Skip to content
Advertisement

Connect Python to Remote DB2 Server

Using Python’s DB2 API, ibm_db, I am attempting to connect to a remote DB2 server (at IP address 10.0.0.001 which I can successfully ssh into). Both client and server machines are Linux / Ubuntu 16.0 LTS. In all my attempts and solutions, I continually run into the regular SQL1639N error.

Python 3.5 (attempted both connection versions)

JavaScript

Error

[IBM][CLI Driver] SQL1639N The database server was unable to perform authentication because security-related database manager files on the server do not have the required operating system permissions. SQLSTATE=08001 SQLCODE=-1639

User

The user listed above in connection string, OEM, is:

  1. server machine’s root super user
  2. name of only instance of DB2 installation (not db2inst1)
  3. name of schema database resides in

OEM maintains the DBADM privileges. Below are all grantees of MYDB database. If OEM requires the CONNECT attribute please let me know how to grant it as I cannot connect with any other user including db2admin.

JavaScript

Server

Relatedly, on the server, I cannot connect to database with OEM and password (using server machine root’s password). However, I can without any specified user.

Fails

JavaScript

Succeeds

JavaScript

Below are my attempted solutions per IBM’s own guidelines. And yes, I did stop and start DB2 with commands: dbstop and dbstart.

Solution 1 IBM link

Attempting to run ./db2iupdt -k OEM for both OEM and a non-root superuser, I received the following.

JavaScript

Then adding sudo comamnd, sudo ./db2iupdt -k OEM, I received the following:

JavaScript

Solution 2 IBM link

Changing the ownership level to allow set-user-id, s, for these two security files, db2chpw and db2ckpw, made no difference as error persisted from Python.

Please advise on anything I need to do to diagnose and ultimately resolve the connection issue. Being new to DB2, I would also ask you to clarify items like node and catalog if part of your answer.


Instance Owner IBM link

JavaScript

sqllib permission

JavaScript

Authentication parameter

JavaScript

Advertisement

Answer

Not quite sure what the true fix was but I eventually was able to connect DB2 on server to client machine using Python with following steps.

  1. Changed ownership of security files, db2chpw and db2ckpw

    JavaScript
  2. Changed the db2irct config file (in ~/sqllib/instance directory) to allow the following (NO to YES):

    JavaScript
  3. Ran the config file

    JavaScript

    This also started the db2 svcename, db2c_oem, at a different port, 48000, listed later in the config file. On a previous attempted fix, I had manually entered db2c_inst1 svcename in dbm cfg file which I removed here. Maybe that was the real issue?

With above changes I was able to locally connect on the server machine:

JavaScript

And I was able to remotely connect with client machine but adjusted the port and slightly changed second connection string using explicit Port argument. Both versions below correctly work:

JavaScript

Interestingly, I reverted back ENABLE_OS_AUTHENTICATION and RESERVE_REMOTE_CONNECTION to NO and then re-ran the config file and I was still able to successfully connect!

User contributions licensed under: CC BY-SA
9 People found this is helpful
Advertisement