Security :: Active Directory Authentication For Oracle 10g Database Running On Solaris?
Jul 25, 2011
I have oracle 10g up and running on Solaris 10, from windows I would like to connect to sql plus through windows authentication, for that I have already made sure that remote_auth = true and have created user in oracle with OPS$. But still I cannot connect.
I have the same setup but with oracle on windows server, the os authentication from windows clients works just fine.
does oracle 10g on solaris 10 supports windows os authentication?
I'm checking the possibility to use Active Directory to log on the our Oracle databases. But only for dba's and developers, not application users. We use Oracle 10.2.0.4 (and soon 11g) As OS on the databaseserver we use AIX5L 5.3
Is it possible to implement Active Directory on databases running on AIX ? If it is possible, what must be done to get it to work, software ... etc ?
I've Googled several times but the result is 50% null ^_^
How can I use the Active Directory to route the clients request to the Oracle Database server so that I can do the basic operation on the Oracle DB remotely.
I have a table in Oracle with a column userid and i have a userid column in Active Directory. based on this i want to query the Network ID and update in one of the Group in the Active Directory. how to get the results?
We have an Oracle 9i (9.2.0.7) two-node RAC database running on Solaris 5.8. Recently we have switched our production database from no archive log mode to archive log. We changed the parameter CLUSTER_DATABASE=FALSE on one of the instances before converting and reverted back.why this parameter needs to be changed to false?
I'd like to have my 11g database authenticate users against an OpenLDAP service. We'd still create accounts in the database, and do authorization within the database, but I'd just want to the user's passwords authenticated externally, against the OpenLDAP service. Is this possible? My searching through these forums and Google seems to indicate that you can do it if you run an Oracle Internet Directory (OID) service. I do not want to have to install and maintain an Oracle Internet Directory service. I'd like to do it without it.
I have a working PL/SQL function (below) that can authenticate a passed in username & password against our OpenLDAP directory. Is there any way for me to have Oracle call this function for the database user authentication? Or is there any other way for me to get the Oracle database to directly authenticate against OpenLDAP without having to run OID?
create or replace function ldap_authenticate(username varchar2, password varchar2) return boolean is begin begin if dbms_ldap.success = dbms_ldap.simple_bind_s( [code]........
I know how to use database links in various forms, but I've been trying to think through how the authentication works for a connected user link in 11g. If I create the link like this,create public database link using 'orcl';then any user can use the link, provided they have an identical username/password in the two databases. With pre-11g passwords, it was understandable: the password was salted with the username, so the hash of the password would be the same in both databases, and I assumed that the logon through the link used some sort of IDENTIFIED BY VALUES mechanism. But in 11g, the salt will different in the two databases. So the hash will be different. And of course Oracle never stores the actual password. So I don't see how the authentication works.
What two Active Directory services are stopped when you install Active Directory before Oracle 10g? I know the error message for that and I know why it happened but I just need to know the two services so I can start them again. I think it happened because I installed Active Directory first so when I installed Oracle second it stopped two services and I just need to know them. The error message is:
Active Directory is missing binaries, please restart and try again
I have been using oracle based database security but company now wants to handle with windows authentication.I have windows os 2008 R2 and oracle 11.2.0.3.
I also have set up the SQLNET.AUTHENTICATION_SERVICES= (NTS).I created user with create user "domainusername" identified Externally! but now how can i connection from application to database!
1) to define a job in oracle9i for solaris 2) to schedule this job
Remember i have prior experience deploying jobs at windows platform but when i try it on (9i for ) solaris, the script does not work as it does not accept a submit job request.
Does any technical details on the tables found in Oracle Internet Directory? I've checked eTRM and google etc.. - nothing there apart from very minor snippets. I'd like logical schema drawings (PDF) if possible or even a list of the tables and what they do as like the modules in EBS.
I understand how to create a database directory object to point to a directory on the server File System. Is there a way to take the next step and create a new directory on the host file system from within Oracle?
I have task to integrate AD users with oracle ebs r12 . Is there any mechanism to do it directly without OID between oracle ebs and Active directory during login to ebs or i have to install OID to finish that task .
I have one question. Is there any way to get some users data from active directory? I already have authentication scheme wich interact with AD, but now I need to get e-mail address from user who will login into application. Our Apex version is 4.1.
Oracle Database 11.2.0.3.0 64bitI have followed most steps of this link and I came to a stop at the point where I use the Network Configuration Assistant.I have selected the following
1) Directory Usage Configuration> 2) Microsoft Active Directory> 3) Operation (2nd): Select the directory server you want to use, and configure the directory server for Oracle usage.> 4) Input my AD hostname> 5) Then it displays a message that "The directory contains an older version of the required Oracle Schema. Directory usage configuration cannot continue without the correct Oracle Schema. If you have authorization to create the directory schema then you can upgrade the Oracle Schema now. Would you like to upgrade the Oracle Schema? I have selected: Yes, I want to upgrade... and thereafter I get the errors:
The Assistant is unable to create or upgrade the Oracle Schema for the following reason:
ConfigException: Could not upgrade the Oracle Schema: oracle.net.config.ConfigException: TNS-004409 Directory Service Errorcaused by: oracle.net.config.DirectoryServiceException: TNS - 04431: DirectoryService: no entries foundcaused by: oracle.net.ldap.NNFLException.You may need to upgrade the directory schema from a specific computer which directly supports your directory type.
Command Line Error Response ConfigException: Could not check for the Oracle Schema: oracle.net.config.Config Exception: TNS-04409: Directory service error caused by: oracle.net.config.DirectoryServiceException: TNS-04431: DirectorySe rvice: no entries found caused by: oracle.net.ldap.NNFLException
SQL> connect / as sysdba ERROR: ORA-01031: insufficient privileges
sqlnet.ora text:
# This file is actually generated by netca. But if customers choose to # install "Software Only", this file wont exist and without the native # authentication, they will not be able to connect to the database on NT. #SQLNET.AUTHENTICATION_SERVICES = (NTS) SQLNET.INBOUND_CONNECT_TIMEOUT=1
our DB machines time is one hour ahead of Active Directory, as we sync our time with AD, is there any contribution of Database in the wrong time of solaris machines ? and for the resolution of problem, what can be checked at DB side.
c:usersjohnhome> c:usersjohnhome>orapwd file=%ORACLE_HOME%databasePWDorcl.ora password=oracle c:usersjohnhome>sqlplus sys/garbage@orcl as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Sat Jan 5 18:25:06 2013 Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production With the Partitioning, Oracle Label Security, OLAP, Data Mining, Oracle Database Vault and Real Application Testing options
orcl> sho user USER is "SYS" orcl> select sys_context('userenv','ip_address') from dual; SYS_CONTEXT('USERENV','IP_ADDRESS') --------------------------------------------------------------------------------------------------- 127.0.0.1
orcl>Why can I get a sys login, when I am connecting through the listener and giving an incorrect password? The listening address is a loopback address, is Oracle clever enough to realize that I am in fact logged on to the server as a member of the OSDBA group? I didn't think that information was passed through SQL*Net.
We are facing an surprising problem in oracle 10g database. Previously we are able to connect our Oracle 10g database using os authentication with "sqlplus / as sysdba" command. Last wednesday in our linux server maximum number of processes have overflowed and we need to increase the soft limit of our linux server. After that without restarting database every applications [OID 10g] are working fine. But, we are not able to connect with system using OS authentication. It is showing following.
$ export ORACLE_HOME=/a01/OID$ export ORACLE_SID=OID$ export PATH=$PATH:/a01/OID/bin$ sqlplus / as sysdbaSQL*Plus: Release 10.1.0.5.0 - Production on Tue Sep 10 06:45:08 2013Copyright (c) 1982, 2005, Oracle. All rights reserved.Connected to an idle instance.SQL>
Whereas I can connect with instance after providing @OID [SID]$ sqlplus sys@OID as sysdbaSQL*Plus: Release 10.1.0.5.0 - Production on Tue Sep 10 06:47:07 2013Copyright (c) 1982, 2005, Oracle. All rights reserved.Enter password:Connected to:Oracle Database 10g Enterprise Edition Release 10.1.0.5.0 - ProductionWith the Partitioning, OLAP and Data Mining optionsSQL> What am I missing. How can I connect with system with "sqlplus / as sysdba" command?
We like to integrate the window LDAP to a new oracle database for user authentication. For example, this is a new test database and we don't have any users created.Now we like to figure out if we created the users with same id as in LDAP userid, how they can be authenticated externally by LDAP. I read and heard some info on OID provided by oracle but need some more step by step info to experiment.
We've been battling with very slow performance for some time. Herewith a detail description of the problem:
Solaris-11/ZFS/Oracle problem
We purchased Oracle T4-2 servers, and are experiencing some weird performance problems.
Hardware: T4-2 2 x 600GB HDD per server 128GB memory per server 2 x dual port QLE2562 FO HBAs IBM V7000 StorWyse data array 2 x CISCO MDS 9148 fibre optic fabric switches Software: Solaris 11.1 MPXIO Solaris 10 branded local zones ORACLE 10g Enterprise edition Project for the oracle user: user.oracle:100::oracle::process.max-file-descriptor=(basic,8192,deny);process.max-stack-size=(priv,32768,deny);project.max-shm-memory=(priv,21474836480,deny)
We received the first server and wanted to migrate our APPB application system and Oracle 10g Standard Edition database from our SUN T5240 to the T4-2.
T4-2 setup � Disk 0: Global zone: Solaris 11.1 ( ZFS - whole disk for the root pool) Local zones: On the Solaris 11 environment we built two branded Solaris 10 zones using an Oracle template provided on the Oracle website - solaris-10u11-sparc.bin.
Our complete database resides on the IBM data array, in UFS LUNs.The UFS LUNs were mounted onto ZFS mount-points in the root partition (/), and then LOFS mounted into the zones.
We started with the Solaris 11.1 environment.
1)After a day or two the performance of the database starts deteriorating rapidly. We then stop the database and reboot the machine. After the reboot the performance level is restored. 2)Another huge deterioration in performance happens when we unmount the V7000 LUNs, and reboot to the alternate Solaris, and re-mount the LUNs. 3)What further compounds the issue is that when we start another the database in the second zone, we see another huge performance degradation. 4)We have logged a call with ORACLE. They requested us to gather information which was analysed by them. They did not find anything wrong with the way ORACLE was installed and the setup of the instances.
On Disk 1 we did a Solaris 10 8/11 (Update 10) installation, which we patched with the April 2013 CPU patchset. In this Solaris 10 global zone we built two native Solaris 10 local zones. The Oracle 10g databases were built in the zones (same configurations settings) not in the global zone, onto UFS LUNs. The database in its entirety lives on the IBM V7000 data array. This works fine.
We then received our next T4-2 server.Loaded it again with Solaris 11.1, and upgraded to ORACLE 12c SE Release 12.1.0.1.0 - 64bit12xxx seeing that Oracle 10 is not certified on Solaris 11. To keep things simple, we built two small databases in the ZFS root pool. The complete system now resides on one disk no UFS LUNs to consider, no Fibre Optic fabric, no CISCO switches, no IBM data array, BUT we get the same problem. The system will run for some time and then slow down drastically. Starting the second database slows the system down abnormally.
When a user is renamed in Active Directory, they can no longer connect to the Oracle DB thru OS authentication. There is no OID/DIP integration.
sqlnet.ora SQLNET.AUTHENTICATION_SERVICES = (NTS) NAMES.DIRECTORY_PATH= (TNSNAMES, HOSTNAME) NAMES.DEFAULT_DOMAIN = cal.com.br create user "CALRENATOH" IDENTIFIED EXTERNALLY GRANT CREATE SESSION TO "CALRENATOH" AD User CALRENATOH can connect to DB as 'sqlplus /'
But after renaming AD User CALRENATOH to CALRENATOH1 and dropping DB user CALRENATOH and creating DB user CALRENATOH1 drop user "CALRENATOH"; create user "CALRENATOH1" IDENTIFIED EXTERNALLY;
Now OS authentication 'sqlplus /' fails 'ORA-01017: invalid username/password; logon denied'..Once I recreate the DB user with old AD user name 'CALRENATOH', OS authentication succeeds. create user "CALRENATOH" IDENTIFIED EXTERNALLY;
C:Windowssystem32>set username USERNAME=RENATOH1 C:Windowssystem32>sqlplus /@rmlab001 SQL*Plus: Release 11.1.0.6.0 - Production on Tue Jul 3 15:16:46 2012 Copyright (c) 1982, 2007, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production With the Partitioning and OLAP options
Why the Database is still looking for old AD user name? Does Oracle cache information about OS authenticated users?
We have an issue regarding OS level authentication to access Oracle 11gR2(11.2.0.1) database.
Our environment - UNIX - AIX 5.3 (OS user id password is having kerberos security). Oracle 11.2.0.1 (32 bit client) installed in server 1 Oracle 11.2.0.1 (64 bit server) installed in server 2. Everything works fine when we created a general userid test_db in the database and connect through sqlplus test_db@dbname.
But when we try to use the option of OS level authentication using "sqlplus /", it throws following error and could not be connected.
ERROR: ORA-12545: Connect failed because target host or object does not exist
I have created the same OS user name in database (with external password authentication) with prefix OPS$. we have set ORACLE_SID as well.
I'm trying to set up Active Database Duplication between 2 Oracle 11g servers. Each server is identical, with the following characteristics:
- OS: Windows Server 2008 - Version: Ora11R2 (64 bit) - DB Name: orcl - Filesystem: asm (using grid infrastructure)
In addition, each server has been configured with the same sys passwords. The databases themselves were configured during installation (so the setups are about as basic as you can get.)
Now, I've done all sorts of research into how to do this. I've found plenty of good sources, but they seem to all have differences in the details.Here's what I've done so far:
- The TNSNames.ora file on each server has an entry for 'src' and 'dest' (sourca and destination) respectively - I created an entry named 'SID_LIST_LISTENER' in the listner.ora file on the source machine. However, should the sid_name in this entry refer to the source or destination machine? Or does this listener entry belong on the destination machine instead? - A lot of the examples require the setup of a new password file and spfile. Are these entries necessary if I'm using the same file structures/user names/etc. on both servers?
