Operating System - HP-UX
1748122 Members
3573 Online
108758 Solutions
New Discussion юеВ

Re: TNS Configuration In ORACLE

 
NUTANKUMAR
Occasional Contributor

TNS Configuration In ORACLE

Hello to all ITRC Member,

I am having 8 server running different databases and are in LAN.
We can access the database of one server from other server throuh SQL*net.
How can I restrict the access to database from perticular Server(node).
Is it possible to restrict it at user level.


thanks
5 REPLIES 5
R.Suresh
Frequent Advisor

Re: TNS Configuration In ORACLE

Hi,

You want to disable a paticular server
contacting the particular database....

Remove the that database alias entry
from that server tnsnames.ora file.

Thanks
R.Suresh.
PDLS
Stefan Farrelly
Honored Contributor

Re: TNS Configuration In ORACLE


If you want to restrict it by user then best to use the /var/adm/inetd.sec file which allows you to allow/disallow by IP - as long as each user is using a different PC/IP. Check which tcp port sqlnet is using (1521?) and thats all you need to start adding entries into inetd.sec
Im from Palmerston North, New Zealand, but somehow ended up in London...
CHRIS ANORUO
Honored Contributor

Re: TNS Configuration In ORACLE


Yes,you can restrict the user from SAM too.
When We Seek To Discover The Best In Others, We Somehow Bring Out The Best In Ourselves.
Javier Ballesteros
Occasional Contributor

Re: TNS Configuration In ORACLE

Restricting access by /var/adm/inetd.sec to port 1521 (or whatever) doesn't work because this file prevents inetd to START a service to that port if the address is not allowed. But if the service is ALREADY RUNNING (as is the Oracle listener), inetd does allow the connection.
There is a file you can create to specify which machines (IP addresses) can access via SQL*Net your database (this works for Oracle 7.3.4, I don't know at later releases).

# su - oracle7
# cd $ORACLE_HOME/network/admin
# vi protocol.ora
tcp.validnode_checking = yes
ipc.validnode_checking = yes
tcp.invited_nodes = (IPaddress1, ... IPaddressN)
icp.invited_nodes = (IPaddress1, ... IPaddressN)
# chmod 644 protocol.ora
# lsnrctl // restart the listener to take this file into account
LSNRCTL> stop cgc
LSNRCTL> start cgc
LSNRCTL> quit

Hope this helps.
JosT M. del Rfo
Anonymous
Not applicable

Re: TNS Configuration In ORACLE

The following worked for oracle 8.1.6 :

create protocol.ora in $TNS_ADMIN directory with

tcp.excluded_nodes= (144.25.5.25,144.25.5.26,) (examples of IPs)
tcp.validnode_checking=yes

Stop and restart listener.ora

Rgds
Thomas

PS: feedback (and points ;-) appreciated.