ORA-12638錯誤的解決
?
??? 最近在SQL連接的時候,無緣無故就報ORA-12638錯誤。應該是權限的問題,但是似乎是哪里都沒有進行修改,很費解。到網上搜索了一下,發現這個問題的解決方法很簡單,但是主要是需要理解AUTHENTICATION_SERVICES參數的意義,在這里記錄一下。
?
?
ORA-12638: credential retrieval failed tips
Oracle Error Tips by Stephanie F.
?
?
The Oracle docs note this on the ora-12638 error:
?
ORA-12638: Credential retrieval failed??
Cause: The authentication service failed to retrieve the credentials of a user.
Action: Enable tracing to determine the exact error.
?
On the Oracle Technology Network Forums, a user is able to successfully resolve ORA-12638 after some help from repliers.? The original question was referring to a problem installing Oracle Designer, in which the user was thrown ORA-12638, when testing the connection, before the installation had even finished.
A replier pointed out to the user that ORA-12638 is "an Oracle database error, indicating that the Designer client was not able to connect to the database."
Though sometimes ORA-12638 can be resolved by restarting the database services in cases where Oracle on Windows is being used, although for this user it was not helpful.
?
However, the following direction was given, and once administered, was a successful resolution to ORA-12638:
?
Please check the sqlnet.ora file. Change the following entry and try, this will work.
?
Original Entry - SQLNET.AUTHENTICATION_SERVICES= (NTS)
Modified Entry - SQLNET.AUTHENTICATION_SERVICES= (NONE)
?
?
??? 從含義上來說,AUTHENTICATION_SERVICES= (NTS) 該參數值僅對Windows有用,且表示即可以用口令驗證,又可以用OS驗證來登錄Oracle,而(NONE)僅支持口令驗證。但是為什么設置為NTS時會造成登錄錯誤,這個問題就比較復雜了,可以看一下以下這篇博客的論述:
?
?
*******************************************************************
?
??? 前段時間在2003上裝測試數據庫, 有同事在連接時說報此錯誤, 我大致觀察揣摩的一下,發現一時間無法找到答案, 之后發現把數據庫的SQLNET.ORA文件中的此項SQLNET.AUTHENTICATION_SERVICES 注釋掉即可克服此錯誤,但具體原因也說不清楚,沒解決此問題,心里一直疙瘩著;前兩天想起此問題,用GOOGLE搜索了一下,在ITPUB 上發現一篇文章,說是把客戶端的SQLNET.ORA文件給刪除即可,試了一下,果真如此。但文章中的那人也解釋不清楚原因,后上METALINK問,ORACLE的技術人員給了兩篇文章讓我先閱讀。看完后作測試,才知道,對NTS的認證方式又多了一層了解。
?
ora-12638 錯誤的剖析
?
Site(A, Server) Windows 2003(已成為域控制器), oracle9206(opatch5)
Site(B, Client) windows 環境(2000,2003),oracle 數據庫或客戶端
?
Site(A),Site(B) 的oraclenetworkadmin目錄下都有文件sqlnet.ora
該文件中都有這一項 SQLNET.AUTHENTICATION_SERVICES= (NTS)
?
現象1、當Site(B)以域domain (此域不同于site(A)的域)身份登錄機器時,并且Site(A),Site(B) 中的sqlnet.ora 都有這一項 SQLNET.AUTHENTICATION_SERVICES 時,則會出現:
?
SQL> connect
scott/1@lenovo
ERROR:
ORA-12638: Credential retrieval failed
?
Warning: You are no longer connected to ORACLE.
SQL>
?
現象2、此時,若把客戶端Site(B) 的 sqlnet.ora文件中的這一項 SQLNET.AUTHENTICATION_SERVICES 還是被注釋掉#SQLNET.AUTHENTICATION_SERVICES= (NTS) 或 SQLNET.AUTHENTICATION_SERVICES= (NONE), 則均可以正常連接數據庫
?
現象3、當客戶端Site(B)以本機身份登錄時,則不論 Site(B) 的 sqlnet.ora文件中的這一項 SQLNET.AUTHENTICATION_SERVICES = (NTS) 還是被注釋掉#SQLNET.AUTHENTICATION_SERVICES= (NTS) 或 SQLNET.AUTHENTICATION_SERVICES= (NONE), 均可以正常連接數據庫
?
?
原因:Site(A)是域控制器(vsts.com),若Site(B)也以域(domain)身份登錄機器,并且Site(A),Site(B)都采用操作系統認證(NTS)方式,則需要雙方建立信任關系,要不就一方不采用(NTS)認證。如:
SQLNET.AUTHENTICATION_SERVICES=NONE 或#SQLNET.AUTHENTICATION_SERVICES=***
?
Oracle 解釋如下:
Either create trust between the two domains or change the client or server SQLNET.AUTHENTICATION_SERVICES such that NTS in not negotiated in the connection handshake. NTS is only negotiated if both client and server have SQLNET.AUTHENTICATION_SERVICES set to NTS.
?
i.e. SQLNET.AUTHENTICATION_SERVICES=NONE
?
解決方法:
1、對兩個域建信任關系(沒測試此方法)。
2、數據庫或客戶端的sqlnet.ora 中的 SQLNET.AUTHENTICATION_SERVICES=NONE或被注釋掉 #SQLNET.AUTHENTICATION_SERVICES。
?
鑒與生產環境,無法對兩個域建信任關系后作測試,無奈!
?
?