I have been using oracle based database security but company now wants to handle with windows authentication.I have windows os 2008 R2 and oracle 11.2.0.3.
I also have set up the SQLNET.AUTHENTICATION_SERVICES= (NTS).I created user with create user "domainusername" identified Externally! but now how can i connection from application to database!
When a user is renamed in Active Directory, they can no longer connect to the Oracle DB thru OS authentication. There is no OID/DIP integration.
sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, HOSTNAME)
NAMES.DEFAULT_DOMAIN = cal.com.br
create user "CALRENATOH" IDENTIFIED EXTERNALLY
GRANT CREATE SESSION TO "CALRENATOH"
AD User CALRENATOH can connect to DB as 'sqlplus /'
But after renaming AD User CALRENATOH to CALRENATOH1 and dropping DB user CALRENATOH and creating DB user CALRENATOH1 drop user "CALRENATOH"; create user "CALRENATOH1" IDENTIFIED EXTERNALLY;
Now OS authentication 'sqlplus /' fails 'ORA-01017: invalid username/password; logon denied'..Once I recreate the DB user with old AD user name 'CALRENATOH', OS authentication succeeds. create user "CALRENATOH" IDENTIFIED EXTERNALLY;
C:Windowssystem32>set username
USERNAME=RENATOH1
C:Windowssystem32>sqlplus /@rmlab001
SQL*Plus: Release 11.1.0.6.0 - Production on Tue Jul 3 15:16:46 2012
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning and OLAP options
Why the Database is still looking for old AD user name? Does Oracle cache information about OS authenticated users?
I have oracle 10g up and running on Solaris 10, from windows I would like to connect to sql plus through windows authentication, for that I have already made sure that remote_auth = true and have created user in oracle with OPS$. But still I cannot connect.
I have the same setup but with oracle on windows server, the os authentication from windows clients works just fine.
does oracle 10g on solaris 10 supports windows os authentication?
I have oracle database server set with Windows NT authentication. How can I get rid of this kind of authentication as this is holding up additional Windows Domain with its own PDS and so on. Or is it possible to move Oracle Database server to a different Domain and authentication to be coming from new domain?
View 4 Replies View RelatedCan application connect with windows authentication to oracle 11.2.0.3 database? if so then how can i set it up!
View 3 Replies View RelatedJust installed the new 2.0.8 version. Its been a while I am interested on using PM for our company.The problem I have is creating an Oracle DB connection. When I create a new Oracle DB connection, and test it, Steps 3 and 4 fail.What is strange is that I followed the following procedure in PM 1.9-825 and worked fine. I am wondering if something changed in the new PM 2.0.8 version (I noticed that php_oci8.dll was commented out in php.ini).
Oracle Version is 10GR2
PM installed on clean XP sp3
1. Got a new Windows XP SP3 PC
2. Installed PM 2.0.8
3. Edited php.ini and uncommented [PHP_OCI8] and extension=php_oci8.dll
4. Installed oracle instant client “instantclient-basic-win32-10.2.0.5” in c:oracle
5. Installed oracle instant client “instantclient-sqlplus-win32-10.2.0.4” in c:oracle
6. Added c:oracle in PATH environment variable
7. Created ORACLE_HOME = c:oracle environment variable
8. Added TNS_ADMIN = c: environment variable
9. Copied working tnsnames.ora file into c:
10. Rebooted.
-------------------------------------
1. Tried sqlplus connection to my oracle db and worked.
2. Launched PM
3. Created a new process
4. Created a new DB connection as follows:
a. Engine:Oracle
b. Server:192.168.xxx.xxx
c. Database name: my_name (where my_name appears in tns_names.ora)
d. Username:my_username
e. Password:my_password
[code]....
How can i use OS authentication to login db?
SQL> connect / as sysdba
ERROR:
ORA-01031: insufficient privileges
sqlnet.ora text:
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
#SQLNET.AUTHENTICATION_SERVICES = (NTS)
SQLNET.INBOUND_CONNECT_TIMEOUT=1
What is happening here:
c:usersjohnhome>
c:usersjohnhome>orapwd file=%ORACLE_HOME%databasePWDorcl.ora password=oracle
c:usersjohnhome>sqlplus sys/garbage@orcl as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Sat Jan 5 18:25:06 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
orcl> sho user
USER is "SYS"
orcl> select sys_context('userenv','ip_address') from dual;
SYS_CONTEXT('USERENV','IP_ADDRESS')
---------------------------------------------------------------------------------------------------
127.0.0.1
orcl>Why can I get a sys login, when I am connecting through the listener and giving an incorrect password? The listening address is a loopback address, is Oracle clever enough to realize that I am in fact logged on to the server as a member of the OSDBA group? I didn't think that information was passed through SQL*Net.
We like to integrate the window LDAP to a new oracle database for user authentication. For example, this is a new test database and we don't have any users created.Now we like to figure out if we created the users with same id as in LDAP userid, how they can be authenticated externally by LDAP. I read and heard some info on OID provided by oracle but need some more step by step info to experiment.
View 3 Replies View RelatedI'd like to have my 11g database authenticate users against an OpenLDAP service. We'd still create accounts in the database, and do authorization within the database, but I'd just want to the user's passwords authenticated externally, against the OpenLDAP service. Is this possible? My searching through these forums and Google seems to indicate that you can do it if you run an Oracle Internet Directory (OID) service. I do not want to have to install and maintain an Oracle Internet Directory service. I'd like to do it without it.
I have a working PL/SQL function (below) that can authenticate a passed in username & password against our OpenLDAP directory. Is there any way for me to have Oracle call this function for the database user authentication? Or is there any other way for me to get the Oracle database to directly authenticate against OpenLDAP without having to run OID?
create or replace function ldap_authenticate(username varchar2, password varchar2)
return boolean is
begin
begin
if dbms_ldap.success = dbms_ldap.simple_bind_s(
[code]........
error regarding oracle connection
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim oradb As String = "Data Source=CallTaxi; UserName = SCOTT; Password=TIGER ;"
Dim conn As New OracleConnection(oradb)
conn.Open()
Dim cmd As New OracleCommand
[code]...
Error msg:
The type initializer for 'Oracle.DataAccess.Client.OracleConnection' threw an exception.
I'm having great difficulty connecting to two separate databases on my PC. Here are the details.
c:>echo %TNS_ADMIN%
C:TNS_ADMIN
#C:TNS_ADMIN nsnames.ora
XE =
(DESCRIPTION =
[code]...
I know how to use database links in various forms, but I've been trying to think through how the authentication works for a connected user link in 11g. If I create the link like this,create public database link using 'orcl';then any user can use the link, provided they have an identical username/password in the two databases. With pre-11g passwords, it was understandable: the password was salted with the username, so the hash of the password would be the same in both databases, and I assumed that the logon through the link used some sort of IDENTIFIED BY VALUES mechanism. But in 11g, the salt will different in the two databases. So the hash will be different. And of course Oracle never stores the actual password. So I don't see how the authentication works.
View 4 Replies View RelatedI have an Oracle database (9.2.0.7) installed on a HP-UX server.When trying to access this database from another HP-UX or Linux server, connection is fine. But when trying to connect from a Windows based client, connection is very slow (almost 1 minute to return the result of a 'select count(*)' like query, which is immediate from the Linux client).
Here are some facts I can add :
- Clients and servers are on the same network segment (it is not a network matter)
- No matter which client version I use, there no difference
- I tried to know what happens on the Oracle server when performing my sample query using tusc command : the result is that the server is performing exactly the same actions when sending my query from a Linux client or a Windows client
- The only relevant difference seems to be the client OS
I have newly installed Oracle 11g R2 64 bits to window 8 PRo 64 bits. Able to connection successfully Oracle NEt Configuration Assistant service name.
But when I try to connect it Toad 9.6 32 bits its show error message
ORA-06413: Connection not open
I have set password on the listener and set the local_os_authentication parameter to "OFF", whenever i start/stop listener through "lsnrctl" ,it works fine and asks for password but i can stop/start listener through windows services without giving any password.
what is the use of setting password on listener if any body can start/stop it through services utility in windows xp sp3.
Lost Windows password? Forgot Windows password? Your PC was hacked? Therefore, it is a basic step for every Windows users to enhance the security of Windows password. In the networks, it is found that a number of user's passwords are easy to guess. Only the smallest groups are the most security conscious and select passwords that are mixed lowercase and uppercase letters, numbers and punctuation to create cryptic passwords. Adopting strong password is one of the most effective ways to ensure system security. Here are several methods for you to enhance the security of your passwords in Windows 7/2000/XP/Vista and so on. You'd better remember the methods below unless you want to reset Windows password from time to time.
1. Is random password a great password?
A common myth is that totally random passwords like Ht3&e#L%5d@$B are the best passwords. This is not true. While they may be strong passwords, they are usually difficult to remember, slow to type, and sometimes vulnerable to attacks against the password generating algorithm. It is easy to create passwords that are strong but much easier to remember by using a few simple techniques. For example, consider the password "Luck-73@Better?". This password utilizes uppercase and lowercase letters, two numbers, and three symbols. The password is 15 characters long and can be memorized with very little effort. Moreover, this password can be typed very fast. The portion"Luck" and "Better" alternate between left and right-handed keys on the keyboard, improving speed, decreasing typos, and decreasing the chances of someone being able to discover your password by watching you.
2. Create the long Windows password
Although a password may eventually be discovered through some means, it is possible to create a password that cannot be cracked in any reasonable time. If a password is long enough, it will take so long or require so much processing power to crack it. That is essentially the same as being unbreakable (at least for most hackers).
3. Create the Windows password constantly?
This may be good advice for some high-risk passwords, but it is not the best policy for every user. It is frustrating for a user to have to constantly think of and remember new passwords every 30 days. It may be better to focus on stronger passwords and better user awareness rather than limiting password age. A more realistic time for the common user may be 90-120 days.
4. Write down Windows password in a proper place
Sometimes it is necessary for some users losing and forgetting complex passwords easily to write down them somewhere proper. However, it is important to educate users on how to write down passwords properly. Obviously, a sticky note on the monitor is not a good idea, but storing passwords in a safe or even a locked cabinet may be sufficient.
5. 14 characters is the optimal password length
Each character that you add to your password increases the protection. Your passwords should be 8 or more characters in length; 14 characters or longer is the Optimal Password Length. Many systems also support use of the space bar in passwords, so you can create a phrase made of many words. It is not easier to forget and lose, as well as longer than a simple password, and harder to guess.
6. Try not to use the same Windows password for all accounts
Some users always make the same passwords for every account to make it easy to remember. In that case, when any one of them lost, your other information protected by that password will be in danger as well. It is serious to use different passwords for different systems and accounts.
7. Do not use some common words that other users maybe guess
Most of users prefer to use some common words to remember easily, for example, login name, birth date, driver's license, passport number, pets' name and other words contained their personal information someone knows. In that case, your Windows system will not be safe anymore. Moreover, do remember not to use some words spelled backwards, abbreviations, sequences or repeated characters and adjacent letters, such as, asdfgh, 123456, 888888, abcdef and so on.
You can smoothly use your Windows now because the strong and powerful Windows password is created successfully, Certainly, I believe that many users lost Windows password and forgot Windows password, then you need have to reset Windows password or recover Windows password. It is a big problem for plenty of Windows users that how to reset Windows password. how to recover Windows password and they are puzzled by resetting windows password, for instance, reset Windows 7 password, recover password Windows XP, remove Windows Vista password and other operating systems after they create the password with complex letters, numbers and symbols. However, it is unnecessary to worry and it is said that things will eventually sort themselves out. There are many ways to reset forgotten Windows password, including use windows password reset disk and windows password reset software, like Super Windows Password Reset, a professional windows password reset software which could enable you to logon to Windows smoothly without reinstalling system.
while testing SYS remote connection in our staging server. Executing the command below is OK:
sqlplus sys/<password>@sales as sysdba
While this is mind-boggling for me...
sqlplus sys@sales as sysdba
Enter password:
ERROR:
ORA-01017: Message 1017 not found; No message file for product=RDBMS,
facility=ORA
Enter user-name:
ERROR:
Error while trying to retrieve text for error ORA-01017
I entered the correct password.I've been simulating this for a couple of times, even tried the copy-and-paste method.
When I use Forms_ddl('set role My_Role IDENTIFIED BY PWD'); in form's "When-New-From-Instance" to grant a role to a user.
What should I do for the same for a report?
Is there any way to grant roles to a session on the time of connection?
I want to audit user connection on my reporting database, and send a report to application team on monthly basis, with a list of users who are not connected for a month and remove them.
What would be best method, i know there is LOGON trigger, or database level auditing.
We are trying to implement the following security to our database.
As of now, the access rights are same for all the windows users logging into the Oracle application with the same Oracle user Id.
But now, we want to improve our security by granting different levels of rights to the users based on their Network Id even though they use the same Oracle User Id to log into the application.
We are not looking for the users to be identified externally.
(CREATE USER "OPS$ORACLE-BASE.COMTIM_HALL" IDENTIFIED EXTERNALLY;
GRANT CONNECT TO "OPS$ORACLE-BASE.COMTIM_HALL";
)
I have an issue with an Oracle 9 database where I can connect if I do not specify a database to connect to but when i do specify one i get an error. For example, my database is called WEB. If i open sqlplus and type connect username/password it will connect fine. If I type connect username/ password @web I get an error.The full error that appears in the log is:
TNS-12500: TNS:listener failed to start a dedicated server process
TNS-12546: TNS:permission denied
TNS-12560: TNS:protocol adapter error
TNS-00516: Permission denied
32-bit Windows Error: 5: Input/output error
I have checked the tns entries and listener file and both are fine. Here are the entries:
TNSNAMES:
WEB =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = web)
)
)
[code]....
I Develop Application with C# . I want to connect from Client to Server.
my connection string is ""Data Source=192.168.100.50:1521/XE;User Id=system;Password=system;Min Pool Size=10;Connection Lifetime=120;Connection Timeout=60;Incr Pool Size=5;Decr Pool Size=2;""
When exectue this Connection on Server ، all things OK but when execute on Client this error accure :
"Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately. The type initializer for 'OracelExperss' threw an exception"
TOAD 8.6.1 has an option of showing windows by connection. It is useful when there are multiple connections and, choosing one of these, all windows that belong to other connections are minimized.
Its icon looks like this:
Does TOAD 9.1 have the same option? I'm unable to locate it in options, toolbar customizations or elsewhere.
TOAD 9.5 Release Notes document says that "'Connection list' dropdown button has been restored and can be added to the Toad toolbar.". If I understand it correctly, it says that previous version didn't have that dropdown button, but 9.5 does.
In another words ... 9.1 might not have it at all.
We are facing an surprising problem in oracle 10g database. Previously we are able to connect our Oracle 10g database using os authentication with "sqlplus / as sysdba" command. Last wednesday in our linux server maximum number of processes have overflowed and we need to increase the soft limit of our linux server. After that without restarting database every applications [OID 10g] are working fine. But, we are not able to connect with system using OS authentication. It is showing following.
$ export ORACLE_HOME=/a01/OID$ export ORACLE_SID=OID$ export PATH=$PATH:/a01/OID/bin$ sqlplus / as sysdbaSQL*Plus: Release 10.1.0.5.0 - Production on Tue Sep 10 06:45:08 2013Copyright (c) 1982, 2005, Oracle. All rights reserved.Connected to an idle instance.SQL>
Whereas I can connect with instance after providing @OID [SID]$ sqlplus sys@OID as sysdbaSQL*Plus: Release 10.1.0.5.0 - Production on Tue Sep 10 06:47:07 2013Copyright (c) 1982, 2005, Oracle. All rights reserved.Enter password:Connected to:Oracle Database 10g Enterprise Edition Release 10.1.0.5.0 - ProductionWith the Partitioning, OLAP and Data Mining optionsSQL> What am I missing. How can I connect with system with "sqlplus / as sysdba" command?
Any documentation supporting Oracle 11G and Advanced Security stating encryption at rest is FIPS 140-2 compliant?
View 3 Replies View RelatedIn Sybase, my application was using system tables to perform application login security. Those tables obviously don't exist in Oracle. I am looking for ways to provide the following functionality in an Oracle world:
1. How to determine 'x' days of inactivity based on "last login date"?
2. How to determine when a new user logs in for the first time and force them to change their password?
3. If we need to reset a users password, how can we require the user to change their password?
4. Is there any other option other than storing a user-id/password in the application code for locking a user's account if their account needs to be locked due to inactivity?
5. In the USER_USERS view there is a status column. What the different status's can be?
Is there a way to have separate wallets for each windows user? Well, I have found a way, but does not seem to work always properly and that is with %USERNAME% environment variable.
This is how our customer want's to have - so separate wallet for each windows user, how to accomplish this without using %USERNAME%?
We have an issue regarding OS level authentication to access Oracle 11gR2(11.2.0.1) database.
Our environment -
UNIX - AIX 5.3 (OS user id password is having kerberos security).
Oracle 11.2.0.1 (32 bit client) installed in server 1
Oracle 11.2.0.1 (64 bit server) installed in server 2.
Everything works fine when we created a general userid test_db in the database and connect through sqlplus test_db@dbname.
But when we try to use the option of OS level authentication using "sqlplus /", it throws following error and could not be connected.
ERROR: ORA-12545: Connect failed because target host or object does not exist
I have created the same OS user name in database (with external password authentication) with prefix OPS$. we have set ORACLE_SID as well.
I am using SSO login for Authorizations. Would like make use of SSO for creating authentication schema. My main requirement is to assign privilege based on users using SSO loging.
View 0 Replies View Related