RE: Radius/Oracle

  • From: "Marc Giuliani" <MGiuliani@xxxxxxxxxxxxxxxxxx>
  • To: "Debi Lorraine" <dlorraine@xxxxxxxxxxx>, oracle-l@xxxxxxxxxxxxx
  • Date: Wed, 13 Jun 2007 12:48:00 -0400

Thank you Debi,

After changing the key about 25 times, and making it shorter than 15 char's 
(it was 17 char's), and removing the special characters it seems to be 
working now.

Thanks for your advice.

Marc

 


-----Original Message-----
From: "Debi Lorraine" <dlorraine@xxxxxxxxxxx>
To: <MGiuliani@xxxxxxxxxxxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
Date: Wed, 13 Jun 2007 08:17:02 -0700
Subject: RE: Radius/Oracle


Sorry for the late response.  Did you ever get this issue resolved? I use 
radius authentication in some of our databases.  It appears you have all the 
oracle pieces configured correctly.  Our radius server is set up and 
maintained by others.  You might try a simpler password and verify that it 
doesn’t have symbols.  
Debi
 



From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] 
On Behalf Of Marc Giuliani
Sent: Monday, June 11, 2007 6:54 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Radius/Oracle
 

  Hello,
Has anyone had any experience with Radius and Oracle? I am having an issue 
getting Oracle and Radius to communicate correctly. 
I have Oracle 10G installed on RHEL Linux 4 ES and also have Radius 
installed on the same server. Radius is in turn connecting to LDAP and I 
verified using the radtest and radclient utilities that there is a 
successful connection and authentication between Radius and LDAP. 
I have verified using the adapters command that the Radius adapters are 
installed for Oracle. 
I have created a user identified externally and granted connect and resource 
and when I attempt to connect I get an invalid id/password error...although 
when using the radius test utilities with the same password it works. 
I have verified that the remote_os_auth=false and os_authent_prefix= " ". 
When I attempt an Oracle Sqlplus connection using the id I created the 
Radius server log has this message:
"WARNING: Unprintable characters in the password. ?  Double-check the shared 
secret on the server and the NAS!"
I have verified the "secret" on the Radius server in the clients.conf 
matches the data in the radius.key file on the Oracle Server and I used 
netmgr to create the the sqlnet.ora file and it has:
 
SQLNET.RADIUS_AUTHENTICATION = <correct ip address>
SQLNET.RADIUS_AUTHENTICATION_PORT = 1812
SQLNET.RADIUS_SECRET = 
/u01/app/oracle/product/10.2.0/RACF2/network/security/radius.key
SQLNET.RADIUS_AUTHENTICATION_TIMEOUT = 10
SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, RADIUS, NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
 
Looking at a trace file the lines that stand out are:
[08-JUN-2007 15:55:51:153] nspsend: 00 00 35 4F 52 41 2D 32  |..5ORA-2|
[08-JUN-2007 15:55:51:153] nspsend: 38 30 33 35 3A 20 43 61  |8035:.Ca|
[08-JUN-2007 15:55:51:153] nspsend: 6E 6E 6F 74 20 47 65 74  |nnot.Get|
[08-JUN-2007 15:55:51:153] nspsend: 20 53 65 73 73 69 6F 6E  |.Session|
[08-JUN-2007 15:55:51:153] nspsend: 20 4B 65 79 20 66 6F 72  |.Key.for|
[08-JUN-2007 15:55:51:153] nspsend: 20 41 75 74 68 65 6E 74  |.Authent|
[08-JUN-2007 15:55:51:153] nspsend: 69 63 61 74 69 6F 6E 0A  |ication.|
Which seems to indicate a problem getting the radius.key value, I think...
I have already opened a TAR with Oracle support however after over 3 weeks 
with out any solutions I thought I would pursue other avenues...
Any ideas or suggestions would be greatly appreciated.
thx Marc
 

Other related posts: