Link to home
Start Free TrialLog in
Avatar of bomek
bomek

asked on

RADIUS authentification

Hello,

I'm trying to setup RADIUS authentification with Oracle 10g R2. Unfortunately, when i try to connect, i get this message:

ORA-12641: Authentication service failed to initialize

I also tried to follow this documentation: http://download.oracle.com/docs/cd/B19306_01/network.102/b14268/asoradus.htm#ASOAG040

But there is no "Oracle Advanced Security" in the choice list. Is it because it's not installed? Is there a way to install it on top of my current installation?

Thanks
ASKER CERTIFIED SOLUTION
Avatar of schwertner
schwertner
Flag of Antarctica image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of bomek
bomek

ASKER

Thanks, it did the trick. I'm now able to configure RADIUS through netmgr. But still, when i try to login with sqlplus, i get this error: ORA-12641: Authentication service failed to initialize.
Is it fresh installation of Oracle 10g?
What says

lsnrctl status
lsnrctl services
Avatar of bomek

ASKER

My radius.key was wrong.. After i fixed it, i got Oracle communicate with my radius server.

In my init.ora, i got those two options:
os_authent_prefix=""
remote_os_authent=FALSE

I created a user identified externally to which i granted connect role. When i'm connecting with this user, i get a logon denied from oracle and in the RADIUS log it says invalid password (i'm using the good password of course...).

My RADIUS server works fine with others services and the user i'm trying too.

And no, it's not a fresh Oracle 10g install. Our Oracle installation is on windows, how do i get the same result as "lsnrctl status"?

Good news!
Avatar of bomek

ASKER

Well, no, since i'm still not able to login..

I don't know why, but Oracle is not sending the password i typed to the RADIUS server.
Check for firewall.
Check for host name. port, protocol.
Avatar of bomek

ASKER

As i said, Oracle is able to communicate with the server (since i see the requests in the radius logs). The problem, password is always invalid. I've tried different users with very simple, normal and complicated passwords but none go through.

The radius server works perfectly with other services and with radius test tool (NTRadPing). Oracle is obviously doing something with the password i enter before it send it to the radius server.
Avatar of bomek

ASKER

I finally found the response, the secret was too long for oracle. I shorten it to 16 characters and it works.