RE: Radius/Oracle
- From: "Debi Lorraine" <dlorraine@xxxxxxxxxxx>
- To: <MGiuliani@xxxxxxxxxxxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 13 Jun 2007 08:17:02 -0700
Sorry for the late response. Did you ever get this issue resolved? I
use radius authentication in some of our databases. It appears you have
all the oracle pieces configured correctly. Our radius server is set up
and maintained by others. You might try a simpler password and verify
that it doesn't have symbols.
Debi
________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Marc Giuliani
Sent: Monday, June 11, 2007 6:54 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Radius/Oracle
Hello,
Has anyone had any experience with Radius and Oracle? I am having an
issue getting Oracle and Radius to communicate correctly.
I have Oracle 10G installed on RHEL Linux 4 ES and also have Radius
installed on the same server. Radius is in turn connecting to LDAP and I
verified using the radtest and radclient utilities that there is a
successful connection and authentication between Radius and LDAP.
I have verified using the adapters command that the Radius adapters are
installed for Oracle.
I have created a user identified externally and granted connect and
resource and when I attempt to connect I get an invalid id/password
error...although when using the radius test utilities with the same
password it works.
I have verified that the remote_os_auth=false and os_authent_prefix= "
".
When I attempt an Oracle Sqlplus connection using the id I created the
Radius server log has this message:
"WARNING: Unprintable characters in the password. ? Double-check the
shared secret on the server and the NAS!"
I have verified the "secret" on the Radius server in the clients.conf
matches the data in the radius.key file on the Oracle Server and I used
netmgr to create the the sqlnet.ora file and it has:
SQLNET.RADIUS_AUTHENTICATION = <correct ip address>
SQLNET.RADIUS_AUTHENTICATION_PORT = 1812
SQLNET.RADIUS_SECRET =
/u01/app/oracle/product/10.2.0/RACF2/network/security/radius.key
SQLNET.RADIUS_AUTHENTICATION_TIMEOUT = 10
SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, RADIUS, NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
Looking at a trace file the lines that stand out are:
[08-JUN-2007 15:55:51:153] nspsend: 00 00 35 4F 52 41 2D 32 |..5ORA-2|
[08-JUN-2007 15:55:51:153] nspsend: 38 30 33 35 3A 20 43 61 |8035:.Ca|
[08-JUN-2007 15:55:51:153] nspsend: 6E 6E 6F 74 20 47 65 74 |nnot.Get|
[08-JUN-2007 15:55:51:153] nspsend: 20 53 65 73 73 69 6F 6E |.Session|
[08-JUN-2007 15:55:51:153] nspsend: 20 4B 65 79 20 66 6F 72 |.Key.for|
[08-JUN-2007 15:55:51:153] nspsend: 20 41 75 74 68 65 6E 74 |.Authent|
[08-JUN-2007 15:55:51:153] nspsend: 69 63 61 74 69 6F 6E 0A |ication.|
Which seems to indicate a problem getting the radius.key value, I
think...
I have already opened a TAR with Oracle support however after over 3
weeks with out any solutions I thought I would pursue other avenues...
Any ideas or suggestions would be greatly appreciated.
thx Marc
Other related posts:
