日本免费高清视频-国产福利视频导航-黄色在线播放国产-天天操天天操天天操天天操|www.shdianci.com

學無先后,達者為師

網(wǎng)站首頁 編程語言 正文

Oracle 集群sysbackup用戶登陸隨機報錯ORA-01017

作者:牛牛的筆記 更新時間: 2022-07-19 編程語言

前言:

????????近期處理了一起Oracle 19c集群sysbackup用戶登陸隨機報錯ORA-01017: invalid username/password; logon denied的問題,后面分析發(fā)現(xiàn)是由于集群密碼文件沒有共享,兩個節(jié)點的密碼文件不一致,導致用戶通過scan ip隨機分發(fā)節(jié)點時,連接到了錯誤密碼所在的節(jié)點,進而產(chǎn)生了ORA-01017。

問題現(xiàn)象:

集群sysbackup用戶登陸節(jié)點隨機報錯ORA-01017: invalid username/password; logon denied

問題原因:

????????用戶進行配置sysbackup用戶的操作,但由于集群密碼文件沒有共享,導致兩個節(jié)點的密碼文件不一致,在用戶通過scan ip隨機分發(fā)節(jié)點時,連接到了錯誤密碼所在的節(jié)點,進而產(chǎn)生了ORA-01017。

問題解決:

方法一:在集群每個節(jié)點同時執(zhí)行配置sysbackup的操作,確保節(jié)點密碼文件一致

alter user testbackup identified by testbackup;
grant sysbackup to testbackup;

方法二:將正確節(jié)點的密碼文件拷貝到其他節(jié)點,確保集群節(jié)點密碼文件配置一致

scp $ORACLE_HOME/dbs/orapworcl1 node2@:$ORACLE_HOME/dbs/orapworcl2

方法三:將密碼文件設置為asm共享文件

orapwd input_file='/u01/app/oracle/product/19.0.0/db_1/dbs/orapworcl1' file='+DATADG/ORCL/orapworcl' asm=y  force=y
---不需要重啟數(shù)據(jù)庫,密碼文件會自己切換到asm路徑下,可以通過GV$PASSWORDFILE_INFO進行驗證

問題分析:

在節(jié)點一node1創(chuàng)建備份用戶testbackup

create user testbackup identified by testbackup;
grant connect,resource,sysbackup to testbackup;

測試用戶登陸,會出現(xiàn)隨機登陸失敗的情況

---通過scan_ip,第一次登陸成功
[oracle@node1 /u01/app/oracle/product/19.0.0/db_1/network/admin ]$ sqlplus testbackup/testbackup@orcl as sysbackup
?
SQL*Plus: Release 19.0.0.0.0 - Production on Mon Jul 18 17:21:28 2022
Version 19.3.0.0.0
?
Copyright (c) 1982, 2019, Oracle.  All rights reserved.
?
?
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0
?
SQL> 
SQL> 
SQL> exit
Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0
---通過scan_ip,第二次登陸失敗,報ORA-01017: invalid username/password; logon denied
[oracle@node1 /u01/app/oracle/product/19.0.0/db_1/network/admin ]$ sqlplus testbackup/testbackup@orcl as sysbackup
?
SQL*Plus: Release 19.0.0.0.0 - Production on Mon Jul 18 17:21:31 2022
Version 19.3.0.0.0
?
Copyright (c) 1982, 2019, Oracle.  All rights reserved.
?
ERROR:
ORA-01017: invalid username/password; logon denied
?
Enter user-name:

查看sysbackup用戶密碼文件的配置

---會發(fā)現(xiàn),只有節(jié)點一node1有寫入TESTBACKUP這個sysbackup的用戶,節(jié)點二node2沒有寫入sysbackup用戶
  1* select inst_id,username,sysbackup from gv$pwfile_users
?
   INST_ID USERNAME                                  SYSBA
---------- -------------------------------------------------------------------------------------------------------------------------------- -----
   1 SYS                                              FALSE
   1 TESTBACKUP                                       TRUE
   2 SYS                                              FALSE

查看密碼文件路徑,可以發(fā)現(xiàn)密碼文件都是節(jié)點本地存放

1* select * from GV$PASSWORDFILE_INFO
?
   INST_ID FILE_NAME              FORMAT IS_AS   CON_ID
---------- ------------------------------------------------------------ ------ ----- ----------
   1 /u01/app/oracle/product/19.0.0/db_1/dbs/orapworcl1    12     FALSE        0
   2 /u01/app/oracle/product/19.0.0/db_1/dbs/orapworcl2    12     FALSE        0

測試通過節(jié)點vip訪問登陸,節(jié)點一vip登陸沒有報錯,節(jié)點二vip登陸有報錯ora-01017,這進一步驗證了節(jié)點二密碼文件有問題

---通過節(jié)點一vip登陸沒有報錯
[oracle@node1 /u01/app/oracle/product/19.0.0/db_1/network/admin ]$ rman target /
?
Recovery Manager: Release 19.0.0.0.0 - Production on Mon Jul 18 17:26:30 2022
Version 19.3.0.0.0
?
Copyright (c) 1982, 2019, Oracle and/or its affiliates.  All rights reserved.
?
RMAN> connect target 'testbackup/testbackup@node1-vip:1521/orcl as sysbackup'
connected to target database: ORCL (DBID=1632283697)
RMAN> exit
?
---通過節(jié)點二vip登陸報錯ora-01017
[oracle@node1 /u01/app/oracle/product/19.0.0/db_1/network/admin ]$ rman target /
?
RMAN>  connect target 'testbackup/testbackup@node2-vip:1521/orcl as sysbackup';
?
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
ORA-01017: invalid username/password; logon denied
?
RMAN> exit
?

在節(jié)點二node2執(zhí)行節(jié)點一配置sysbackup的操作

SQL> alter user testbackup identified by testbackup;
SQL> grant sysbackup to testbackup;
?
Grant succeeded.
?
?
SQL>  select * from gv$pwfile_users;
?
   INST_ID USERNAME                                  SYSDB SYSOP SYSAS SYSBA SYSDG SYSKM ACCOUNT_STATUS           PASSWORD_PROFILE
---------- -------------------------------------------------------------------------------------------------------------------------------- ----- ----- ----- ----- ----- ----- ------------------------------ --------------------------------------------------------------------------------------------------------------------------------
LAST_LOGIN                    LOCK_DATE EXPIRY_DA
--------------------------------------------------------------------------- --------- ---------
EXTERNAL_NAME
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
AUTHENTI COM   CON_ID
-------- --- ----------
   2 SYS                                    TRUE  TRUE  FALSE FALSE FALSE FALSE OPEN
PASSWORD NO        0
   2 TESTBACKUP                                  FALSE FALSE FALSE TRUE  FALSE FALSE OPEN
PASSWORD NO        0
?
   1 SYS                                    TRUE  TRUE  FALSE FALSE FALSE FALSE OPEN
PASSWORD NO        0
?
   1 TESTBACKUP                                  FALSE FALSE FALSE TRUE  FALSE FALSE OPEN
PASSWORD NO        0

再次通過節(jié)點二vip進行登陸,連接成功

RMAN> connect target 'testbackup/testbackup@node2-vip:1521/orcl as sysbackup';
?
connected to target database: ORCL (DBID=1632283697)
?
RMAN>  select sys_context('USERENV', 'CURRENT_SCHEMA') current_schema, sys_context('USERENV', 'SESSION_USER') session_user from dual;
?
using target database control file instead of recovery catalog
?
?
CURRENT_SCHEMA                                                                  
--------------------------------------------------------------------------------
SESSION_USER                                                                    
--------------------------------------------------------------------------------
?
SYS
SYSBACKUP
 
RMAN> exit

總結:


???????sysbackup用戶出現(xiàn)隨機登陸失敗ora-01017的原因為用戶進行配置sysbackup用戶的操作,但由于集群密碼文件沒有共享,導致兩個節(jié)點的密碼文件不一致,在用戶通過scan ip隨機分發(fā)節(jié)點時,連接到了錯誤密碼所在的節(jié)點,進而產(chǎn)生了ORA-01017。
????????可以通過以下方法修復問題
????????方法一:在集群每個節(jié)點同時執(zhí)行配置sysbackup的操作,確保節(jié)點密碼文件一致。
????????方法二:將正確節(jié)點的密碼文件拷貝到其他節(jié)點,確保集群節(jié)點密碼文件配置一致。
????????方法三:將密碼文件設置為asm共享文件。

原文鏈接:https://blog.csdn.net/sinat_36757755/article/details/125857251

欄目分類
最近更新