Radius/Oracle
- From: "Marc Giuliani" <MGiuliani@xxxxxxxxxxxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Mon, 11 Jun 2007 09:54:06 -0400
Hello,
Has anyone had any experience with Radius and Oracle? I am having an issue
getting Oracle and Radius to communicate correctly.
I have Oracle 10G installed on RHEL Linux 4 ES and also have Radius
installed on the same server. Radius is in turn connecting to LDAP and I
verified using the radtest and radclient utilities that there is a
successful connection and authentication between Radius and LDAP.
I have verified using the adapters command that the Radius adapters are
installed for Oracle.
I have created a user identified externally and granted connect and resource
and when I attempt to connect I get an invalid id/password error...although
when using the radius test utilities with the same password it works.
I have verified that the remote_os_auth=false and os_authent_prefix= " ".
When I attempt an Oracle Sqlplus connection using the id I created the
Radius server log has this message:
"WARNING: Unprintable characters in the password. ? Double-check the shared
secret on the server and the NAS!"
I have verified the "secret" on the Radius server in the clients.conf
matches the data in the radius.key file on the Oracle Server and I used
netmgr to create the the sqlnet.ora file and it has:
SQLNET.RADIUS_AUTHENTICATION = <correct ip address>
SQLNET.RADIUS_AUTHENTICATION_PORT = 1812
SQLNET.RADIUS_SECRET =
/u01/app/oracle/product/10.2.0/RACF2/network/security/radius.key
SQLNET.RADIUS_AUTHENTICATION_TIMEOUT = 10
SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, RADIUS, NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
Looking at a trace file the lines that stand out are:
[08-JUN-2007 15:55:51:153] nspsend: 00 00 35 4F 52 41 2D 32 |..5ORA-2|
[08-JUN-2007 15:55:51:153] nspsend: 38 30 33 35 3A 20 43 61 |8035:.Ca|
[08-JUN-2007 15:55:51:153] nspsend: 6E 6E 6F 74 20 47 65 74 |nnot.Get|
[08-JUN-2007 15:55:51:153] nspsend: 20 53 65 73 73 69 6F 6E |.Session|
[08-JUN-2007 15:55:51:153] nspsend: 20 4B 65 79 20 66 6F 72 |.Key.for|
[08-JUN-2007 15:55:51:153] nspsend: 20 41 75 74 68 65 6E 74 |.Authent|
[08-JUN-2007 15:55:51:153] nspsend: 69 63 61 74 69 6F 6E 0A |ication.|
Which seems to indicate a problem getting the radius.key value, I think...
I have already opened a TAR with Oracle support however after over 3 weeks
with out any solutions I thought I would pursue other avenues...
Any ideas or suggestions would be greatly appreciated.
thx Marc
Other related posts:
