Re: Advanced Security - Kerberos - ORA-12641

From: Rick Wessman <Rick.WessmanNO_SPAM_at_NoOrSaPcAlMe.com>
Date: 4 Mar 2004 10:43:08 -0800
Message-ID: <c27tbs02kif_at_drn.newsguy.com>

In article <a39817dd.0403010222.87e3c57_at_posting.google.com>, Matthias Haslbeck says...
>
>I'm trying to enable Kerberos authentication through Advanced Security
>Option for Oracle9i DB (9.2.0.4). Server and client are on the same
>Windows 2000 computer. The system's server is also a Windows 2000 with
>Active Directory.
>
>I followed all the instructions in the Oracle Advanced Security
>Administrator's Guide to configure my system correctly. But when I try
>to connect to the DB via SQLPLUS on the command line I get the error
>ORA-12641: TNS:authentication service failed to initialize.
>
>My sqlnet.ora looks like this:
>
>SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = oemrep
>SQLNET.KERBEROS5_CONF = c:\krb5\krb5.conf
>SQLNET.KERBEROS5_REALMS = c:\krb5\krb5.realms
>NAMES.DEFAULT_DOMAIN = mycompany.local
>SQLNET.AUTHENTICATION_REQUIRED = TRUE
>SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, KERBEROS5)
>SQLNET.KERBEROS5_CC_NAME = c:\krb5\krbcache
>SQLNET.KERBEROS5_KEYTAB = c:\krb5\v5srvtab
>SQLNET.EXPIRE_TIME = 15
>NAMES.DIRECTORY_PATH= (TNSNAMES)
>SQLNET.KERBEROS5_CONF_MIT = TRUE
>
>Any ideas what the problem might be?
>What have I got to do to make my system use Kerberos?
>
>All suggestions welcomed!

Unfortunately, it's difficult to tell what's going because the 12641 error is so generic. As an aside, due to the architecture of the code, it was not possible for me to provide a specific error code. The same applies to the infamous ORA-12638. The only thing that you can is to enable tracing at level 16. Look in the trace file for lines starting with "nauk5". That should give you an idea what is going on. I suggest contacting Oracle support. They should be able to help you pinpoint what's going on. I'm not an expert in the Kerberos support. It was put in after I designed the ASO framework.

                                   Rick

                                Rick Wessman
                                Oracle Corporation
     The opinions expressed above are mine and do not necessarily reflect
                         those of Oracle Corporation.

Received on Thu Mar 04 2004 - 19:43:08 CET

This message: [ Message body ]
Next message: Jim: "APC PowerChute for Oracle?"
Previous message: Daniel Morgan: "Re: Crystal Reports integration with Oracle 9iAS"
In reply to Matthias Haslbeck: "Advanced Security - Kerberos - ORA-12641"
Next in thread: Dave: "Re: Seeking recursive solution to replace nested for-loops"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message