I have 02 oracles and oracles vcpu servers on which are created respectively a primary BD (db_name = chicago and db_unique_name = chicago) and a standby BD (db_name = chicago and db_unique_name = boston). I created a service in the 02 servers with the utility srvctl:
srvctl add service -d "db_unique_name" -s CHICAGO_HA -l PRIMARY -q TRUE -e SELECT -m BASIC -z 150 -w 10
Then I added an entry in my tnsnames.ora file:
CHICAGO_HA =
(DESCRIPTION_LIST =
(LOAD_BALANCE = off)
(FAILOVER = on)
(DESCRIPTION =
(CONNECT_TIMEOUT = 10) (RETRY_COUNT = 3)
(ADDRESS_LIST = (ADDRESS = (PROTOCOL = tcp) (HOST = 192.168.17.140) (PORT = 1522)))
(CONNECT_DATA = (SERVICE_NAME = chicago_ha))
)
(DESCRIPTION =
(CONNECT_TIMEOUT = 10) (RETRY_COUNT = 3)
(ADDRESS_LIST = (ADDRESS = (PROTOCOL = tcp) (HOST = 192.168.17.138) (PORT = 1522)))
(CONNECT_DATA = (SERVICE_NAME = chicago_ha))
)
)
I have a client on which i have opened a session :
sqlplus sys/*****#chicago_ha as sysdba
on primary host. i can query tables. but after switchover when i can't query tables because my session ends with errors like I am no longer connected.
If I read it correctly, your setup has connect-time failover, but you are trying to use an already open connection to the now-closed instance? You would need something like Application Continuity or Transparent Application Continuity for an existing connection to be moved to the other instance. Check the Oracle white paper Continuous Availability
Application Continuity for the Oracle Database.
SQL*Plus generally isn't a great testing tool to mimic real-life apps that have connection pools and lots of users.
Related
I am unable to add rules to audit daemon using /etc/audit/audit.rules
Every time i add the rules using auditctl it gets removed on reboot or audit daemon restart I have attached the /etc/audit/audit.rules and /etc/audit/auditd.conf
cat /etc/audit/auditd.conf
$ cat /etc/audit/auditd.conf
#
# This file controls the configuration of the audit daemon
#
local_events = yes
write_logs = yes
log_file = /NU_Application/audit.log
log_group = root
log_format = RAW
flush = INCREMENTAL_ASYNC
freq = 50
max_log_file = 8
num_logs = 5
priority_boost = 4
disp_qos = lossy
dispatcher = /sbin/audispd
name_format = NONE
##name = mydomain
max_log_file_action = ROTATE
space_left = 75
space_left_action = SYSLOG
verify_email = yes
action_mail_acct = root
admin_space_left = 50
admin_space_left_action = SUSPEND
disk_full_action = SUSPEND
disk_error_action = SUSPEND
use_libwrap = yes
##tcp_listen_port = 22
tcp_listen_queue = 5
tcp_max_per_addr = 1
##tcp_client_ports = 1024-65535
tcp_client_max_idle = 0
enable_krb5 = no
krb5_principal = auditd
##krb5_key_file = /etc/audit/audit.key
distribute_network = no
cat /etc/audit/audit.rules
$ cat /etc/audit/audit.rules
## First rule - delete all
## Increase the buffers to survive stress events.
## Make this bigger for busy systems
-b 8192
## This determine how long to wait in burst of events
--backlog_wait_time 0
## Set failure mode to syslog
-f 1
-w /var/log/lastlog -p wa
root#iWave-G22M:~# auditctl
When i restart the audit daemon ( i.e /etc/init.d/auditd restart ) and try to list the rules i get the message No rules
$ /etc/init.d/auditd restart
Restarting audit daemon auditd
type=1305 audit(1558188111.980:3): audit_pid=0 old=1148 auid=4294967295 ses=4294967295
res=1
type=1305 audit(1558188112.010:4): audit_enabled=1 old=1 auid=4294967295 ses=4294967295
res=1
type=1305 audit(1558188112.020:5): audit_pid=30342 old=0 auid=4294967295 ses=4294967295
res=1
1
$ auditctl -l
No rules
OS INFO
$ uname -a
Linux iWave-G22M 3.10.31-ltsi-svn743 #5 SMP PREEMPT Mon May 27 18:28:01 IST 2019 armv7l GNU/Linux
audit_2.8.4.bb file was used to install auditd daemon via yocto
path of audit_2.8.4.bb -- http://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux/tree/recipes-security/audit/audit_2.8.4.bb?h=master
audit rules add via /etc/audit/audit.rules and auditctl command are not permanent. to make them permanent across reboot you have to add them /etc/audit/rules.d/audit.rules file.
after adding the rule, restart auditd service and run command auditctl -l, it will list all the rules and also reflect in /etc/audit/audit.rules file.
My DB machine has three instance, I had shutdown the 'EDWDBS1' only (not the whole database) in the RMAN interface by using
shutdown immediate
But when I want to reconnect to/startup 'EDWDBS1', it throws ORA-12505 error either in sqldeveloper or sqlplus or RMAN. Alrd tried to check the tnsnames.ora and listener.ora, but I still got no idea about that.
Here is my listener.ora
# copyright (c) 1997 by the Oracle Corporation
#
# NAME
# listener.ora
# FUNCTION
# Network Listener startup parameter file example
# NOTES
# This file contains all the parameters for listener.ora,
# and could be used to configure the listener by uncommenting
# and changing values. Multiple listeners can be configured
# in one listener.ora, so listener.ora parameters take the form
# of SID_LIST_<lsnr>, where <lsnr> is the name of the listener
# this parameter refers to. All parameters and values are
# case-insensitive.
# <lsnr>
# This parameter specifies both the name of the listener, and
# it listening address(es). Other parameters for this listener
# us this name in place of <lsnr>. When not specified,
# the name for <lsnr> defaults to "LISTENER", with the default
# address value as shown below.
#
# LISTENER =
# (ADDRESS_LIST=
# (ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521))
# (ADDRESS=(PROTOCOL=ipc)(KEY=PNPKEY)))
# SID_LIST_<lsnr>
# List of services the listener knows about and can connect
# clients to. There is no default. See the Net8 Administrator's
# Guide for more information.
#
# SID_LIST_LISTENER=
# (SID_LIST=
# (SID_DESC=
# #BEQUEATH CONFIG
# (GLOBAL_DBNAME=salesdb.mycompany)
# (SID_NAME=sid1)
# (ORACLE_HOME=/private/app/oracle/product/8.0.3)
# #PRESPAWN CONFIG
# (PRESPAWN_MAX=20)
# (PRESPAWN_LIST=
# (PRESPAWN_DESC=(PROTOCOL=tcp)(POOL_SIZE=2)(TIMEOUT=1))
# )
# )
# )
# PASSWORDS_<lsnr>
# Specifies a password to authenticate stopping the listener.
# Both encrypted and plain-text values can be set. Encrypted passwords
# can be set and stored using lsnrctl.
# LSNRCTL> change_password
# Will prompt for old and new passwords, and use encryption both
# to match the old password and to set the new one.
# LSNRCTL> set password
# Will prompt for the new password, for authentication with
# the listener. The password must be set before running the next
# command.
# LSNRCTL> save_config
# Will save the changed password to listener.ora. These last two
# steps are not necessary if SAVE_CONFIG_ON_STOP_<lsnr> is ON.
# See below.
#
# Default: NONE
#
# PASSWORDS_LISTENER = 20A22647832FB454 # "foobar"
# SAVE_CONFIG_ON_STOP_<lsnr>
# Tells the listener to save configuration changes to listener.ora when
# it shuts down. Changed parameter values will be written to the file,
# while preserving formatting and comments.
# Default: OFF
# Values: ON/OFF
#
# SAVE_CONFIG_ON_STOP_LISTENER = ON
# USE_PLUG_AND_PLAY_<lsnr>
# Tells the listener to contact an Onames server and register itself
# and its services with Onames.
# Values: ON/OFF
# Default: OFF
#
# USE_PLUG_AND_PLAY_LISTENER = ON
# LOG_FILE_<lsnr>
# Sets the name of the listener's log file. The .log extension
# is added automatically.
# Default=<lsnr>
#
# LOG_FILE_LISTENER = lsnr
# LOG_DIRECTORY_<lsnr>
# Sets the directory for the listener's log file.
# Default: <oracle_home>/network/log
#
# LOG_DIRECTORY_LISTENER = /private/app/oracle/product/8.0.3/network/log
# TRACE_LEVEL_<lsnr>
# Specifies desired tracing level.
# Default: OFF
# Values: OFF/USER/ADMIN/SUPPORT/0-16
#
# TRACE_LEVEL_LISTENER = SUPPORT
# TRACE_FILE_<lsnr>
# Sets the name of the listener's trace file. The .trc extension
# is added automatically.
# Default: <lsnr>
#
# TRACE_FILE_LISTENER = lsnr
# TRACE_DIRECTORY_<lsnr>
# Sets the directory for the listener's trace file.
# Default: <oracle_home>/network/trace
#
# TRACE_DIRECTORY_LISTENER=/private/app/oracle/product/8.0.3/network/trace
# CONNECT_TIMEOUT_<lsnr>
# Sets the number of seconds that the listener waits to get a
# valid database query after it has been started.
# Default: 10
#
# CONNECT_TIMEOUT_LISTENER=10
tnsnames.ora
EDWDBD1 = (DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = HKHPEDWDBSDEV01)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = EDWDBD1)
)
)
EDWDBS1 = (DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = HKHPEDWDBSDEV01)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = EDWDBS1)
)
)
EDWDBU1 = (DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = HKHPEDWDBSDEV01)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = EDWDBU1)
)
)
EDWPDBD1 = (DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = HKHPEDWDBSDEV01)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = EDWPDBD1)
)
)
Result of lsnrctl status
LSNRCTL for Linux: Version 12.2.0.1.0 - Production on 11-FEB-2019 18:43:54
Copyright (c) 1991, 2016, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 12.2.0.1.0 - Production
Start Date 11-FEB-2019 18:09:09
Uptime 0 days 0 hr. 34 min. 45 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/12.2.0/db_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/HKHPEWDBSDEV01/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=HKHPEWDBSDEV01)(PORT=1521)))
Services Summary...
Service "7a114ab24bf177a5e055315d54627e2c" has 1 instance(s).
Instance "edwdbd1", status READY, has 1 handler(s) for this service...
Service "EDWDBU1" has 1 instance(s).
Instance "EDWDBU1", status READY, has 1 handler(s) for this service...
Service "EDWDBU1XDB" has 1 instance(s).
Instance "EDWDBU1", status READY, has 1 handler(s) for this service...
Service "edwdbd1" has 1 instance(s).
Instance "edwdbd1", status READY, has 1 handler(s) for this service...
Service "edwdbd1XDB" has 1 instance(s).
Instance "edwdbd1", status READY, has 1 handler(s) for this service...
Service "edwpdbd1" has 1 instance(s).
Instance "edwdbd1", status READY, has 1 handler(s) for this service...
The command completed successfully
I am guessing you are trying to start your instance remotely. In your listener.ora you don't have a static service configured, so you can't connect remotely (via TCP/IP) to the instance as the listener doesn't know about that instance.
In order to start the instance you should be connected locally (via SSH) and set all necessary environment variables (ORACLE_HOME, ORACLE_SID, PATH) and use OS authentication (usually be member of dba group) and run:
sqlplus / as sysdba
and
startup;
Also you can use password file authentication but this is another story.
I use Freeradius + CoovaChilli + Nginx + Ubuntu.
I nicely configured the Freeradius and everything is working fine.. Except that ChilliSpot-Max-Total-Octets terminate the session after 1 117 000 000 octets used by the Mac address but the Username can log in again.
I was expecting that the Username cannot login until he waits daily reset.
Is it due to the Unique ID session ?
In /etc/freeradius/sql/mysql/counter.php
sqlcounter chillispot_max_bytes {
counter-name = ChilliSpot-Max-Total-Octets
check-name = ChilliSpot-Max-Total-Octets
reply-name = ChilliSpot-Max-Total-Octets
reply-message = "C'est pas bien de trop télécharger !!"
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM
radac$
}
In /etc/freeradius/site-enabled/default
Authorize
{
...
#
# Counters for Chillispot
#
chillispot_max_bytes
daily
...
}
Second problem similar:
Daily limit : I set up a Session-time end that works perfectly but I would like to have a OFF period daily.
sqlcounter dailycounter {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
reply-name = Session-Timeout
reply-message = "You've used up more than one hour today"
sqlmod-inst = sql
key = User-Name
reset = daily
# This query ignores calls that started in a previous
# reset period and continue into into this one. But it
# is a little easier on the SQL server
query = "SELECT SUM(acctsessiontime) FROM radacct WHERE \
username = '%{%k}' AND acctstarttime > FROM_UNIXTIME('%b')"
}
Dictionnary :
$INCLUDE /usr/share/freeradius/dictionary
$INCLUDE /usr/share/freeradius/dictionary.chillispot
ATTRIBUTE Max-Daily-Session 30011 integer
ATTRIBUTE chillispot_max_bytes 3010 integer
Any idea ?
I was thinking about creating some User group, but I am not sure how to manage that with Radius.
Thank you
OK I have a lab setup, I have a Freenas server iscsi setup with Chap setup for discovery and mutual chap for targets.
Here are the requirements:
Implement CHAP security
One-way CHAP for discovery
Two-way (Mutual) CHAP for targets
I can connect and discover sucessfully with two esxi servers, windows 7, windows 2003, 2008, and 2012
Centos can see the discovery list, but when trying to connect with :
iscsiadm --mode node --targetname iqn.2015.lab.com:centos --portal 192.168.1.60:3260 --login
the terminal outputs:
no records found
Here is my iscsid.conf, I left the comments in on the Chap section, but removed it for the rest as it is just so large:
iscsid.startup = /etc/rc.d/init.d/iscsid force-start
node.startup = automatic
node.leading_login = No
# *************
# CHAP Settings
# *************
# To enable CHAP authentication set node.session.auth.authmethod
# to CHAP. The default is None.
node.session.auth.authmethod = CHAP
# To set a CHAP username and password for initiator
# authentication by the target(s), uncomment the following lines:
#node.session.auth.username = group7
#node.session.auth.password = passwordpassword
# To set a CHAP username and password for target(s)
# authentication by the initiator, uncomment the following lines:
node.session.auth.username_in = group7
node.session.auth.password_in = passwordpassword
# To enable CHAP authentication for a discovery session to the target
# set discovery.sendtargets.auth.authmethod to CHAP. The default is None.
discovery.sendtargets.auth.authmethod = CHAP
# To set a discovery session CHAP username and password for the initiator
# authentication by the target(s), uncomment the following lines:
discovery.sendtargets.auth.username = group7
discovery.sendtargets.auth.password = passwordpassword
# To set a discovery session CHAP username and password for target(s)
# authentication by the initiator, uncomment the following lines:
#discovery.sendtargets.auth.username_in = group7
#discovery.sendtargets.auth.password_in = passwordpassword
node.session.timeo.replacement_timeout = 120
node.conn[0].timeo.login_timeout = 15
node.conn[0].timeo.logout_timeout = 15
node.conn[0].timeo.noop_out_interval = 5
node.conn[0].timeo.noop_out_timeout = 5
node.session.err_timeo.abort_timeout = 15
node.session.err_timeo.lu_reset_timeout = 30
node.session.err_timeo.tgt_reset_timeout = 30
node.session.initial_login_retry_max = 8
node.session.cmds_max = 128
node.session.queue_depth = 32
node.session.xmit_thread_priority = -20
node.session.iscsi.InitialR2T = No
node.session.iscsi.ImmediateData = Yes
node.session.iscsi.FirstBurstLength = 262144
node.session.iscsi.MaxBurstLength = 16776192
node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
node.conn[0].iscsi.HeaderDigest = None
node.session.nr_sessions = 1
node.session.iscsi.FastAbort = Yes
Any help is appreciated. Thank you.
You want mutual CHAP for session setup, but in your configuration file you have commented-out the lines that define the login from initiator to target:
# To set a CHAP username and password for initiator
# authentication by the target(s), uncomment the following lines:
#node.session.auth.username = group7
#node.session.auth.password = passwordpassword
I'm using perl DBI to connect to a SQL Server. This server uses windows authentication. How do I pass on this information to the SQL server via DBI?
I assume that "using Windows authentication" implies that your script runs on Windows. Then there is more than one way to do it. You can use ADO instead of ODBC and don't need to create a DSN:
my $db_instance = ".\\SQLEXPRESS";
my $db_name = "AdventureWorks";
my $db_user = "sa";
my $db_pass = "...";
my $n = 0;
for my $cs (
"DBI:ODBC:Driver={SQL Server};Server=$db_instance;Database=$db_name;UID=$db_user;PWD=$db_pass"
, "DBI:ODBC:Driver={SQL Server};Server=$db_instance;Database=$db_name;"
, "DBI:ODBC:DSN=AdvWork;"
, "DBI:ADO:DSN=AdvWork;"
, "DBI:ADO:Provider=SQLNCLI.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=$db_name;Data Source=$db_instance;"
, "DBI:ADO:Provider=SQLOLEDB.1;Persist Security Info=False;User ID=sa;PWD=$db_pass;Initial Catalog=$db_name;Data Source=$db_instance;"
, "DBI:ADO:Provider=SQLNCLI10.1;Integrated Security=SSPI;Persist Security Info=False;User ID=\"\";Initial Catalog=$db_name;Data Source=$db_instance;Initial File Name=\"\";Server SPN=\"\";"
) {
my $dbh = DBI->connect($cs) or die("\nCONNECT ERROR:\n$DBI::errstr");
my $wtf = $cs;
$wtf =~ s/$db_pass/secret/;
printf "%2d CS: '%s'\n", ++$n, $wtf;
$dbh->disconnect();
}
output:
xpl.pl::Main started using Perl 5.010000 on MSWin32.
will call CnctMSSS - connect to MS SQLServer (SQLExpress)
1 CS: 'DBI:ODBC:Driver={SQL Server};Server=.\SQLEXPRESS;Database=AdventureWorks;UID=sa;PWD=secret'
2 CS: 'DBI:ODBC:Driver={SQL Server};Server=.\SQLEXPRESS;Database=AdventureWorks;'
3 CS: 'DBI:ODBC:DSN=AdvWork;'
4 CS: 'DBI:ADO:DSN=AdvWork;'
5 CS: 'DBI:ADO:Provider=SQLNCLI.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=Advent
ureWorks;Data Source=.\SQLEXPRESS;'
6 CS: 'DBI:ADO:Provider=SQLOLEDB.1;Persist Security Info=False;User ID=sa;PWD=secret;Initial Catalog=Adventur
eWorks;Data Source=.\SQLEXPRESS;'
7 CS: 'DBI:ADO:Provider=SQLNCLI10.1;Integrated Security=SSPI;Persist Security Info=False;User ID="";Initial C
atalog=AdventureWorks;Data Source=.\SQLEXPRESS;Initial File Name="";Server SPN="";'
CnctMSSS returned 0 [5.858424 secs]
xpl.pl::Main done. (0)
If you compare (1) [based on this contribution] and (2), you see that skipping the user info is enough to connect to the database; some drivers/providers may like the addition of "Integrated Security=SSPI".
Here is a good starting point, if you need help with experimenting with connection strings.
I presume you are using DBD::ODBC. Create a data source for SQL Server in the ODBC Administrator which uses Windows authentication then call DBI's connect method without a username and password.