1 2 Previous Next 17 Replies Latest reply: Jul 23, 2013 10:52 AM by user8871553 RSS

    Problems with credentials

    JoeZ
      Hi
      using credentials sseems to be easy, but I have problems using them in 11.2 on linux:
      This code is running without any problems:
      begin
      dbms_scheduler.create_job (job_name=>'TESTJOB',job_type=>'EXECUTABLE',job_action=> '/tmp/mytouch.sh',enabled=>TRUE);
      end;
      /
      In externaljobs.ora run_user is tomtester and rungroup tomtester as well.
      so I this my problems seems no to be a protection problem.

      For using credentials I have an OS user tomtester with tomtester as password. I can connect with the user and can execute /tmp/mytouch.sh without any problems.

      So I created a credential:

      begin
      dbms_scheduler.create_credential('MYCREDENTIAL','tomtester','tomtester');
      end;
      /

      And modify my job creation script to use this credential:

      begin
      dbms_scheduler.create_job (job_name=>'TESTJOB',job_type=>'EXECUTABLE',job_action=> '/tmp/mytouch.sh',enabled=>TRUE,credential_name=>'MYCREDENTIAL');
      end;
      /
      This job fails with error# 27370
      "EXTERNAL_LOG_ID="job_81737_5706",
      ORA-27369: Job vom Typ EXECUTABLE nicht erfolgreich mit Exit-Code: Argument list too long
      STANDARD_ERROR="Launching external job failed: Invalid username or password""

      Invalid user or password - why that? None of my OS users can execute any job. The error message is always Invalid user or password.
      Any ideas?
      Thanks in advance
      Joe
        • 1. Re: Problems with credentials
          RnR
          Hi Joe,

          If you are using a credential, externaljob.ora is not used. Instead the scheduler uses $ORACLE_HOME/bin/jssu to login to the operating system using the username and password specified in the credential.

          Here are some things to check

          - make sure the credential has been created with the right username and credential
          - make sure that you can su and sudo to the user
          - check the system or secure logs for login errors
          - if you are using linux or solaris make sure that pam is properly installed . In particular, make sure the file libpam.so exists and is a link to a valid existing file

          Hope this helps,
          Ravi.
          • 2. Re: Problems with credentials
            JoeZ
            Hi Ravi,

            thanks a lot! You are right, there was no link libpam.so -> libpam.so.0 (Ubuntu specfic problem? Installation problem? No idea)
            Now everything works fine!
            Thanks
            Joe
            • 3. Re: Problems with credentials
              833136
              I had the same prb on Linux Redhat (Oracle Developer Day VM).
              Same answer.

              after

              cd /lib
              ln -s libpam.so.0 libpam.so

              no more errors.

              Thanks Ravi.

              Regards,
              Vincent
              • 4. Re: Problems with credentials
                tbo
                And on a 64 bit server :
                ln -s /lib64/libpam.so.0 /lib64/libpam.so
                Thanks.
                • 5. Re: Problems with credentials
                  JoeZ
                  Hi

                  after upgrade to Ubuntu 11.04 I can't run external jobs any longer, even with the libpam.so link trick, which make it possible in ubuntu 10.04.
                  Now there is a new error message:

                  EXTERNAL_LOG_ID="job_78068_663",
                  ORA-27370: job slave failed to launch a job of type EXECUTABLE
                  ORA-27300: OS system dependent operation:accessing login executable failed with status: 2
                  ORA-27301: OS failure message: No such file or directory
                  ORA-27302: failure occurred at: sjseccel 1

                  I think ora-27300: "accessing login executable failed" is the deciding error. But how can I resolve this problem.
                  Here my little test job:
                  BEGIN
                  DBMS_SCHEDULER.CREATE_JOB ( job_name => 'my_job',
                  job_type => 'executable', job_action => '/tmp/test.sh', credential_name=>'TEST_CRE',
                  enabled => true, auto_drop => false );
                  END;
                  /

                  test.sh does a simple "touch /tmp/x.x"
                  It works fine with 11.2 on ubuntu 10.04, butfails with ubuntu 11.04.
                  Thanks all for help
                  Joe
                  • 6. Re: Problems with credentials
                    RnR
                    Hi,

                    What does "ls -l $ORACLE_HOME/bin/jssu" show ?

                    It should show a setuid root executable file accessible to the group that oracle runs as.

                    This error message indicates problems with the existence of or permissions on jssu.

                    -Ravi
                    • 7. Re: Problems with credentials
                      JoeZ
                      Hi
                      thanks a lot for your hint! jssu was missing! $ORACLE_HOME/relink and root.sh helped to fix it!
                      Best regards
                      Joe
                      • 8. Re: Problems with credentials
                        user358276
                        Hi Ravi,

                        Ajay Sinha here again.

                        libpam.so is missing. os is HP.

                        OS det ails - HP-UX knudwdbs B.11.31 U ia64 3952263949 unlimited-user license

                        Do we need libpam.so for HP also?

                        Kindly share your contact no if possible. My email id - sinhaa12@gmail.com

                        Please suggest.

                        Thanks
                        Ajay Sinha
                        • 9. Re: Problems with credentials
                          RnR
                          Hi Ajay,

                          I'd rather not post my user info here since this is a public board.

                          libpam.so is not needed for HP-UX , only for Linux and Solaris.

                          - Does an su to the user using that password work ?
                          - do any external jobs with that credential work ?

                          I don't have much experience with the HP-UX platform. It does not use libpam.so but it does use the jssu executable so it may be necessary to see if that is working.

                          -Ravi
                          • 10. Re: Problems with credentials
                            user358276
                            Hi Ravi,

                            Thanks Ravi for quick response.

                            Manual execution of script working fine. su also working fine with same user id and password mentioned in the credential creation statement.

                            Trace file -
                            Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production
                            With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP,
                            Data Mining and Real Application Testing options
                            ORACLE_HOME = /u01/app/oracle/product/11.2.0/dbhome_1
                            System name: HP-UX
                            Node name: knudwdbs
                            Release: B.11.31
                            Version: U
                            Machine: ia64
                            Instance name: DWUAT1
                            Redo thread mounted by this instance: 1
                            Oracle process number: 59
                            Unix process pid: 13258, image: oracle@knudwdbs2 (J000)


                            *** 2011-11-13 12:59:30.217
                            *** SESSION ID:(157.13309) 2011-11-13 12:59:30.217
                            *** CLIENT ID:() 2011-11-13 12:59:30.217
                            *** SERVICE NAME:(SYS$USERS) 2011-11-13 12:59:30.217
                            *** MODULE NAME:(DBMS_SCHEDULER) 2011-11-13 12:59:30.217
                            *** ACTION NAME:(AJAY_TEST) 2011-11-13 12:59:30.217

                            ORA-12012: error on auto execute of job "SYS"."AJAY_TEST"
                            ORA-27369: job of type EXECUTABLE failed with exit code: Arg list too long
                            Trace file /u01/app/oracle/diag/rdbms/dwuat_siteb/DWUAT1/trace/DWUAT1_j000_13258.trc
                            Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production
                            With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP,
                            Data Mining and Real Application Testing options
                            ORACLE_HOME = /u01/app/oracle/product/11.2.0/dbhome_1
                            System name: HP-UX
                            Node name: knudwdbs
                            Release: B.11.31
                            Version: U
                            Machine: ia64
                            Instance name: DWUAT1
                            Redo thread mounted by this instance: 1
                            Oracle process number: 63
                            Unix process pid: 13258, image: oracle@knudwdbs2 (J000)



                            Other details -

                            Oracle error message -

                            EXTERNAL_LOG_ID="job_806397_413600",
                            ORA-27369: job of type EXECUTABLE failed with exit code: Arg list too long
                            STANDARD_ERROR="Launching external job failed: Invalid username or password"

                            Oracle files being used for job execution -

                            knudwdbs2> ls -ltr $ORACLE_HOME/bin/jssu
                            -rwsr-x--- 1 root oinstall 83768 Nov 26 2010 /u01/app/oracle/product/11.2.0/dbhome_1/bin/jssu

                            knudwdbs2> cd $ORACLE_HOME/bin
                            knudwdbs2> ls -ltr ext*
                            -rwxr-xr-x 1 oracle oinstall 3069520 Oct 1 2010 extjoboO
                            -rwxr-xr-x 1 oracle oinstall 3069520 Oct 1 2010 extjobO
                            -rwxr-x--- 1 oracle oinstall 0 Oct 1 2010 extprocO
                            -rwxr-x--- 1 oracle oinstall 348 Nov 26 2010 extusrupgrade
                            -rwx------ 1 oracle oinstall 3068424 Nov 26 2010 extjobo
                            -rwsr-x--- 1 root oinstall 3068424 Nov 26 2010 extjob
                            -rwxr-x--x 1 oracle oinstall 81264 Nov 26 2010 extproc
                            knudwdbs2>

                            -rwsr-s--- 1 oracle asmadmin 534683872 Nov 26 2010 oracle


                            #######

                            knudwdbs2> cd $ORACLE_HOME/rdbms/admin
                            knudwdbs2> ls -ltr ext*
                            -rw-r----- 1 root oinstall 1534 Jan 26 2011 externaljob.ora
                            knudwdbs2> cat externaljob.ora
                            # $Header: externaljob.ora 16-dec-2005.20:47:13 rramkiss Exp $
                            #
                            # Copyright (c) 2005, Oracle. All rights reserved.
                            # NAME
                            # externaljob.ora
                            # FUNCTION
                            # This configuration file is used by dbms_scheduler when executing external
                            # (operating system) jobs. It contains the user and group to run external
                            # jobs as. It must only be writable by the owner and must be owned by root.
                            # If extjob is not setuid then the only allowable run_user
                            # is the user Oracle runs as and the only allowable run_group is the group
                            # Oracle runs as.
                            #
                            # NOTES
                            # For Porters: The user and group specified here should be a lowly privileged
                            # user and group for your platform. For Linux this is nobody
                            # and nobody.
                            # MODIFIED
                            # rramkiss 12/09/05 - Creation
                            #
                            ##############################################################################
                            # External job execution configuration file externaljob.ora
                            #
                            # This file is provided by Oracle Corporation to help you customize
                            # your RDBMS installation for your site. Important system parameters
                            # are discussed, and default settings given.
                            #
                            # This configuration file is used by dbms_scheduler when executing external
                            # (operating system) jobs. It contains the user and group to run external
                            # jobs as. It must only be writable by the owner and must be owned by root.
                            # If extjob is not setuid then the only allowable run_user
                            # is the user Oracle runs as and the only allowable run_group is the group
                            # Oracle runs as.

                            run_user = nobody
                            run_group = nobody
                            knudwdbs2>

                            ====

                            Any suggestion?

                            Thanks
                            Ajay
                            • 11. Re: Problems with credentials
                              RnR
                              Hi,

                              I don't think I can help much here. The key problem is that jssu is not able to login as the user you specified. The password could be wrong, or your OS could be configured not to allow jssu to login.

                              You can test jssu manually by doing this

                              jssu
                              username
                              password
                              1
                              /bin/echo
                              1
                              hi

                              You should see "hi" echoed without any error message. If this does not work with a valid username and password, you may need to pursue this through Oracle Support.

                              Thanks,
                              Ravi.
                              • 12. Re: Problems with credentials
                                phillips_chris
                                Hi,

                                I've no trouble using dbms_scheduler to run PLSQL jobs, but am having great difficulty getting a bash shell script to run.
                                I'm running on an 11G XE machine and have set up credentials which are correct - I can login using the unix username and password. The scheduled job fails with:

                                EXTERNAL_LOG_ID="job_33871_48432",
                                ORA-27369: job of type EXECUTABLE failed with exit code: Argument list too long
                                STANDARD_ERROR="Launching external job failed: Invalid username or password"

                                I've followed the suggestion in this thread about testing jssu and it's failing.
                                -bash-3.2$ ls -ltr $ORACLE_HOME/bin/jssu
                                -rwsr-x--- 1 root dba 43768 Dec 21 00:42 /u01/app/oracle/product/11.2.0/xe/bin/jssu
                                
                                -bash-3.2$ jssu
                                <username>
                                <password>
                                1
                                /bin/echo
                                1
                                helloyou
                                !@#--!@#7#@!--#@!-bash-3.2$
                                Can anybody confirm that this would cause the problem I'm getting.
                                Originally the jssu file was missing and my hosting company grabbed one from elsewhere. It looks as though there may be more than one version of jssu, is that possible?

                                Thanks,
                                Chris
                                • 13. Re: Problems with credentials
                                  RnR
                                  Hi,

                                  I don't have personal experience with external credential jobs on 11XE (if jssu is missing it will not even work out of the box).

                                  There are two things I would check

                                  - make sure you can "su" to the user using that password

                                  - make sure that libpam.so exists and is a valid link or file (normally to libpam.so.0 ) - see here Problems with credentials

                                  There are slightly different versions of jssu as bugs were fixed in later Database releases but they should all work with all database versions since the basic functionality never changed.

                                  Thanks,
                                  Ravi.
                                  • 14. Re: Problems with credentials
                                    phillips_chris
                                    Hi Ravi,

                                    Many thanks for that.
                                    I can su successfully using the username and password.

                                    The link was missing so I ran the following as root:
                                    cd /lib
                                    ln -s libpam.so.0 libpam.so
                                    and it successfully created the link.

                                    Unfortunately I'm still getting the following when I try to run a shell script:

                                    Run select additional_info from dba_scheduler_job_run_details in SQLDeveloper
                                    EXTERNAL_LOG_ID="job_33871_50800",
                                    ORA-27369: job of type EXECUTABLE failed with exit code: Argument list too long
                                    STANDARD_ERROR="Launching external job failed: Invalid username or password"
                                    I can't help thinking that the problem might still be with jssu, it doesn't echo 'Hi' just a series of # and @, as:
                                    -bash-3.2$ jssu
                                    myusername
                                    mypassword
                                    1
                                    /bin/echo
                                    1
                                    Hi
                                    !@#--!@#7#@!--#@!-bash-3.2$
                                    Could it be corrupt? Is there anything else I can try?

                                    Thanks,
                                    Chris
                                    1 2 Previous Next