When connecting to Oracle 12c databases you may get
ERROR: ORA-28040: No matching authentication protocol
upon login.
The error is defined as follows:
28040, 0000, "No matching authentication protocol"
Cause: There was no acceptable authentication protocol for either client or server.
Action: The administrator should set the values of the SQLNET.ALLOWED_LOGON_VERSION_SERVER and SQLNET.ALLOWED_LOGON_VERSION_CLIENT parameters, on both the client and on the server, to values that match the minimum version software supported in the system. This error is also raised when the client is authenticating to a user account which was created without a verifier suitable for the client software version. In this situation, that account's password must be reset, in order for the required verifier to be generated and allow authentication to proceed successfully.
Solution: edit your $TNS_ADMIN/sqlnet.ora file to include this directive:
SQLNET.ALLOWED_LOGON_VERSION_SERVER=8
which will allow older clients to connect. Oracle claims that the default value after an upgrade to Oracle 12.1 is 11, but I have found that the parameter needs to be explicitly set in the server's sqlnet.ora file before older clients are allowed.
Note that the parameter SQLNET.ALLOWED_LOGON_VERSION_CLIENT is relevant only when the database server itself acts like a client against other database servers. Consequeltly, unless I know for certain that a database server is actually used as a client against other remote database servers, I will specify them like this for my Oracle 12c database servers:
SQLNET.ALLOWED_LOGON_VERSION_SERVER=11 SQLNET.ALLOWED_LOGON_VERSION_CLIENT=12
Check the Oracle documentation for more info
No comments:
Post a Comment