Sample Header Ad - 728x90

invalid username/password; logon denied with kerberos authentication

0 votes
0 answers
715 views
oracle authentication active-directory kerberos
**I am attempting to configure Oracle with Kerberos. I have completed all of the necessary configurations and have obtained a ticket. However, when I run SQLPlus /@ORCL, I receive the following error:** C:\Users\Administrator>sqlplus /@ORCL SQL*Plus: Release 21.0.0.0.0 - Production on Wed Feb 21 05:42:04 2024 Version 21.3.0.0.0 Copyright (c) 1982, 2021, Oracle. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied **I am using a Windows machine that acts as both a server and a client. Below are all the details.** [okinit testuser] C:\Users\Administrator>sqlplus /@ORCL SQL*Plus: Release 21.0.0.0.0 - Production on Wed Feb 21 05:42:04 2024 Version 21.3.0.0.0 Copyright (c) 1982, 2021, Oracle. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied okinit C:\Users\Administrator>okinit testuser Kerberos Utilities for 64-bit Windows: Version 21.0.0.0.0 - Production on 21-FEB-2024 05:40:30 Copyright (c) 1996, 2021 Oracle. All rights reserved. Configuration file : C:\Windows\krb5.ini. Password for testuser@EXAMPLE.COM: [oklist] C:\Users\Administrator>oklist Kerberos Utilities for 64-bit Windows: Version 21.0.0.0.0 - Production on 21-FEB-2024 05:40:49 Copyright (c) 1996, 2021 Oracle. All rights reserved. Configuration file : C:\Windows\krb5.ini. Ticket cache: FILE:C:\Users\Administrator\Documents\kerberos\krb5cache Default principal: testuser@EXAMPLE.COM Valid starting Expires Service principal 02/21/24 05:40:33 02/21/24 15:40:33 krbtgt/EXAMPLE.COM@EXAMPLE.COM renew until 02/22/24 05:40:30 [sqlnet.ora file] SQLNET.AUTHENTICATION_SERVICES= (KERBEROS5, KERBEROS5PRE) SQLNET.KERBEROS5_KEYTAB = C:\Users\Administrator\Documents\keytab\keyfile.keytab SQLNET.KERBEROS5_CC_NAME = C:\Users\Administrator\Documents\kerberos\krb5cache SQLNET.KERBEROS5_CONF = C:\Windows\krb5.ini SQLNET.FALLBACK_AUTHENTICATION = TRUE SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = ORCL [krb5.ini] libdefaults] default_realm = EXAMPLE.COM forwardable = true clockskew = 6000 passwd_check_s_address = false [realms] EXAMPLE.COM = { kdc = hostname.EXAMPLE.COM admin_server = hostname.EXAMPLE.COM default_domain = EXAMPLE.COM } [domain_realm] .EXAMPLE.COM = EXAMPLE.COM EXAMPLE.COM = EXAMPLE.COM .example.com= EXAMPLE.COM example.com = EXAMPLE.COM [keytab generation cmd] ktpass /princ ORCL/hostname.example.com@EXAMPLE.COM /mapuser testuser@EXAMPLE.COM /crypto ALL /ptype KRB5_NT_PRINCIPAL /out C:\Users\Administrator\Documents\keytab\keyfile.keytab /pass password1
Asked by SK1 (1 rep)
Feb 22, 2024, 08:42 AM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Database Administrators

More questions tagged "oracle"
More questions tagged "authentication"
More questions tagged "active-directory"
Footer Ad - 728x90