Re: Re: OS authentication; remote login; domain qualification
I added the parameter to registry OSAUTH_PREFIX_DOMAIN=true but it didn't help. Any other place where i can see..? Thanks and Regards B S Pradhan --- On Mon, 19 Jan 2004 Jared Still wrote : You must set OSAUTH_PREFIX_DOMAIN=true in the registry to use externally identified domain accounts. I can't recall if the default value is true or false, but try setting it explicitly. Jared On Sun, 2004-01-18 at 05:49, bhabani s pradhan wrote: Hi All, The client machine is an NT machine and it belongs to a domain GALAXY Oracle Db server is on Solaris. client sqlnet.ora has the following setting: NAMES.DIRECTORY_PATH= (TNSNAMES) LOG_DIRECTORY_CLIENT=c:\oracle\ora81\network\log USE_DEDICATED_SERVER=ON SQLNET_AUTHENTICATION_SERVICES=NTS initialization parameters: REMOTE_OS_AUTHENT=TRUE os_authent_prefix = - with an user name Without the domain remote connection is possible.. ** SQL create user USER1 identified externally 2 default tablespace ts1 3 temporary tablespace TEMP; User created. SQL grant connect to USER1; Grant succeeded. C:\sqlplus /@sn1 SQL*Plus: Release 8.1.7.0.0 - Production on Tue Dec 30 15:51:45 2003 (c) Copyright 2000 Oracle GALAXYoration. All rights reserved. Connected to: Oracle8i Enterprise Edition Release 8.1.7.4.0 - 64bit Production With the Partitioning option JServer Release 8.1.7.4.0 - 64bit Production SQL show user USER is USER1 SQL select username, osuser from v$session; USERNAME OSUSER -- -- SYS oracle USER1 USER1 *** But when i try the username with the NT domain it fails to connect remotely: * SQL create user GALAXY\USER1 identified externally 2 default tablespace ts1 3 temporary tablespace TEMP; User created. SQL grant connect to GALAXY\USER1; Grant succeeded. When I connect try using sqlplus /@sn1 it fails C:\sqlplus /@sn1 SQL*Plus: Release 8.1.7.0.0 - Production on Tue Dec 30 15:49:56 2003 (c) Copyright 2000 Oracle GALAXYoration. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied What I think issue here is, the connection is thru tns-listener and the NT domain and the server machine are different. Is there any solution for this / Is it possible to connect the remote unix DB server with OS authentication from an NT client with domain name ? Thanks and Regareds B S Pradhan -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Jared Still INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Re: OS authentication; remote login; domain qualification
Hi Thanks for the info. Let me try this. Regards, B S Pradhan --- On Mon, 19 Jan 2004 Jared Still wrote : You must set OSAUTH_PREFIX_DOMAIN=true in the registry to use externally identified domain accounts. I can't recall if the default value is true or false, but try setting it explicitly. Jared On Sun, 2004-01-18 at 05:49, bhabani s pradhan wrote: Hi All, The client machine is an NT machine and it belongs to a domain GALAXY Oracle Db server is on Solaris. client sqlnet.ora has the following setting: NAMES.DIRECTORY_PATH= (TNSNAMES) LOG_DIRECTORY_CLIENT=c:\oracle\ora81\network\log USE_DEDICATED_SERVER=ON SQLNET_AUTHENTICATION_SERVICES=NTS initialization parameters: REMOTE_OS_AUTHENT=TRUE os_authent_prefix = - with an user name Without the domain remote connection is possible.. ** SQL create user USER1 identified externally 2 default tablespace ts1 3 temporary tablespace TEMP; User created. SQL grant connect to USER1; Grant succeeded. C:\sqlplus /@sn1 SQL*Plus: Release 8.1.7.0.0 - Production on Tue Dec 30 15:51:45 2003 (c) Copyright 2000 Oracle GALAXYoration. All rights reserved. Connected to: Oracle8i Enterprise Edition Release 8.1.7.4.0 - 64bit Production With the Partitioning option JServer Release 8.1.7.4.0 - 64bit Production SQL show user USER is USER1 SQL select username, osuser from v$session; USERNAME OSUSER -- -- SYS oracle USER1 USER1 *** But when i try the username with the NT domain it fails to connect remotely: * SQL create user GALAXY\USER1 identified externally 2 default tablespace ts1 3 temporary tablespace TEMP; User created. SQL grant connect to GALAXY\USER1; Grant succeeded. When I connect try using sqlplus /@sn1 it fails C:\sqlplus /@sn1 SQL*Plus: Release 8.1.7.0.0 - Production on Tue Dec 30 15:49:56 2003 (c) Copyright 2000 Oracle GALAXYoration. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied What I think issue here is, the connection is thru tns-listener and the NT domain and the server machine are different. Is there any solution for this / Is it possible to connect the remote unix DB server with OS authentication from an NT client with domain name ? Thanks and Regareds B S Pradhan -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Jared Still INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: OS authentication; remote login; domain qualification
You must set OSAUTH_PREFIX_DOMAIN=true in the registry to use externally identified domain accounts. I can't recall if the default value is true or false, but try setting it explicitly. Jared On Sun, 2004-01-18 at 05:49, bhabani s pradhan wrote: Hi All, The client machine is an NT machine and it belongs to a domain GALAXY Oracle Db server is on Solaris. client sqlnet.ora has the following setting: NAMES.DIRECTORY_PATH= (TNSNAMES) LOG_DIRECTORY_CLIENT=c:\oracle\ora81\network\log USE_DEDICATED_SERVER=ON SQLNET_AUTHENTICATION_SERVICES=NTS initialization parameters: REMOTE_OS_AUTHENT=TRUE os_authent_prefix = - with an user name Without the domain remote connection is possible.. ** SQL create user USER1 identified externally 2 default tablespace ts1 3 temporary tablespace TEMP; User created. SQL grant connect to USER1; Grant succeeded. C:\sqlplus /@sn1 SQL*Plus: Release 8.1.7.0.0 - Production on Tue Dec 30 15:51:45 2003 (c) Copyright 2000 Oracle GALAXYoration. All rights reserved. Connected to: Oracle8i Enterprise Edition Release 8.1.7.4.0 - 64bit Production With the Partitioning option JServer Release 8.1.7.4.0 - 64bit Production SQL show user USER is USER1 SQL select username, osuser from v$session; USERNAME OSUSER -- -- SYS oracle USER1 USER1 *** But when i try the username with the NT domain it fails to connect remotely: * SQL create user GALAXY\USER1 identified externally 2 default tablespace ts1 3 temporary tablespace TEMP; User created. SQL grant connect to GALAXY\USER1; Grant succeeded. When I connect try using sqlplus /@sn1 it fails C:\sqlplus /@sn1 SQL*Plus: Release 8.1.7.0.0 - Production on Tue Dec 30 15:49:56 2003 (c) Copyright 2000 Oracle GALAXYoration. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied What I think issue here is, the connection is thru tns-listener and the NT domain and the server machine are different. Is there any solution for this / Is it possible to connect the remote unix DB server with OS authentication from an NT client with domain name ? Thanks and Regareds B S Pradhan -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Jared Still INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: os authentication
hello I'd advize you to go through the oracle ee security manual - there are several points to be considered. e.g. starting options of the instance set in initinstance.ora or spfile. then you can distinguish between ... different types of logins ... with or without ssl ... ... with or without OID that's what I know offhand. Apologies for any typing mistakes I failed to notice. Markus Reger Oracle Applications DBA Webmaster MBC University for Music and Performing Art Vienna [EMAIL PROTECTED] 02/16/03 06:13 AM Hi DBA's Can somebody clarify the flwng: DB: 9.x OS: solaris 2.8 1. To setup OS authentication we need to grant either OSDBA or OSOPER to OS account( OS oracle a/c)? so that we can connect to DB as sqlplus / as sysdba and we dont require a password file for this. is this true ? or anything to be added this statement ? 2. If we are not using OS authentication , then we setup a password file (exclusive) and connect to database to do a startup, we issue sqlplus sys as sysdba passwd: My doubt is, whether the above entry (password: verifies the sys password ( if yes, from where it verifies ? ) I connected to DB successfully using sqlplus sys as sysdba without giving any password. (it also accepted anything like abc, xyz, 123 etc.,) I am not clear how this works ? Can somebody clarify the above. Thanks in advance, Srinivas __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: kommareddy sreenivasa INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Markus Reger INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: OS Authentication on Win2K
run: select username from dba_users where password = 'EXTERNAL' Is there a user that matches the currently logged on Win2k account? Is it a domain account? It needs to be a local account, as I don't think you can use a domain account without also using 'remote_os_authent=true'. At least, it doesn't work for me that way. I've only used external auth with local accounts. HTH Jared Mike Sardina [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 10/30/2002 09:24 AM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc: Subject:OS Authentication on Win2K I am having problems getting OS authentication to work on a Win2K oracle server (8.1.7.1.1). All parameters are set properly (from what I can see). There cannot be a prefix so the following parameter is set as follows: os_authent_prefix = I need to be able to log into the server as a user identified externally and just type sqlplus / for access. It is also necessary for the users identified externally to be able to use a password as well. Any suggestions? Anyone else run into problems with this? -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Mike Sardin INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: OS authentication
I usually don't bother to set os_authent_prefix. Its not necessary. Instead make sure OSAUTH_PREFIX_DOMAIN is set to TRUE and prefix the user with the domain name. create user DOMAIN-NAME\USERNAME identified externally. That way the user has to actually authenticate to the domain to be given access. Otherwise its fairly easy to spoof that username and gain access to the database. You'll have to set SQLNET.AUTHENTICATION_SERVICES=(NTS) in sqlnet.ora on the clients. HTH, Beth -Original Message- Sent: Tuesday, October 15, 2002 9:43 PM To: Multiple recipients of list ORACLE-L I want to use OS authentication. On the server side (Windows2000), does the user need to be created as OPS$USERNAME or just USERNAME? For authentication, do they need to be added to any other group besides User? Is there anything else that needs to be done for authentication to work? In the init, I have os_authent_prefix = OPS$. I created the user as Create OPS$USERNAME identified externally; -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Eric Richmon INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Seefelt, Beth INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).