and Windows  >  developerWorks

Unable to create/drop database with Windows ad account    Point your RSS reader here for a feed of the latest messages in this thread


     
 
 
My developerWorks
 Welcome, Guest
Sign in or register
Reply to this Thread Reply to this Thread Post New Thread Post New Thread Watch list Watch list Forum settings Forum settings Help Help
Permlink Replies: 2 - Pages: 1 - Last Post: Nov 12, 2009 4:42 PM Last Post By: solvetek Threads: [ Previous | Next ]
solvetek

Posts: 17
Registered: Aug 23, 2007 02:55:00 PM
Unable to create/drop database with Windows ad account
Posted: Nov 09, 2009 05:16:11 PM
Click to report abuse...   Click to reply to this thread Reply
I am using DB2 v9.5 ESE on Windows XP, SP3.

I would like to able to work with my Windows AD account but it lacks auth to do anything.

I have the following Windows group with 3 IDs in it:

Group = DB2ADMNS
IDs in group DB2ADMNS = (AD\U123, U123 DB2ADMIN)

DBM config for the instance is set as follows:
SYSADM group name (SYSADM_GROUP) = DB2ADMNS

When I sign to my server with U123 or DB2ADMIN I have full privileges. I can create and drop database.

When I sign onto the server with AD\U123 I am unable to create or drop a database. The ID lacks priv.

Any suggestions?
nivanov1

Posts: 66
Registered: Sep 10, 2004 12:49:58 PM
Re: Unable to create/drop database with Windows ad account
Posted: Nov 10, 2009 05:03:00 PM   in response to: solvetek in response to: solvetek's post
Click to report abuse...   Click to reply to this thread Reply
There are a couple of things that could be wrong. First, for a domain user DB2 tries to list the user's groups in the domain by default. To override this behaviour set the registry variable:

db2set -g DB2_GRP_LOOKUP=local

Second, for DB2 to be able to authenticate the user, the account under which it is running (the one that the DB2 service uses to log in) should be allowed to access AD.
solvetek

Posts: 17
Registered: Aug 23, 2007 02:55:00 PM
Re: Unable to create/drop database with Windows ad account
Posted: Nov 12, 2009 04:42:36 PM   in response to: solvetek in response to: solvetek's post
Click to report abuse...   Click to reply to this thread Reply
Thanks for your advice

"Second, for DB2 to be able to authenticate the user, the account under which it is running (the one that the DB2 service uses to log in) should be allowed to access AD"

I fixed the problem by using my ad account ad\u123 to start the db2 service.
Pages: 1
Go Back Back to Thread List
Threads: [ Previous | Next ]
 Tags
Help

Use the search field to find all types of content in My developerWorks with that tag.

Use the slider bar to see more or fewer tags.

Popular tags shows the top tags for this particular type of content or application that you're viewing.

My tags shows your tags for this particular type of content or application that you're viewing.

 
MoreLess 

Update your My developerWorks profile and start connecting with others.

Point your RSS reader here for a feed of the latest messages in all forums