Home -> Mailing Lists -> Oracle-L -> RE: Oracle Wallet Installed & Windows NTS / OS Authentication = FAIL!

RE: Oracle Wallet Installed & Windows NTS / OS Authentication = FAIL!

From: Taylor, Chris David <ChrisDavid.Taylor_at_ingrambarge.com>
Date: Thu, 18 Feb 2010 11:14:06 -0600
Message-ID: <C5533BD628A9524496D63801704AE56D379D1A1D18_at_SPOBMEXC14.adprod.directory> 





This was not actually as true as I thought it was.



The wallet configuration worked, but not as I expected.



My Oracle Client is stripping off the DOMAIN portion of my connect info it seems.



Chris Taylor


Sr. Oracle DBA


Ingram Barge Company


Nashville, TN 37205


Office: 615-517-3355


Cell: 615-354-4799


Email: chris.taylor_at_ingrambarge.com<mailto:chris.taylor_at_ingrambarge.com>



CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and delete the contents of this message without disclosing the contents to anyone, using them for any purpose, or storing or copying the information on any medium.
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Taylor, Chris David
Sent: Thursday, February 18, 2010 8:35 AM
To: 'oracle-l-freelists'


Subject: Oracle Wallet Installed & Windows NTS / OS Authentication = FAIL!



(


This is on Windows XP Client with SQLNET.ORA SQLNET.AUTHENTICATION_SERVICES = (NTS) for OS authentication.
)



I ran into an issue a few days ago that has taken me till this morning to have resolved and I wanted to see if anyone had run into this.



I installed Oracle 10.2.0.1 Client and couldn't OS authenticate to remote databases on the initial connection.  If I tried 2 times in a row, the second attempt would authenticate.



After tracing the Oracle calls, I discovered that the client (on the 1st connection) was getting the following errors/warnings:



nnflgetnlpactx: NLPA context successfuly initialized
nnflgetnlpactx: exit


nzgblinitialize: entry


nzumalloc: entry


nzdcpig_init_global: entry


nzumalloc: entry


nzucpget_parameter: entry


nzdycs1_start: entry


nzdycs1_start: exit


nzucpget_parameter: parameter "oss.default_file_directory" does not exist.
nzucpget_parameter: exit

nzupawp_apply_wrl_policy: entry
nzupgew_get_environ_wrl: entry
nzupgew_get_environ_wrl: Environment Variable not found or empty value.
nzupgew_get_environ_wrl:  returning error: 28781





On the 2nd attempt, these messages weren't present and the client connects correctly.



After doing some digging I realized that this is specific to Oracle Wallet and/or Oracle security.  So, on the client side, I followed this article:



http://www.oracle-base.com/articles/10g/SecureExternalPasswordStore_10gR2.php



Voila! I can now connect to my database using OS authentication.



Now, here's the issue.  I installed Oracle Wallet as part of the Client install using "Custom" options but I never set it up.



It appears that just by having it installed, that Oracle tries to authenticate using configurations stored in the Wallet (when using OS auth) and then returns "Invalid Username/Password".  It seems counter-intuitive to me that just by having it installed, it would cause the Oracle client to fail the handshake on the initial connection, but successfully resolve on the second attempt.



Some other trace info that showed up which led me sort of down a rabbit trail:


nioqrc:  found a break marker..
nioqrc:  Recieve: returning error: 3111
nioqrc: exit
nioqrs: entry
nioqrs:  state = interrupted (1)
nscontrol: entry




nscontrol: cmd=1, lcl=0x0


nscontrol: normal exit


nioqrs:  state = interrupted (1)


nioqrs: nioqrs: sending reset marker...



Solutions:



1.)    Configure Oracle Wallet for databases you wish to OS authenticate to



2.)    Uninstall Oracle client and reinstall without Oracle Wallet/Advanced Security where its not needed (unverified)




Probably what I should do is completely uninstall the Oracle Client and reinstall without the Oracle Wallet/Advanced Security options.



So, anyone else experienced anything like this?




Chris Taylor


Sr. Oracle DBA


Ingram Barge Company


Nashville, TN 37205


Office: 615-517-3355


Cell: 615-354-4799


Email: chris.taylor_at_ingrambarge.com<mailto:chris.taylor_at_ingrambarge.com>



CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and delete the contents of this message without disclosing the contents to anyone, using them for any purpose, or storing or copying the information on any medium.


--
http://www.freelists.org/webpage/oracle-l


Received on Thu Feb 18 2010 - 11:14:06 CST












Original text of this message