IBM Support

SQL30060N connecting to database

Troubleshooting


Problem

When operating system configured to use third party authentication, no authority to connect to database even though proper authorities have been granted

Symptom



A specific Windows Active Directory user id does not have the authority to connect in Linux. Using other user ids of the same group succeed.

db2 "connect to sample user DB2TEST"
Enter current password for DB2TEST:  
SQL30060N  "DB2TEST" does not have the privilege to perform operation "CONNECT".  SQLSTATE=08004

Querying system catalogs confirm DB2TEST was explicitly granted CONNECTAUTH and/or PUBLIC was granted this authority so the connection should have succeeded.

db2 "select grantee, connectauth from syscat.dbauth"

GRANTEE  CONNECTAUTH
-------- -----------
DB2TEST   Y
         
PUBLIC    Y

  2 record(s) selected.

db2diag.log will show:

2016-01-01-14.56.38.445502-240 I3524E510             LEVEL: Severe
PID     : 29982                TID : 140736842426112 PROC : db2sysc 0
INSTANCE: db2inst1             NODE : 000            DB   : SAMPLE
APPHDL  : 0-47                 APPID: *LOCAL.db2inst1.160831185638
HOSTNAME: test.ibm.com
EDUID   : 53                   EDUNAME: db2agent (SAMPLE) 0
FUNCTION: DB2 UDB, bsu security, sqlexLogPluginMessage, probe:20
DATA #1 : String with size, 42 bytes
secGetGroups failed with rc = -2146500503

2016-01-01-14.56.38.445878-240 I4035E505             LEVEL: Severe
PID     : 29982                TID : 140736842426112 PROC : db2sysc 0
INSTANCE: db2inst1             NODE : 000            DB   : SAMPLE
APPHDL  : 0-47                 APPID: *LOCAL.db2inst1.160831185638
HOSTNAME: test.ibm.com
EDUID   : 53                   EDUNAME: db2agent (SAMPLE) 0
FUNCTION: DB2 UDB, bsu security, sqlexLogPluginMessage, probe:20
DATA #1 : String with size, 37 bytes
osplugin_get_groups rc = -2146500503

2016-01-01-14.56.38.446171-240 E4541E604             LEVEL: Severe
PID     : 29982                TID : 140736842426112 PROC : db2sysc 0
INSTANCE: db2inst1             NODE : 000            DB   : SAMPLE
APPHDL  : 0-47                 APPID: *LOCAL.db2inst1.160831185638
HOSTNAME: test.ibm.com
EDUID   : 53                   EDUNAME: db2agent (SAMPLE) 0
FUNCTION: DB2 UDB, bsu security, getgroupsforuser, probe:150
MESSAGE : ADM13001E  Plug-in "IBMOSgroups" received error code "-1" from the
          DB2 security plug-in API "db2secGetGroupsForUser" with the error
          message " ".

2016-01-01-14.56.38.446200-240 I10913688E785         LEVEL: Info
PID     : 1517                 TID : 140737260951328 PROC : db2bp
INSTANCE: db2inst1             NODE : 000
HOSTNAME: test.ibm.com
FUNCTION: DB2 UDB, DRDA Application Requester, sqljrReportServerErrReply, probe:20
MESSAGE : ZRC=0x8037012D=-2143878867=SQLJR_AUTERR "Authorization Error"
DATA #1 : SQLCA, PD_DB2_TYPE_SQLCA, 136 bytes
 sqlcaid : SQLCA     sqlcabc: 136   sqlcode: -30082   sqlerrml: 2
 sqlerrmc:  
 sqlerrp : sqljrerm
 sqlerrd : (1) 0x8037012D      (2) 0x0000012D      (3) 0x00000000
           (4) 0x00000000      (5) 0x00000000      (6) 0x00000000
 sqlwarn : (1)      (2)      (3)      (4)        (5)       (6)    
           (7)      (8)      (9)      (10)        (11)    
 sqlstate:    

2016-01-01-14.56.38.446201-240 I10915816E710         LEVEL: Info
PID     : 1517                 TID : 140737260951328 PROC : db2bp
INSTANCE: db2inst1             NODE : 000
HOSTNAME: test.ibm.com
FUNCTION: DB2 UDB, oper system services, sqlofica, probe:10
DATA #1 : SQLCA, PD_DB2_TYPE_SQLCA, 136 bytes
 sqlcaid : SQLCA     sqlcabc: 136   sqlcode: -30060   sqlerrml: 21
 sqlerrmc: DB2TEST CONNECT
 sqlerrp : SQLJRERM
 sqlerrd : (1) 0x8037012D      (2) 0x0000012D      (3) 0x00000000
           (4) 0x00000000      (5) 0x00000000      (6) 0x00000000
 sqlwarn : (1)      (2)      (3)      (4)        (5)       (6)    
           (7)      (8)      (9)      (10)        (11)    
 sqlstate: 08004

[{"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Security \/ Plug-Ins - LDAP","Platform":[{"code":"PF016","label":"Linux"}],"Version":"9.7;10.1;10.5;11.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
01 May 2025

UID

swg21993344

Page Feedback