Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Radius/Oracle

Radius/Oracle

From: Marc Giuliani <MGiuliani_at_gbsolutionsinc.com>
Date: Mon, 11 Jun 2007 09:54:06 -0400
Message-ID: <WorldClient-F200706110954.AA54060018@gbsolutionsinc.com> 






  Hello,


Has anyone had any experience with Radius and Oracle? I am having an issue 
getting Oracle and Radius to communicate correctly. 
I have Oracle 10G installed on RHEL Linux 4 ES and also have Radius 
installed on the same server. Radius is in turn connecting to LDAP and I 
verified using the radtest and radclient utilities that there is a 
successful connection and authentication between Radius and LDAP. 
I have verified using the adapters command that the Radius adapters are 
installed for Oracle. 


I have created a user identified externally and granted connect and resource 
and when I attempt to connect I get an invalid id/password error...although 
when using the radius test utilities with the same password it works. 
I have verified that the remote_os_auth=false and os_authent_prefix= " ". 
When I attempt an Oracle Sqlplus connection using the id I created the 
Radius server log has this message:


"WARNING: Unprintable characters in the password. ?  Double-check the shared 
secret on the server and the NAS!"


I have verified the "secret" on the Radius server in the clients.conf 
matches the data in the radius.key file on the Oracle Server and I used 
netmgr to create the the sqlnet.ora file and it has:
 

SQLNET.RADIUS_AUTHENTICATION = <correct ip address>
SQLNET.RADIUS_AUTHENTICATION_PORT = 1812
SQLNET.RADIUS_SECRET = 




/u01/app/oracle/product/10.2.0/RACF2/network/security/radius.key
SQLNET.RADIUS_AUTHENTICATION_TIMEOUT = 10

SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, RADIUS, NTS)

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)


Looking at a trace file the lines that stand out are:


[08-JUN-2007 15:55:51:153] nspsend: 00 00 35 4F 52 41 2D 32  |..5ORA-2|

[08-JUN-2007 15:55:51:153] nspsend: 38 30 33 35 3A 20 43 61  |8035:.Ca|

[08-JUN-2007 15:55:51:153] nspsend: 6E 6E 6F 74 20 47 65 74  |nnot.Get|

[08-JUN-2007 15:55:51:153] nspsend: 20 53 65 73 73 69 6F 6E  |.Session|

[08-JUN-2007 15:55:51:153] nspsend: 20 4B 65 79 20 66 6F 72  |.Key.for|

[08-JUN-2007 15:55:51:153] nspsend: 20 41 75 74 68 65 6E 74  |.Authent|

[08-JUN-2007 15:55:51:153] nspsend: 69 63 61 74 69 6F 6E 0A  |ication.|

Which seems to indicate a problem getting the radius.key value, I think...
I have already opened a TAR with Oracle support however after over 3 weeks 
with out any solutions I thought I would pursue other avenues...
Any ideas or suggestions would be greatly appreciated.
thx Marc
 




--
http://www.freelists.org/webpage/oracle-l


Received on Mon Jun 11 2007 - 08:54:06 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US