天天看点
返回

监听中sqlnet.ora的作用

sqlnet.ora最常用的两个功能是:

客户端起作用==连接方式 用于指定客户端的名称解析查询的命名方法的顺序。==>> NAMES.DIRECTORY_PATH=(tnsnames, onames, hostname)

服务端与客户端同时起作用==认证方式==>> SQLNET.AUTHENTICATION_SERVICES

sqlnet.ora内容作用详见官方文档:http://docs.oracle.com/cd/B19306_01/network.102/b14213/sqlnet.htm#NETRF006

配置sqlnet.ora限制IP访问Oracle   http://blog.csdn.net/leshami/article/details/6629141

一些重要参数及解释:

1.BEQUEATH_DETACH

控制unix系统中signal handling 的开关,默认是no,即signal handling 打开。

2.DEFAULT_SDU_SIZE

指定session data unit (SDU) 的大小,单位是bytes,建议在client端和server端都设置这个参数,确保链接的时候使用相同的SDU size,如果client端和server端配置的值不匹配会使用较小的。

3.LOG_DIRECTORY_CLIENT/LOG_DIRECTORY_SERVER

指定客户端/server端log日志文件的位置

4.NAMES.DEFAULT_DOMAIN

设定客户端解析名字的域

5.NAMES.DIRECTORY_PATH

指定client name解析方法的次序,默认是NAMES.DIRECTORY_PATH=(tnsnames, onames, hostname)

取值可以是tnsnames,ldap(dictionary server),hostname/ezconnect,cds (分布式环境下),nis (Network Information Service (NIS)

6.SQLNET_ALLOWED_LOGON_VERSIONS

指定运行链接的oracle的版本SQLNET_ALLOWED_LOGON_VERSIONS=(10,9,8)

7.SQLNET.AUTHENTICATION_SERVICES

指定启动一个或多个认证服务

Authentication Methods Available with Oracle Net Services:

none for no authentication methods. A valid username and password can be used to access the database.

all for all authentication methods

nts for Windows NT native authentication

8.SQLNET.INBOUND_CONNECT_TIMEOUT

指定客户端没有链接成功超时的时间。超时之后oracle会中断链接,同时报错。

9.SSL_VERSION

指定ssl链接的版本

10.TCP.EXCLUDED_NODES

指定不允许访问oracle的节点,可以使用主机名或者IP地址

11.TCP.INVITED_NODES

指定允许访问db的客户端,他的优先级比TCP.EXCLUDED_NODES高。

12.TCP.VALIDNODE_CHECKING

使用这个参数来启用上边的两个参数。

13.TNSPING.TRACE_DIRECTORY

使用这个参数指定tnsping trace文件的目录,默认是$ORACLE_HOME/network/trace目录

更多参数信息参见:Oracle Database Net Services Reference

##################

连接时解析查询的顺序方式实验: ==>> NAMES.DIRECTORY_PATH=(tnsnames, onames, hostname)

官方文档上的说明:Use the parameter NAMES.DIRECTORY_PATH to specify the order of the naming methods used for client name resolution lookups.

NAMES.DIRECTORY_PATH==>>指定用于客户端命名方法的名称解析查询的顺序。不在此参数中的连接方式将不能用。

[[email protected] admin]$ cat tnsnames.ora

bys3 =

  (DESCRIPTION =

    (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.211)(PORT =1521))

    (CONNECT_DATA =

      (SERVER = DEDICATED)

      (SERVICE_NAME = bys3)

    )

  )

1.配置sqlnet.ora中包含:NAMES.DIRECTORY_PATH=(tnsnames),此时只能使用tnsnames中本地名,简易连接将报错

示例:

[[email protected] admin]$ vi sqlnet.ora

NAMES.DIRECTORY_PATH=(tnsnames)

~

[[email protected] admin]$ sqlplus bys/[email protected]   --使用本地名可以连接

SQL*Plus: Release 10.2.0.1.0 - Production on Fri Jan 17 11:13:16 2014

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> exit

[[email protected] admin]$ sqlplus bys/[email protected]:1521/bys3   --使用简易连接的方法,不能连

SQL*Plus: Release 10.2.0.1.0 - Production on Fri Jan 17 11:13:27 2014

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:

ORA-12154: TNS:could not resolve the connect identifier specified

2.配置sqlnet.ora中包含:NAMES.DIRECTORY_PATH=(tnsnames,ezconnect),此时使用tnsnames中本地名和简易连接都可以

[[email protected] admin]$ cat sqlnet.ora

NAMES.DIRECTORY_PATH=(tnsnames,ezconnect)

使用tnsnames中本地名和简易连接都可以

[[email protected] admin]$ sqlplus bys/[email protected]

SQL*Plus: Release 10.2.0.1.0 - Production on Fri Jan 17 11:18:47 2014

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>

[[email protected] admin]$ sqlplus bys/[email protected]:1521/bys3

SQL*Plus: Release 10.2.0.1.0 - Production on Fri Jan 17 11:13:59 2014

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> exit

#################################################

服务端与客户端同时起作用==认证方式==>> SQLNET.AUTHENTICATION_SERVICES

有三个参数:

    none for no authentication methods. A valid username and password can be used to access the database.

    all for all authentication methods

    nts for Windows NT native authentication  ---这个只对WINDOWS上有用了。

当客户端与服务端SQLNET.AUTHENTICATION_SERVICES=(ALL)无法 用AA/BB用户名密码登陆。有一边是NONE即可连接。

1.服务器端不配置SQLNET.ORA文件,在客户端配置SQLNET.AUTHENTICATION_SERVICES=(ALL),可以正常登陆。

[[email protected] admin]$ cat sqlnet.ora

NAMES.DIRECTORY_PATH=(tnsnames,ezconnect)

SQLNET.AUTHENTICATION_SERVICES=(ALL)

[[email protected] admin]$ sqlplus bys/[email protected]

SQL*Plus: Release 10.2.0.1.0 - Production on Fri Jan 17 11:24:45 2014

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>

2.当客户端与服务端同时配置:SQLNET.AUTHENTICATION_SERVICES=(ALL)无法用AA/BB用户名密码登陆

--接上一步实验:

[[email protected] admin]$ cat sqlnet.ora

SQLNET.AUTHENTICATION_SERVICES=(ALL)

从OCM1主机上测试:登陆报错:ORA-12641:

[[email protected] admin]$ sqlplus bys/[email protected]

SQL*Plus: Release 10.2.0.1.0 - Production on Fri Jan 17 11:27:29 2014

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:

ORA-12641: Authentication service failed to initialize

此时,将客户端或服务器的之一的sqlnet.ora 改为SQLNET.AUTHENTICATION_SERVICES=(NONE),即可连接--道理同上一步实验。

ORACLE实战 ORACLE Listener类问题
上一篇: 正式加入阿里巴巴!java功能测试面试题总结
下一篇: MySQL中的<=>比较运算符

继续阅读