DBAsupport.com Forums - Powered by vBulletin
Results 1 to 7 of 7

Thread: Security Issue.. cant connect to Oracle

  1. #1
    Join Date
    Jan 2009
    Posts
    4

    Question Security Issue.. cant connect to Oracle

    Hi
    I have recently deployed a 3-tier **proprietary** application that:

    - has a thick-client installed on a Windows Vista client machine
    - Oracle 10g Enterprise edition version 10.2.0.1.0 installed on a server running Red Hat enterprise Linux. This is a very cut-down version of Linux, only accessible through SSH (or by directly plugging in a keyboard+monitor into the linux box). It does not have any GUI/windowing mechanism installed on it at all (so for example there is no 'xclock' installed in this linux). Also the oracle server software installed here does NOT have Oracle Enterprise Manager installed.


    I have complete access to the server and can log in as sysdba via SSH.

    Problem: I want to use a graphical tool like Oracle Ent. Manager to look 'inside' the DB.

    Attempts so far:
    Looking around inside the installation on vista client machine I discovered a folder:
    "\3rdParty\Oracle10g" which contained files:
    - tnsnames.ora
    - sqlnet.ora
    - sqlplus.exe
    When I ran this sqlplus.exe on a CMD prompt it said:
    >Error 6 Initialising Sql*Plus
    >Message file sp1.msb not found
    >SP2-You may need to set ORACLE_HOME to yourr oracle software directory

    So I decided to install Oracle 10g Client (10.2.0.1.0) on the Vista client machine, *hoping* that I will then be able to use OEM on this vista machine and connect to the oracle running on the linux box.

    On the vista box I also did:set ORACLE_HOME=C:\oracle\product\10.2.0\client_1

    Now I ran the sqlplus.exe (on the vista box) again and it came up with a login prompt. Problem is I dont have a login/password; what I plan to do is to create a user by logging in as sysdba on the server, and grant all access to him, and then log into Oracle Ent Manager as this user from the windows machine.

    However, here is another problem: if I do 'tnsping ' it says:
    TNS-12541: TNS:no listener

    I suspect this is because of some security setting in this application OOTB.
    The entry in tnsnames.ora setting is correct, as it was done by the client install program (not manually). It contains: PROTOCOL=TCPS, and PORT=2484.

    There is also a 'wallet' folder on the client machine under 'Oracle10g' folder.

    Finally the sqlnet.ora on client machine contains:
    ----------------------------------------------------------
    SQLNET.AUTHENTICATION_SERVICES= (NTS)
    SSL_VERSION=0
    NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
    SSL_SERVER_DN_MATCH = FALSE
    SSL_CLIENT_AUTHENTICATION = TRUE
    WALLET_LOCATION=
    (SOURCE=
    (METHOD=FILE)
    (METHOD_DATA =
    (DIRECTORY= C:\\Oracle10g\wallet)
    )
    )
    SSL_CIPHER_SUITES=(SSL_RSA_EXPORT_WITH_RC4_40MD5)
    ----------------------------------------------------------
    All I would like to do is to be able to connect to the oracle server with tools I am familiar with (like OEM, TOAD etc.).

    This stuff is quite outside of my understanding, so if you can provide any insight it'll be much appreciated.

    Thanks

  2. #2
    Join Date
    Apr 2003
    Location
    Pune,Maharashtra. India.
    Posts
    245
    Can you login to that box with user with which you created DB?.

    check "ps -ef | grep pmon" if your DB is up it will show pmon process started with one perticuler user. Try login to box with that user.


    sqlplus "/ as sysdba" you should be able to connect to your DB.

    Also go to $ORACLE_HOME/network/admin check listener.ora check listener name.

    lsnrctl status listener_name :- If says up then fine

    lsnrctl status listener_name :- if says no then "lsnrctl start listener_name"
    So that your application processes which uses listener to connect to DB can connect..
    Rgds
    Parag

  3. #3
    Join Date
    Jan 2009
    Posts
    4
    Hi
    Thannks for your reply. This problem is more involved than just verifying if the listenser is running or not.

    1. The linux is on my desk, with a monitor and keyboard and I can log in as sroot, AND I can also easily log in as:
    sqlplus "/ as sysdba". This works with NO problems - I can dropt the DB if i really want!!

    2. The listener is definitely working!! Becuase I can log into sqlplus as described above,
    if I am working directly on the linux box. Also I made 100% sure that the listener is up by running
    lsnrctl start (gives success)

    So this is a rather tricky one, it may be something to do with advanced security optionss like using the wallet
    or something like that (the thick client on the windows machine has a wallet folder)

  4. #4
    Join Date
    Sep 2002
    Location
    England
    Posts
    7,334
    sqlplus / as sysdba does not prove the listener is up becuase it doesnt use one

    why are you using the wallet stuff? Is there a reason or can you bypass it

  5. #5
    Join Date
    Jan 2009
    Posts
    4
    davey23uk:
    OK, take your point on "sqlplus as sysdba". But on the linux box I also did:
    lsnrctl start and it said - success, listener started. If I do a ps -ef I can see the listener process.

    This is a proprietary application and I have not installed any of this wallet stuff myself, I dont even understand the basics of it!
    All I have installed is the oracle 10g client on the vista machine...

    If there is a way to bypass it I'd love to know how...

  6. #6
    Join Date
    Apr 2003
    Location
    Pune,Maharashtra. India.
    Posts
    245
    So basically you want to connect to your DB on unix box from your windows vista machine where you have installed Oracle client correct ?

    then on your vista machine go to OH find your tnsnames.ora

    and put tns entry there with proper
    SID,hostname,port.
    then try tnsping

    If doesnt work then try putting i/p address of unix box at tnsnames.ora.

    Also make sure that ping to linux box is going from your machine.

    But as i see errors below..

    HTML Code:
    When I ran this sqlplus.exe on a CMD prompt it said:
    >Error 6 Initialising Sql*Plus
    >Message file sp1.msb not found
    >SP2-You may need to set ORACLE_HOME to yourr oracle software director
    i assume that client is not properly installed on your vista machine.
    If its sucessfully done then you shod see oracle related options in Start->Programs. If not try re-installing Client.
    Rgds
    Parag

  7. #7
    Join Date
    Jan 2009
    Posts
    4
    Parag

    Thank you for your reply, and I genuinely appreciate your efforts to help me out. But please read my original post carefully, I have already anwsered these questions in there.
    1. Yes the vista machine can ping the linux box
    2. Yes I am sure the TNSnames.ora entry that points to the DB is correct because it was put in by the install program of the application, and the thick client is talking with oracle server fine.
    3. Yes the Oracle client software is installed fine, becaue that error went away a long time ago.

    I think this problem needs someone who understands SSL authentication, wallets and the like.
    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width