Flying Feather: When using a tool written by someone else to connect to the database, it prompts ORA-28040 error. After modifying it according to the online method, it prompts the password error ORA-01017. Finally, it was solved by the original blogger. Thank you very much. , Without the permission of the blogger, but the article is very good! Many benefits! study together!
2018-08-31 15:1510696 1 Original Oracle 18c
Link to this article: https://www.cnblogs.com/scoluo/p/13864672.html
The life cycle of Oracle 11g is over and 18c has been officially released. After installing Oracle 18c, if a client with a lower version connects to 18c, the following two errors will be reported:
ORA-28040: No matching authentication protocol
ORA-01017: invalid username/password; logon denied
They will appear one after another. When the ORA-28040 error is resolved, the ORA-01017 error will appear. Here to reproduce the error and provide a solution.
1. Reproduce the problem
Database server version:
[[email protected] dbs]$ sqlplus / as sysdba
SQL*Plus: Release 18.0.0.0.0 - Production on Mon Aug 27 06:42:49 2018
Version 18.3.0.0.0
Copyright (c) 1982, 2018, Oracle. All rights reserved.
Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0
Client 11.2.0.4, the connection is normal:
C:/Users/Dave>sqlplus system/[email protected]:1522/dave
SQL*Plus: Release 11.2.0.4.0 Production on Fri Aug 31 09:24:53 2018
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
SQL>
But 11.2.0.1 does not work:
D:/instantclient_11>sqlplus system/[email protected]:1522/dave
SQL*Plus: Release 11.2.0.1.0 Production on 星期五 8月 31 10:51:52 2018
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-28040: No matching authentication protocol
2. Handling ORA-28040 errors
According to the MOS document (ID 755605.1), the ORA-28040 error needs to be added in the sqlnet.ora file of the Oracle user (non-grid user):
SQLNET.ALLOWED_LOGON_VERSION=8
or use a higher version of the client.
But in fact, according to the MOS document (ID 2111876.1), in Oracle 12c and later versions, the
SQLNET.ALLOWED_LOGON_VERSION parameter has been deprecated, and the following two parameters should be used instead:
SQLNET.ALLOWED_LOGON_VERSION_SERVER = n
SQLNET.ALLOWED_LOGON_CLIENT = nVERSION_CLIENT = n
Here n defaults to 11. The first parameter is to activate when the client connects to the server, and the second is to activate when the client connects to other databases. For example, create a db link.
Other optional values are as follows:
12a | for Oracle Database 12c Release 1 (12.1) release 12.1.0.2 or later |
12 | for the critical patch updates CPUOct2012 and later Oracle Database 11g authentication protocols (recommended) |
11 | for Oracle Database 11g authentication protocols (default) |
10 | for Oracle Database 10g authentication protocols |
8 | for Oracle8i authentication protocol |
Modified here as follows:
[[email protected] admin]$ cat sqlnet.ora
# sqlnet.ora Network Configuration File: /u01/app/oracle/product/18.3.0/db_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SQLNET.ALLOWED_LOGON_VERSION_CLIENT=8
SQLNET.ALLOWED_LOGON_VERSION_SERVER=8
[[email protected] admin]$
The modification will take effect, and the following error will be reported in the connection:
C:/Users/Dave>sqlplus system/[email protected]:1522/dave
SQL*Plus: Release 11.2.0.1.0 Production on 星期五 8月 31 14:49:53 2018
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
3. Handling ORA-01017 error
From the error message, the user name or password is wrong. In fact, there is no problem with the user name and password. The problem here is that the sqlnet we configured does not take effect for the accounts that already existed before, and they still maintain the previous compatibility.
SQL> set pages 100
SQL> select username,password_versions from dba_users;
USERNAME PASSWORD_VERSIONS
------------------------------ ----------------------------------
SYS 11G 12C
SYSTEM 11G 12C
OUTLN 11G 12C
SYS$UMF 11G 12C
DBSNMP 11G 12C
APPQOSSYS 11G 12C
DBSFWUSER 11G 12C
GGSYS 11G 12C
The solution here is to modify the password for the user:
SQL> alter user sys identified by oracle;
User altered.
SQL> alter user system identified by oracle;
User altered.
View password version:
SQL> select username,password_versions from dba_users;
USERNAME PASSWORD_VERSIONS
------------------------------ ----------------------------------
SYS 11G 12C
SYSTEM 10G 11G 12C
Note that although SYS has not changed, 10G has been added to the version of SYSTEM. In fact, both users can now connect:
C:/Users/Dave>sqlplus system/[email protected]:1522/dave
SQL*Plus: Release 11.2.0.1.0 Production on 星期五 8月 31 14:58:35 2018
Copyright (c) 1982, 2010, Oracle. All rights reserved.
连接到:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
SQL>
C:/Users/Dave>sqlplus sys/[email protected]:1522/dave as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期五 8月 31 14:58:54 2018
Copyright (c) 1982, 2010, Oracle. All rights reserved.
连接到:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
SQL>
According to Oracle's official statement, this is a bug, so if you connect to 18c with a lower version of the client, you need to pay special attention to these two errors.