作者:林志岳小行克元 | 来源:互联网 | 2023-06-06 18:36
前言:近期处理了一起Oracle19c集群sysbackup用户登陆随机报错ORA-01017:invalidusernamepassword;logondenied的问题�
前言:
近期处理了一起Oracle 19c集群sysbackup用户登陆随机报错ORA-01017: invalid username/password; logon denied的问题,后面分析发现是由于集群密码文件没有共享,两个节点的密码文件不一致,导致用户通过scan ip随机分发节点时,连接到了错误密码所在的节点,进而产生了ORA-01017。
问题现象:
集群sysbackup用户登陆节点随机报错ORA-01017: invalid username/password; logon denied
问题原因:
用户进行配置sysbackup用户的操作,但由于集群密码文件没有共享,导致两个节点的密码文件不一致,在用户通过scan ip随机分发节点时,连接到了错误密码所在的节点,进而产生了ORA-01017。
问题解决:
方法一:在集群每个节点同时执行配置sysbackup的操作,确保节点密码文件一致
alter user testbackup identified by testbackup;
grant sysbackup to testbackup;
方法二:将正确节点的密码文件拷贝到其他节点,确保集群节点密码文件配置一致
scp $ORACLE_HOME/dbs/orapworcl1 node2@:$ORACLE_HOME/dbs/orapworcl2
方法三:将密码文件设置为asm共享文件
orapwd input_file='/u01/app/oracle/product/19.0.0/db_1/dbs/orapworcl1' file='+DATADG/ORCL/orapworcl' asm=y force=y
---不需要重启数据库,密码文件会自己切换到asm路径下,可以通过GV$PASSWORDFILE_INFO进行验证
问题分析:
在节点一node1创建备份用户testbackup
create user testbackup identified by testbackup;
grant connect,resource,sysbackup to testbackup;
测试用户登陆,会出现随机登陆失败的情况
---通过scan_ip,第一次登陆成功
[oracle@node1 /u01/app/oracle/product/19.0.0/db_1/network/admin ]$ sqlplus testbackup/testbackup@orcl as sysbackup
SQL*Plus: Release 19.0.0.0.0 - Production on Mon Jul 18 17:21:28 2022
Version 19.3.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0
SQL>
SQL>
SQL> exit
Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0
---通过scan_ip,第二次登陆失败,报ORA-01017: invalid username/password; logon denied
[oracle@node1 /u01/app/oracle/product/19.0.0/db_1/network/admin ]$ sqlplus testbackup/testbackup@orcl as sysbackup
SQL*Plus: Release 19.0.0.0.0 - Production on Mon Jul 18 17:21:31 2022
Version 19.3.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
查看sysbackup用户密码文件的配置
---会发现,只有节点一node1有写入TESTBACKUP这个sysbackup的用户,节点二node2没有写入sysbackup用户1* select inst_id,username,sysbackup from gv$pwfile_users
INST_ID USERNAME SYSBA
---------- -------------------------------------------------------------------------------------------------------------------------------- -----1 SYS FALSE1 TESTBACKUP TRUE2 SYS FALSE
查看密码文件路径,可以发现密码文件都是节点本地存放
1* select * from GV$PASSWORDFILE_INFO
INST_ID FILE_NAME FORMAT IS_AS CON_ID
---------- ------------------------------------------------------------ ------ ----- ----------1 /u01/app/oracle/product/19.0.0/db_1/dbs/orapworcl1 12 FALSE 02 /u01/app/oracle/product/19.0.0/db_1/dbs/orapworcl2 12 FALSE 0
测试通过节点vip访问登陆,节点一vip登陆没有报错,节点二vip登陆有报错ora-01017,这进一步验证了节点二密码文件有问题
---通过节点一vip登陆没有报错
[oracle@node1 /u01/app/oracle/product/19.0.0/db_1/network/admin ]$ rman target /
Recovery Manager: Release 19.0.0.0.0 - Production on Mon Jul 18 17:26:30 2022
Version 19.3.0.0.0
Copyright (c) 1982, 2019, Oracle and/or its affiliates. All rights reserved.
RMAN> connect target 'testbackup/testbackup@node1-vip:1521/orcl as sysbackup'
connected to target database: ORCL (DBID=1632283697)
RMAN> exit
---通过节点二vip登陆报错ora-01017
[oracle@node1 /u01/app/oracle/product/19.0.0/db_1/network/admin ]$ rman target /
RMAN> connect target 'testbackup/testbackup@node2-vip:1521/orcl as sysbackup';
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
ORA-01017: invalid username/password; logon denied
RMAN> exit
在节点二node2执行节点一配置sysbackup的操作
SQL> alter user testbackup identified by testbackup;
SQL> grant sysbackup to testbackup;
Grant succeeded.
SQL> select * from gv$pwfile_users;
INST_ID USERNAME SYSDB SYSOP SYSAS SYSBA SYSDG SYSKM ACCOUNT_STATUS PASSWORD_PROFILE
---------- -------------------------------------------------------------------------------------------------------------------------------- ----- ----- ----- ----- ----- ----- ------------------------------ --------------------------------------------------------------------------------------------------------------------------------
LAST_LOGIN LOCK_DATE EXPIRY_DA
--------------------------------------------------------------------------- --------- ---------
EXTERNAL_NAME
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
AUTHENTI COM CON_ID
-------- --- ----------2 SYS TRUE TRUE FALSE FALSE FALSE FALSE OPEN
PASSWORD NO 02 TESTBACKUP FALSE FALSE FALSE TRUE FALSE FALSE OPEN
PASSWORD NO 0
1 SYS TRUE TRUE FALSE FALSE FALSE FALSE OPEN
PASSWORD NO 0
1 TESTBACKUP FALSE FALSE FALSE TRUE FALSE FALSE OPEN
PASSWORD NO 0
再次通过节点二vip进行登陆,连接成功
RMAN> connect target 'testbackup/testbackup@node2-vip:1521/orcl as sysbackup';
connected to target database: ORCL (DBID=1632283697)
RMAN> select sys_context('USERENV', 'CURRENT_SCHEMA') current_schema, sys_context('USERENV', 'SESSION_USER') session_user from dual;
using target database control file instead of recovery catalog
CURRENT_SCHEMA
--------------------------------------------------------------------------------
SESSION_USER
--------------------------------------------------------------------------------
SYS
SYSBACKUPRMAN> exit
总结:
sysbackup用户出现随机登陆失败ora-01017的原因为用户进行配置sysbackup用户的操作,但由于集群密码文件没有共享,导致两个节点的密码文件不一致,在用户通过scan ip随机分发节点时,连接到了错误密码所在的节点,进而产生了ORA-01017。
可以通过以下方法修复问题
方法一:在集群每个节点同时执行配置sysbackup的操作,确保节点密码文件一致。
方法二:将正确节点的密码文件拷贝到其他节点,确保集群节点密码文件配置一致。
方法三:将密码文件设置为asm共享文件。
![[大整数乘法] java代码实现](https://img1.php1.cn/3cd4a/24c6f/9f3/0133bb25da242824.jpeg)
京公网安备 11010802041100号