一、于sqlnet.ora的说明:
*****************************************************FROM ORACLE11G DOCS*************************************
The sqlnet.ora file is the profile configuration file. It resides on the client machines and the database server. Profiles are stored and implemented using this file. The database server can be configured with access control parameters in the sqlnet.ora file. These parameters specify whether clients are allowed or denied access based on the protocol.
The sqlnet.ora file enables you to do the following:
Specify the client domain to append to unqualified names
Prioritize naming methods
Enable logging and tracing features
Route connections through specific processes
Configure parameters for external naming
Configure Oracle Advanced Security
Use protocol-specific parameters to restrict access to the database
By default, the sqlnet.ora file is located in the ORACLE_HOME/network/admin directory. The sqlnet.ora file can also be stored in the directory specified by the TNS_ADMIN environment variable.
*****************************************************************************************************************************
从描述中看出,该文件是控制客户端访问数据库服务器的,可以设定多种参数进行访问控制。而在这里作为初学者接触到的最早参数是 sqlnet.authentication_services,说明如下:
************************************************FROM ORACLE11G DOCS******************************************************
SQLNET.AUTHENTICATION_SERVICES
Purpose
To enable one or more authentication services. If authentication has been installed, then it is recommended that this parameter be set to either none or to one of the authentication methods.
Default
None
Note:
When installing the database with Database Configuration Assistant (DBCA), this parameter may be set to nts in the sqlnet.ora file.
Values
Authentication Methods Available with Oracle Net Services:
none for no authentication methods, including Microsoft Windows native operating system authentication. WhenSQLNET.AUTHENTICATION_SERVICES is set to none, a valid user name and password can be used to access the database.
all for all authentication methods.
nts for Microsoft Windows native operating system authentication.
Authentication Methods Available with Oracle Advanced Security:
kerberos5 for Kerberos authentication.
radius for RADIUS authentication.
tcps for SSL authentication.
**********************************************************************************************************************************
从参数的说明可以了解到提供两种服务,net服务和高级安全服务。高级安全服务参数这里不讨论了,讨论一下 none all nts三个参数的作用。
设定sqlnet.authentication_services:
none:作用是不允许通过os系统用户登录数据库,需要提供用户名及密码;
all:作用是允许所有的登录方式;
nts:作用是windows的本地操作系统用户认证;
注:需要说明的是据试验该用户名和密码是指具有sysdba权限的用户;在linux上若用系统用户oracle登录数据库需要设定为all或是注销该字段;
注:linux上默认是没有该文件的,可以手动创建,参考$ORACLE_HOME/network/admin/samples/sqlnet.ora内容,并将之设定在$ORACLE_HOME/network/admin/目录下。
[plain] view plaincopy
[oracle@centos admin]$ pwd
/oracle/11g/network/admin
[oracle@centos admin]$ cat sqlnet.ora
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
#SQLNET.AUTHENTICATION_SERVICES = (none)
[oracle@centos admin]$
我是从windows上copy过去的,对于linux来讲一般不指定该字段就能使oracle系统用户登录数据库了。
listener.ora、 tnsnames.ora和sqlnet.ora这3个文件是关系oracle网络配置的3个主要文件,其中listener.ora是和数据库服务器端 相关,而tnsnames.ora和sqlnet.ora这2个文件不仅仅关系到服务器端,主要的还是和客户端关系紧密。
第一、检查客户端oracle网络的时候可以先检查sqlnet.ora文件:
上面的sqlnet.ora文件说明:
SQLNET.AUTHENTICATION_SERVICES= (NTS)——这个表示采用os认证,在数据库服务器上,可以利用sqlplus “/ as sysdba”。一般这个配置在windows上是ok的,在unix环境下可能会有问题,一般在unix下可以去掉这个配置。
NAMES.DIRECTORY_PATH= (TNSNAMES, HOSTNAME, ONAMES)——表示将首先利用tnsnames进行解析;如果tnsnames解析不到,将使用hostname解析;如果hostname解析不 到,将采用onames进行解析。
被注释掉的NAMES.DEFAULT_DOMAIN = us.oracle.com——表示采用默认的domain name为us.oracle.com,在tnsnames.ora中如果配置对应的解析,如果原来的别名oralocal,那么,当启用这个参数后,在 tnsnames中的配置要改成oralocal.us.oracle.com。在使用tnsping时或者sqlplus登录时,只需写前面的别名,系 统会自动加上后面的domain name来进行解析。
第二、检查完毕sqlnet.ora,一般都会发现是使用tnsname来解析别名的,那么,tnsnames.ora中可以有哪些配置种类呢?
另外需要注意的2点情况:
(1)如果tnsnames中的service_name配置错误,配置成了instance_name了,这个时候会发生tnsping能通,但是 sqlplus连接不上的奇怪情况。报错ORA-12514: TNS:listener could not resolve SERVICE_NAME given in connect descriptor。这个时候查错的时候,需要检查对应的service_name。
(2)如果远程数据库是rac,而且本地客户端端远程数据库处于不同的网段,通过公网链接,rac对外的ip映射只有一个,即只映射到一个节点。请注意在 客户端配置tnsnames的时候按照单机的情况来配置。呵呵,dba不仅仅要学习oracle,了解一些网络的知识,特别是自己系统的网络架构,也是需 要的。
第三、listener.ora、
一个完整实例:服务端
======================================================================
sqlnet.ora
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
=================================
tnsnames.ora
MYWEEK =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost.localdomain)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = myweek)
)
)
=============================================
listener.ora:
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /opt/oracle/product/10g)
(PROGRAM = extproc)
)
(SID_DESC =
(GLOBAL_DBNAME = week)
(ORACLE_HOME = /opt/oracle/product/10g)
(SID_NAME = week)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost.localdomain)(PORT = 1521))
)
)
客户端:
tnsnames.ora
==========================================
week =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.56.102)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = week)
)
)
==============================================
本文出自 “旅游人生” 博客,谢绝转载!