Troubleshooting
Problem
When Single Sign On is configured for an IBM i and has been working, sometimes users encounter the following error message when connecting to the system:
MSGSY1018 : Kerberos credential could not be mapped for users.Or
CWBSY1018 rc 613Cause
This issue is normally the result of a mismatch between the LDAP and EIM cn=Administrator passwords.
Resolving The Problem
To resolve this issue, I would recommend first checking the LDAP job log on the IBM i. If you are using the default server this job is the QUSRDIR job. Check for a GLD0120 error in the job log. If you find this error continue with the following steps to resolve the issue.
and click on Servers --> TCP/IP Servers:
icon then click on 'Enterprise Identity Mapping' -> 'Configuration':
The error received when trying to connect should now be resolved. If not, contact IBM Software Support for additional assistance.
Document Location
Worldwide
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CJ7AAM","label":"Single Sign On-\u003EEnterprise Identity Mapping"}],"ARM Case Number":"TS003995765","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Version(s)","Line of Business":{"code":"LOB57","label":"Power"}}]
Was this topic helpful?
Document Information
More support for:
IBM i
Component:
Single Sign On->Enterprise Identity Mapping
Software version:
All Version(s)
Operating system(s):
IBM i
Document number:
6254289
Modified date:
05 August 2022
UID
ibm16254289
Manage My Notification Subscriptions