Troubleshooting authentication issues SQL30082, SQL1366

Recommended Resources

Abstract

Guidance on troubleshooting techniques for SQL30082 and SQL1366 (LDAP plug-ins) with various return codes and resolution.

Content

This document provides troubleshooting guidance for authentication issues when a user receives SQL30082, SQL1366, and return code=xx when connecting to database with the DB2 CLP using a user ID such as:

db2 "connect to sample user db2inst1"  (user is prompted for password)

Using implicit connections such as the following is not a valid test for authentication.

db2 "connect to sample"

But the same user has no problems logging in to the operating system.

Make note of:

Any recent changes
Does the account exist locally on the same server as DB2 or is authentication being routed to a remote server like LDAP or NIS?
Check db2diag.log for error messages
Search for IBM technotes: put "sql30082 site:ibm.com" in search engine

A) Local Account and Transparent LDAP Environments

Use an authentication testing utility to determine whether there is a configuration issue outside of Db2. Testing utilities for Linux, AIX, and Windows are available from the following document:

https://www.ibm.com/support/pages/node/567799

For consistent or intermittent SQL30082N errors where users are able to log in to the operating system, refer to the following technote:

DB2 users consistently receive SQL30082N, although OS authentication is possible.

B) LDAP Security plug-in environments

Enable extra logging to be written to db2diag.log

Edit IBMLDAPSecurity.ini and uncomment DEBUG=true
1. Changes to IBMLDAPSecurity.ini require a restart of the Db2 instance to take effect
Update the DIAGLEVEL database manager configuration parameter to level 4
1. ```
db2 "update dbm cfg using diaglevel 4"
```
Reproduce the problem
Set DIAGLEVEL back to 3
1. ```
db2 "update dbm cfg using diaglevel 3"
```
Comment out DEBUG = true in IBMLDAPSecurity.ini and restart DB2 instance.
Check db2diag.log for errors

Symptom: SQL1366 rc=7

2018-01-01-11.13.22.628438-240 I82061A527          LEVEL: Error  
PID    : 1234567            TID : 1             PROC : db2fmp (123) 0  
INSTANCE: db2inst11            NODE : 000          DB  : SAMPLE  
APPID  : *LOCAL.db2hubd1.181022191437  HOSTNAME: test.ibm.com  
EDUID  : 1                   EDUNAME: db2fmp (123) 0  
FUNCTION: DB2 UDB, bsu security, sqlexLogPluginMessage, probe:20  
DATA #1 : String with size, 95 bytes  
db2ldapInitSSL: ldap_ssl_client_init failed, rc=113 (SSL initialization call failed), sslrc=102

sslrc=102 is return code from IBM GSKit, which maps to "I/O error reading keyfile"

Resolution:

Ensure that the fenced user ID has access to the file referenced by SSL_KEYFILE in IBMLDAPSecurity.ini

SSL_KEYFILE = /db2/db2inst1/ssl/test.kdb

Related Information

Troubleshooting Flow for DB2 Security authentication issues on Windows platforms

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Product Synonym

SQL30082N;-30082;sql1366;-1366;ldap;authentication

Was this topic helpful?

Document Information

Modified date:
17 May 2022

UID

ibm10737745

Tips