Re: OS Authentication with winXP client Linux Server

On Jul 29, 10:05 pm, hjr.pyth...@xxxxxxxxx wrote:
On Jul 28, 12:14 am, "fitzjarr...@xxxxxxx" <fitzjarr...@xxxxxxx>
wrote:





On Jul 27, 8:38 am, "Matthias Hoys" <a...@xxxxxxxx> wrote:

<fitzjarr...@xxxxxxx> wrote in message

news:1185540761.531273.313830@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On Jul 27, 1:00 am, Dazza <DarylFer...@xxxxxxxxx> wrote:
Thanks for taking the time to reply.
However, OS Authentication does actually work on clients aswell.

The doco suggests throughout that the setting in sqlnet.ora be set to
SQLNET.AUTHENTICATION_SERVICES= (NTS) on both the server and the
client...suggesting that it does work on both.

From my personal experience, my previous company did indeed have it

working on the clients - the difference being they had windows servers
aswell as windows clients, whereas here I have a linux server and a
windows client.

My guess is you do not have the remote_os_authent parameter set to
TRUE on the server. I have several databases using external
authentication from Windows clients and it works quite well.

Are those databases on UNIX or Linux ? And you don't have Oracle Internet
Directory installed on the database server ? I wonder if this works then ?- Hide quoted text -

- Show quoted text -

The databases are on UNIX and the Windows clients authenticate without
issue.

David Fitzjarrell

I preface everything I'm about to say with the words, 'This is
addressed to the world in general and not David in particular'.

But anyone that runs REMOTE_OS_AUTHENT=TRUE on a production server is
asking for really, really bad trouble and needs to examine their head
very closely,,, and then stop using it immediately.

It means that if I were your cleaner, janitor or nightime security
guard I would simply need to bring in my teenage son's laptop one
night, plug it into your network, and I then have access to your
database. My laptop, after all, will happily authenticate me as a
valid user of that laptop. REMOTE_OS_AUTHENT=TRUE then states that
such validation is sufficient to get me access to your database. It
doesn't bear thinking about.

So, it's no wonder "Windows clients authenticate without issue":
practically the entire WORLD could authenticate without issue! That's
really not something you would want for a database whose data you
cared about.

It's discussed here:http://www.dizwell.com/prod/node/210
(where David Aldridge uses the 'you want your head tested' line I was
tempted to use here!)

It's also discussed here:http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:1...
(where Tom is moved to say, "remote_os_authent is not a very secure
setting" and "they have remote_os_authent set -- meaning they have the
least secure system on the planet. you must set that false")

In answer to the specific question asked by the original poster, no
amount of fiddling is going to get a Windows user's OS account
authenticated on a Linux server, unless remote_os_authentication is
set to the suicidal value of TRUE. As the OP initimated, messing
around with sqlnet.ora values is only going to be helpful in an all-
Windows environment.

Regards
HJR- Hide quoted text -

- Show quoted text -

I'll be more than happy to forward this on to whomever configured the
server I inherited. Such wasn't MY choice for authentication methods,
however it's the method I have been given and I have no authority to
change it.

Sometimes we must play the hand we're dealt.


David Fitzjarrell

.

Relevant Pages

  • RE: 802.1x Authentication Fails
    ... Reason = The authentication request was not processed because the ... a default certificate is being sent to ... I queried the product team about this and they feel the server certificate ... which is causing the problem that the clients cannot ...
    (microsoft.public.internet.radius)
  • Netlogon 5783
    ... For about there mounts I<m having small network problem, with clients, that ... The session setup to the Windows NT or Windows 2000 Domain Controller ... On DC1r there is Exchange 2000 server, witch is Exchange system manager is ... The failure code from authentication protocol Kerberos ...
    (microsoft.public.win2000.networking)
  • Secure TCP Channel using Remoting .NET 2005
    ... I have a query on authentication design for a service orientated ... architecture application hosting .NET 2005 remoted objects on a server called ... remoting for communication between clients and server. ...
    (microsoft.public.dotnet.framework.remoting)
  • Re: Cisco Aironet 1231 with IAS - Cannot authenticate Intel or Windows clients
    ... I've just set up an IAS server on Win2k3 and a Cisco Aironet 1231 AP. ... I've setup an SSID with EAP as the Open authentication type. ... I have several Cisco Aironet clients with new cards and the latest ACU. ...
    (microsoft.public.internet.radius)
  • Re: OS Authentication with winXP client Linux Server
    ... OS Authentication does actually work on clients aswell. ... SQLNET.AUTHENTICATION_SERVICES= on both the server and the ... authentication from Windows clients and it works quite well. ... it's no wonder "Windows clients authenticate without issue": ...
    (comp.databases.oracle.server)