Frank Goenninger DG1SBG
06-11-2004, 12:12 PM
Hi all:
I consistently get a
ORA-12641 / TNS-12641
error saying "Authentication service failed to initialize".
I double checked (well, more like a dozen times ;-) my config.
Here are the data:
SYSTEM INFO:
============
Debian/Linux Kernel 2.4.20
1GB RAM, SHMEN etc set as required.
IPCS output:
------ Shared Memory Segments --------
key shmid owner perms bytes nattch status
0x2e209fe4 28835840 oracle 640 255852544 30
------ Semaphore Arrays --------
key semid owner perms nsems
0x04617750 2031616 oracle 640 77
0x04617751 2064385 oracle 640 77
0x04617752 2097154 oracle 640 77
ORACLE INFO:
============
ORACLE 9i2 (9.2.0.1.0) running with JServer and Spatial options.
TNSNAMES.ORA (partly):
--------------------
EXTPROC_CONNECTION_DATA.DE.GOENNINGER.COM =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
)
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
)
)
K =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCPS)(HOST = kerberos.de.goenninger.com)(PORT = 1521))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = ORAKRB5)
)
)
DEGT001T =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (COMMUNITY = DEGT)(PROTOCOL = tcp)(HOST = stargate.de.goenninger.com)(PORT = 1521))
(ADDRESS = (PROTOCOL = ipc)(KEY = PNPKEY))
)
(SDU = 2048)
(CONNECT_DATA =
(SID = DEGT001T)
(GLOBAL_NAME = DEGT001T.GOENNINGER.COM)
)
)
SQLNET.ORA:
-----------
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = k
SQLNET.KERBEROS5_CONF = /etc/krb5.conf
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (SHA1, MD5)
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (SHA1)
SQLNET.AUTHENTICATION_SERVICES= (BEQ, KERBEROS5)
SQLNET.KERBEROS5_CC_NAME = /tmp/.krbcache_k
SQLNET.ENCRYPTION_TYPES_SERVER= (3DES168, 3DES112, AES256, RC4_256, AES128, AES192, DES, RC4_128)
SQLNET.KERBEROS5_CLOCKSKEW = 1500
SQLNET.KERBEROS5_KEYTAB = /etc/krb5.keytab
SQLNET.KERBEROS5_CONF_MIT = true
KERBEROS CONFIG:
================
Keytab file: /etc/krb5.keytab
Kerberos5 running and used as general login mechanism on that
server without problems.
REALM: STARGATE.DE.GOENNINGER.COM
host: stargate.de.goenninger.com
The following principals have been created:
k/stargate.de.goenninger.com@STARGATE.DE.GOENNINGER.COM
(used also as the service for Kerberos5 in Oracle9i2)
f@STARGATE.DE.GOENNINGER.COM
(used as the user to login to Oracle)
ERROR SCENARIO:
===============
First, I obtain a ticket for f@STARGATE.DE.GOENNINGER.COM with okinit -f.
That is going ok as oklist shows:
Kerberos Utilities for Linux: Version 9.2.0.1.0 - Production on 11-JUN-2004 22:04:09
Copyright (c) 1996, 2002 Oracle Corporation. All rights reserved.
Ticket cache: /tmp/.krbcache_k
Default principal: f@STARGATE.DE.GOENNINGER.COM
Valid Starting Expires Principal
11-Jun-2004 21:38:00 12-Jun-2004 05:37:57 krbtgt/STARGATE.DE.GOENNINGER.COM@STARGATE.DE.GOENNINGER.COM
When I issue the sqlplus command as published in Oracle literature,
sqlplus /@DEGT001T
I get the error
ERROR:
ORA-12641: Authentication service failed to initialize
LOG FILES:
==========
Listener log file shows:
11-JUN-2004 22:05:08 * (CONNECT_DATA=(SID=DEGT001T)(GLOBAL_NAME=DEGT001T.GOENNINGER.COM)(CID=(PROGRAM=)(HOST=stargate)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.2.102)(PORT=40567)) * establish * DEGT001T * 0
11-JUN-2004 22:05:45 * service_update * DEGT001T * 0
Hmm - Why USER=oracle ??? and why "* establish *" ???
Sqlnet.ora log file shows:
***********************************************************************
Fatal NI connect error 12641, connecting to:
(LOCAL=NO)
VERSION INFORMATION:
TNS for Linux: Version 9.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for Linux: Version 9.2.0.1.0 - Production
TCP/IP NT Protocol Adapter for Linux: Version 9.2.0.1.0 - Production
Time: 11-JUN-2004 22:05:08
Tracing not turned on.
Tns error struct:
nr err code: 0
ns main err code: 12641
TNS-12641: Authentication service failed to initialize
ns secondary err code: 0
nt main err code: 0
nt secondary err code: 0
nt OS err code: 0
This is all I have.
Any idea and support appreciated!
Thx!
Cheers,
Frank
I consistently get a
ORA-12641 / TNS-12641
error saying "Authentication service failed to initialize".
I double checked (well, more like a dozen times ;-) my config.
Here are the data:
SYSTEM INFO:
============
Debian/Linux Kernel 2.4.20
1GB RAM, SHMEN etc set as required.
IPCS output:
------ Shared Memory Segments --------
key shmid owner perms bytes nattch status
0x2e209fe4 28835840 oracle 640 255852544 30
------ Semaphore Arrays --------
key semid owner perms nsems
0x04617750 2031616 oracle 640 77
0x04617751 2064385 oracle 640 77
0x04617752 2097154 oracle 640 77
ORACLE INFO:
============
ORACLE 9i2 (9.2.0.1.0) running with JServer and Spatial options.
TNSNAMES.ORA (partly):
--------------------
EXTPROC_CONNECTION_DATA.DE.GOENNINGER.COM =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
)
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
)
)
K =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCPS)(HOST = kerberos.de.goenninger.com)(PORT = 1521))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = ORAKRB5)
)
)
DEGT001T =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (COMMUNITY = DEGT)(PROTOCOL = tcp)(HOST = stargate.de.goenninger.com)(PORT = 1521))
(ADDRESS = (PROTOCOL = ipc)(KEY = PNPKEY))
)
(SDU = 2048)
(CONNECT_DATA =
(SID = DEGT001T)
(GLOBAL_NAME = DEGT001T.GOENNINGER.COM)
)
)
SQLNET.ORA:
-----------
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = k
SQLNET.KERBEROS5_CONF = /etc/krb5.conf
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (SHA1, MD5)
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (SHA1)
SQLNET.AUTHENTICATION_SERVICES= (BEQ, KERBEROS5)
SQLNET.KERBEROS5_CC_NAME = /tmp/.krbcache_k
SQLNET.ENCRYPTION_TYPES_SERVER= (3DES168, 3DES112, AES256, RC4_256, AES128, AES192, DES, RC4_128)
SQLNET.KERBEROS5_CLOCKSKEW = 1500
SQLNET.KERBEROS5_KEYTAB = /etc/krb5.keytab
SQLNET.KERBEROS5_CONF_MIT = true
KERBEROS CONFIG:
================
Keytab file: /etc/krb5.keytab
Kerberos5 running and used as general login mechanism on that
server without problems.
REALM: STARGATE.DE.GOENNINGER.COM
host: stargate.de.goenninger.com
The following principals have been created:
k/stargate.de.goenninger.com@STARGATE.DE.GOENNINGER.COM
(used also as the service for Kerberos5 in Oracle9i2)
f@STARGATE.DE.GOENNINGER.COM
(used as the user to login to Oracle)
ERROR SCENARIO:
===============
First, I obtain a ticket for f@STARGATE.DE.GOENNINGER.COM with okinit -f.
That is going ok as oklist shows:
Kerberos Utilities for Linux: Version 9.2.0.1.0 - Production on 11-JUN-2004 22:04:09
Copyright (c) 1996, 2002 Oracle Corporation. All rights reserved.
Ticket cache: /tmp/.krbcache_k
Default principal: f@STARGATE.DE.GOENNINGER.COM
Valid Starting Expires Principal
11-Jun-2004 21:38:00 12-Jun-2004 05:37:57 krbtgt/STARGATE.DE.GOENNINGER.COM@STARGATE.DE.GOENNINGER.COM
When I issue the sqlplus command as published in Oracle literature,
sqlplus /@DEGT001T
I get the error
ERROR:
ORA-12641: Authentication service failed to initialize
LOG FILES:
==========
Listener log file shows:
11-JUN-2004 22:05:08 * (CONNECT_DATA=(SID=DEGT001T)(GLOBAL_NAME=DEGT001T.GOENNINGER.COM)(CID=(PROGRAM=)(HOST=stargate)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.2.102)(PORT=40567)) * establish * DEGT001T * 0
11-JUN-2004 22:05:45 * service_update * DEGT001T * 0
Hmm - Why USER=oracle ??? and why "* establish *" ???
Sqlnet.ora log file shows:
***********************************************************************
Fatal NI connect error 12641, connecting to:
(LOCAL=NO)
VERSION INFORMATION:
TNS for Linux: Version 9.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for Linux: Version 9.2.0.1.0 - Production
TCP/IP NT Protocol Adapter for Linux: Version 9.2.0.1.0 - Production
Time: 11-JUN-2004 22:05:08
Tracing not turned on.
Tns error struct:
nr err code: 0
ns main err code: 12641
TNS-12641: Authentication service failed to initialize
ns secondary err code: 0
nt main err code: 0
nt secondary err code: 0
nt OS err code: 0
This is all I have.
Any idea and support appreciated!
Thx!
Cheers,
Frank