I have set up an externally identified user for our Oracle 10g (10.2.0.3) database like this:
CREATE USER "OPS$DOMAIN\USER" IDENTIFIED EXTERNALLY;
Now I am trying to connect from a 10.2.0.1 sqlplus client using
connect /#TNS_NAME;
however I get
Invalid username/password.
[Edited]
Here is all the information I can currently give on this issue:
There are two virtualized Windows 2003 Servers, each running their own Oracle 10.2.0.3 database
There are two virtualized Windows XP Clients with the Oracle Client 10.2.0.1
All four machines are on the same virtual host and within the same domain
The same user is used to log in on both clients
Client 1 can use OS authentication to connect to Server 1
Client 1 cannot connect to Server 2 with OS authentication
Client 2 cannot connect to either database server with OS authentication
Both Clients can connect to either database server with schema owner/password
Four months ago, Client 2 could connect to Client 2 with OS authentication. I cannot tell if Client1->Server2 and Client2->Server1 worked, but I am almost certain it did.
Things I have considered:
I double checked the os_authent_prefix, which is "OPS$"
I tried recreating the user, and made sure everything was written in caps (we had problems in the past when we didn't have all caps)
I tried granting the create session privilege (someone suggested that somewhere; didn't help)
What could I be missing / What else could I try?
PS: Database security is not a concern here; I know OS Authentication is kind of insecure.
Since the problem is happening at the client can you please check the below parameter in sqlnet.ora file in the client machine
SQLNET.AUTHENTICATION_SERVICES= (NTS)
Even after that it does not work you can refer this article on os-authentication to check if any step is missing
Related
I have a database Connection established in odbcad and Microsoft Access (aswell as working in Excel) via ODBC and want to also get it working in Oracle SQL developer.
It is a Windows SQL Server as far as i know and I have tried several Settings, of which None works. I have also installed Driver for ODBC. I would like to Import Settings into SQL developer as applied in MS Access, is there any possibility?
No, SQL Developer is a Java application and uses a JDBC driver.
But if you look at the odbc properties for your connection, those should largely translate to what you need to define a basic connection.
Oracle:
Server name or IP address of the DB, port # for the listener, and the name of the SID or Service, plus a valid username and password is all you need to connect to Oracle.
What error do you get when you try to connect?
Show us what you're trying.
Update:
You're trying to connect to SQL Server but you're getting"
Native SSPI library not loaded
You're trying to use OS Authentication for your connection. For this to work with the jTDS driver, you need to copy a DLL file named ntlmauth.dll (which is for NT authentication) under the jtds-x.x.x-dist\x86\SSO\ or jtds-x.x.x-dist\x64\SSO\, to any directories in the PATH environment.
Please update your question such that's it's clear you're connecting to SQL Server and share the error message so others can find it.
I imagine this question is a duplicate of many previous iterations of the same challenge.
We have a large SSIS solution with many connection managers pointing to Oracle. Provider is ODBC, data sources are set to defined system DSNs. So far we use user names and passwords and everything works fine. Now we want to switch to Kerberos authentication.
I can already successfully query the Oracle database using sqlplus with Windows authentication.
I'm having hard time achieving the same from SSIS using ODBC connection managers.
Is it possible to reconfigure the ODBC connection managers so they will use Windows authentication? How should be the connection manager configured?
The question is specifically about ODBC, please avoid answers like "use Attunity".
We use MS SQL Server 2016 Enterprise edition, Oracle 12.2.
I finally made it working, hope it helps someone.
I created a new DSN
as User ID I put [OracleUserName]
beware the square brackets! Those are necessary
the OracleUserName is user name configured on Oracle side (I do not know much about Oracle). The DBA configured the AD account to be able to login as this user.
I have a legacy application, which connects to the configured Oracle database.
It seems it has some logic that alters the database credentials as it is unable to successfully log in to the Oracle database, while sqlplus started on the same machine is able to log in.
The error I am getting is: [DataDirect][ODBC Oracle Wire Protocol driver][Oracle]ORA-01017: invalid username/password; logon denied
How to find out what is the database username and password that are sent to the database?
What I have tried so far:
Enabled auditing of failed sign-on attempts on Oracle (audit create session whenever not successful). It does not solve the issue, because it only logs the username, which seems to be correct, without the password.
Used a sniffer to eavesdrop the network traffic between the machine running the application and the database, but since Oracle's TNS protocol is encrypted, it did not help a lot.
Started a server using netcat on port X, provided port X in the application configuration file. The application did connect to my server, that is how I know the application is connecting to the correct server. But since the TNS protocol is pretty complex (requires a series of messages to be exchanged between the client and the server) I hope there is a simpler why of achiving what I want without having to reverse engineer Oracle and implementing my own server.
Enabled tracing of the JDBC driver (Trace=1, TraceFile, TraceDll). The trace file shows the correct username, but obviously the password is not getting logged.
My environment:
Database: Oracle 11g
Application runs on: Solaris
Application uses: DataDirect ODBC Oracle Wire Protocol v70
I not sure, but if connection established by ODBC driver (as described in question tags) then you can try ODBC sniffing tools like ODBC Tracing.
Citation:
Password "Sniffing" Using Trace
ODBC provides a means for tracing the conversation taking place between the driver and the host database. Used by developers for testing purposes, the tracing feature is designed to help programmers find out exactly what is going on and to help fix problems. However, tracing (also called "sniffing") can be used by nefarious bad guys to retrieve user passwords.
When tracing is enabled, communications with the host are written to a file. This includes the user ID and password, which are captured in plain text.
Update
SQLPlus connects to Oracle with OCI interface, but DataDirect ODBC driver uses it's own proprietary implementation of communication protocol. So, most probable point of failure is driver misconfiguration or incompatibility.
DataDirect provides some tools for ODBC drivers diagnostics, but only option applicable to case described in question is using snoop utility, which acts like a netcat which already tried.
Because connection failed at credential verification stage, the most probable source of error is using localized symbols for user name or password. There are some issues with Oracle authentication process, listed in DataDirect Knowledge Search (search for ORA-01017).
It seems that DataDirect provides two separate version of driver with and without Unicode support, therefore one of possible points of failure is to connecting with non-Unicode version of driver to Unicode version of database and vice verse.
P.S. For now I don't have any experience with DataDirect ODBC driver. So it's only suggestions about possible source of failure.
I am trying to setup Kerberos authentication for my Oracle database and I have a situation where I need to maintain different versions of sqlnet.ora for each kerberos user connection. My application is using OCI driver (a single unix process does more than one user connection to the same Oracle database). And I am not able switch sqlnet.ora between user connections using setenv(TNS_ADMIN) call programmatically. I am assuming once the contents of sqlnet.ora gets loaded to process, it remains unchanged for the rest of its life.
Is my case a practical one, has anyone encountered?
When it comes to kerberos, I am not sure why Oracle client restricts the sqlnet.ora to one principal kerberos user. Maybe Oracle does not have a clean support for kerberos as I dont see OCI API's?
Thanks
Srivatsan
I've been working on several JBoss applications where I have everything running on my laptop (Windows XP) including an Oracle database (11g Enterprise Edition). Everything works fine on the laptop.
Now I'm setting up a new, faster machine (running Windows 7 Professional) and the non-XA JBoss apps run fine but the apps requiring an XA connection cannot connect to Oracle. I'm pretty sure it is a problem with my new Oracle installation because I can point the apps to an external Oracle server and they work, but they fail to connect when pointing them my local Oracle database.
I've done a lot of google searches and the only information I can find is that I need to run the script $ORACLE_HOME/rdbms/admin/xaview.sql to create some XA views and I need to grant the following permissions to the user:
GRANT SELECT ON sys.dba_pending_transactions TO <user>;
GRANT SELECT ON sys.pending_trans$ TO <user>;
GRANT SELECT ON sys.dba_2pc_pending TO <user>;
GRANT EXECUTE ON sys.dbms_xa TO <user>;
But after doing all that, I still cannot get the apps to connect.
This is the exception I'm getting:
org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (java.sql.SQLException: Io exception:
The Network Adapter could not establish the connection) at
org.jboss.resource.adapter.jdbc.xa.XAManagedConnectionFactory.createManagedConnection(XAMangedConnectionFactory.java:144) at
org.jboss.resource.connectionmanager.InternalManagedConnectionPool.createConnectionEventLisener(InternalManagedConnectionPool.java:577) at
org.jboss.resource.connectionmanager.InternalManagedConnectionPool.getConnection(InternalManagedConnectionPool.java:262) at
org.jboss.resource.connectionmanager.JBossManagedConnectionPool$BasePool.getConnection(JBossManagedConnectionPool.java:500) at
org.jboss.resource.connectionmanager.BaseConnectionManager2.getManagedConnection(BaseConnectionManager2.java:347) at
org.jboss.resource.connectionmanager.TxConnectionManager.getManagedConnection(TxConnectionManager.java:330) at
org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:402) at
org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:849) at
org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:90) at
org.hibernate.ejb.connection.InjectedDataSourceConnectionProvider.getConnection(InjectedDataSourceConnectionProvider.java:46) at
org.hibernate.cfg.SettingsFactory.buildSettings(SettingsFactory.java:84)
I know this isn't really a programming question, but I was hoping someone had seen this before. Any help would be much appreciated.
I was able to resolve this issue by ensuring that the host name and domain name settings in the LISTENER.ORA file and in the TNSNAMES.ORA file matched. For example, if one had HOST = localhost and the other had HOST = myhost.xyz.com then it would cause problems for XA but not for normal Java JDBC connections. My theory is that some part of the XA stack needed to make an OCI connection that read the TNSNAMES.ORA file but then could not connect because of a mismatch with the Listener configuration. Normal Java JDBC connections don't care about the TNSNAMES.ORA file as they make a direct connection to the listener with their own configuration settings.
I also had to rename some folders from xxx_localhost_yyy to xxx_myhost_yyy to get the Enterprise Manager to work.
To get TOAD to work I had to install the 32 bit client as it will not work with the 64 bit client and I had to configure it's ORACLE_HOME variable in the Windows registry under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Oracle. Apparently Wow6432Node is a special place in the Windows registry for defining values that only 32 bit applications will see.
Anyway, I'm relieved to have it all working.
Well, can you connect using a sql client to this database ?