Configuring Oracle Net Services
This chapter decribes how to configure Oracle Net Services on AIX, HP, Linux, Solaris, and Tru64 systems. It contains
the following sections:
Location of Oracle Net Services Configuration Files
Adapters Utility
Oracle Protocol Support
Setting Up the Listener for TCP/IP or TCP/IP with SSL
Oracle Enterprise Manager
Configuring Oracle Intelligent Agent for Oracle SNMP
Oracle Advanced Security
Calling 32-Bit External Procedures from PL/SQL (AIX, HP, and Solaris 64-Bit Only)
Location of Oracle Net Services Configuration Files
Oracle Net Services configuration files are typically, but not always, located in the $ORACLE_HOME/network/admin
directory. Depending on the file, Oracle Net uses a different search order to locate the file.
The search order for the sqlnet.ora and ldap.ora files is as follows:
1. The directory specified by the TNS_ADMIN environment variable, if set
2. The $ORACLE_HOME/network/admin directory
The search order for the cman.ora, listener.ora, and tnsnames.ora files is as follows:
1. The directory specified by the TNS_ADMIN environment variable, if set
Oracle9i Administrator's Reference
Release 2 (9.2.0.1.0) for UNIX Systems: AIX-Based Systems, Compaq Tru64 UNIX,
HP 9000 Series HP-UX, Linux Intel, and Sun Solaris
Part No. A97297-01
Contents
Index
See Also:
Oracle9i Net Services Administrator's Guide for more information on Oracle networking.
2. One of the following directories:
3.
For Solaris systems, the/var/opt/oracle directory
For AIX, HP, Linux, and Tru64, the /etc directory
4. The $ORACLE_HOME/network/admin directory
For some system-level configuration files, users may have a corresponding user-level configuration file (stored in the
user's home directory). The settings in the user-level file override the settings in the system-level file. The following
table lists the system-level configuration files and the corresponding user-level configuration files:
Sample Configuration Files
The $ORACLE_HOME/network/admin/samples directory contains samples of the cman.ora, listener.ora,
names.ora, sqlnet.ora, and tnsnames.ora configuration files.
Adapters Utility
Use the adapters utility to display the transport protocols, naming methods, and Oracle Advanced Security options
that Oracle9i supports on your system. To use the adapters utility, enter the following commands:
$ cd $ORACLE_HOME/bin
$ adapters ./oracle
The adapters utility displays output similar to the following:
Oracle Net transport protocols linked with ./oracle are
IPC
BEQ
TCP/IP
SSL
RAW
Oracle Net naming methods linked with ./oracle are:
Local Naming (tnsnames.ora)
Oracle Directory Naming
Oracle Host Naming
Oracle Names Server Naming
NIS Naming
Oracle Advanced Security options linked with ./oracle are:
RC4 40-bit encryption
RC4 128-bit encryption
RC4 256-bit encryption
DES40 40-bit encryption
DES 56-bit encryption
System-Level Configuration File User-Level Configuration File
sqlnet.ora $HOME/.sqlnet.ora
tnsnames.ora $HOME/.tnsnames.ora
3DES 112-bit encryption
3DES 168-bit encryption
AES 128-bit encryption
AES 192-bit encryption
SHA crypto-checksumming (for FIPS)
SHA-1 crypto-checksumming
Kerberos v5 authentication
CyberSAFE authentication
RADIUS authentication
ENTRUST authentication
On the client, run the adapters utility to display the configured Oracle transport protocols, naming methods, and
security options on the system. To run the adapters utility on the client:
$ cd $ORACLE_HOME/bin
$ adapters
The adapters utility displays output similar to the following:
Installed Oracle Net transport protocols are:
IPC
BEQ
TCP/IP
SSL
RAW
Installed Oracle Net naming methods are:
Local Naming (tnsnames.ora)
Oracle Directory Naming
Oracle Host Naming
Oracle Names Server Naming
NIS Naming
Installed Oracle Advanced Security options are:
RC4 40-bit encryption
RC4 56-bit encryption
RC4 128-bit encryption
RC4 256-bit encryption
DES40 40-bit encryption
DES 56-bit encryption
3DES 112-bit encryption
3DES 168-bit encryption
AES 128-bit encryption
AES 192-bit encryption
AES 256-bit encryption
MD5 crypto-checksumming
SHA-1 crypto-checksumming
Kerberos v5 authentication
CyberSAFE authentication RADIUS authentication
See Also:
Oracle9i Net Services Administrator's Guide for more information on the adapters utility.
Oracle Protocol Support
Oracle protocol support is a component of Oracle Net. It includes the following:
IPC protocol support
TCP/IP protocol support
TCP/IP with SSL protocol support
The IPC, TCP/IP, and TCP/IP with SSL protocol supports each have an address specification that is used in Oracle Net
Services configuration files and in the DISPATCHER initialization parameter in the initsid.ora file. The following
sections describe the address specifications for each of the protocol supports.
IPC Protocol Support
The IPC protocol support can be used only when the client program and the Oracle9i server are installed on the same
system. This protocol support requires a listener for its operation. It is installed and linked to all client tools and to
Oracle9i.
The IPC protocol support requires an address specification in the following format:
(ADDRESS = (PROTOCOL=IPC) (KEY=key))
The following table describes the parameters used in this address specification:
The following shows a sample IPC protocol address:
(ADDRESS= (PROTOCOL=IPC) (KEY=PROD))
TCP/IP Protocol Support
TCP/IP is the standard communication protocol used for client/server communication over a network. The TCP/IP
protocol support enables communication between client programs and the Oracle9i server, whether they are installed on
the same or different systems. If the TCP/IP protocol is installed on your system, the TCP/IP protocol support is
installed and linked to all client tools and to Oracle9i.
The TCP/IP protocol support requires an address specification in the following format:
(ADDRESS = (PROTOCOL=TCP) (HOST=hostname) (PORT=port))
See Also:
Oracle9i Net Services Administrator's Guide for more information on Oracle protocol support.
Parameter Description
PROTOCOL The protocol to be used. The value is IPC. It is not case sensitive.
KEY Any name unique from any other name used for an IPC KEY on the same system.
The following table describes the parameters used in this address specification:
The following shows a sample TCP/IP protocol address:
(ADDRESS= (PROTOCOL=TCP)
(HOST=MADRID)
(PORT=1521))
TCP/IP with SSL Protocol Support
The TCP/IP with SSL protocol support enables an Oracle application on a client to communicate with remote Oracle
databases through TCP/IP and SSL. To use TCP/IP with SSL, Oracle Advanced Security must be installed.
The TCP/IP with SSL protocol support requires an address specification in the following format:
(ADDRESS = (PROTOCOL=TCPS) (HOST=hostname) (PORT=port))
The following table describes the parameters used in this address specification:
The following shows a sample TCP/IP with SSL protocol address:
(ADDRESS= (PROTOCOL=TCPS)
(HOST=MADRID)
(PORT=2484))
Setting Up the Listener for TCP/IP or TCP/IP with SSL
Oracle Corporation recommends that you reserve a port for the listener in the /etc/services file of each Oracle Net
Services node on the network. The default port is 1521. The entry lists the listener name and the port number, for
example:
oraclelistener 1521/tcp
In this example oraclelistener is the name of the listener, as defined in the listener.ora file. Reserve more than
one port if you intend to start more than one listener.
If you use intend to use SSL, you should define a port for TCP/IP with SSL in the /etc/services file. Oracle
Corporation recommends a value of 2484. For example:
Parameter Description
PROTOCOL The protocol support to be used. The value is TCP. It is not case sensitive.
HOST The host name or the host IP address.
PORT The TCP/IP port. Specify the port as either a number or the alias name mapped to the port in
the /etc/services file. Oracle Corporation recommends a value of 1521.
Parameter Description
PROTOCOL The protocol to be used. The value is TCPS. It is not case sensitive.
HOST The host name or the host IP address.
PORT The TCP/IP with SSL port. Specify the port as either a number or the alias name mapped to the port in
the /etc/services file. Oracle Corporation recommends a value of 2484.
oraclelistenerssl 2484/tcps
In this example oraclelistenerssl is the name of the listener, as defined in the listener.ora file. Reserve more
than one port if you intend to start more than one listener.
Oracle Enterprise Manager
Use the oratclsh executable to debug your Tcl scripts. Before executing oratclsh, set the TCL_LIBRARY
environment variable to specify the $ORACLE_HOME/network/agent/tcl directory.
Configuring Oracle Intelligent Agent for Oracle SNMP
Although Oracle Intelligent Agent does not require Simple Network Management Protocol (SNMP) to work, you can
configure Oracle SNMP support before starting the Intelligent Agent. Note that all of the configuration files for the
following steps are located in the $ORACLE_HOME/network/snmp/peer directory.
Configure the Master Agent
In the CONFIG.master file, make the following change:
1. Search for the line beginning with MANAGER.
2. Change the value of the MANAGER parameter to the IP address or hostname of the system where you want
SNMP trap messages sent.
You can also make other changes to the CONFIG.master file as documented within the file.
3. On AIX systems only, add the following line to the /etc/snmpd.conf file, where ip_address is the IP address
of the Oracle subagent:
smux 0.0 " " ip_address
Configure the Encapsulator
To configure the encapsulator, perform the following steps:
1. Add the following line to the snmpd.conf file, where hostname_or_IP_address represents the local system IP
address or host name:
trap hostname_or_IP_address
2. On AIX systems only, modify the port numbers specified for the NEW_SNMPD_PORT and
NEW_TRAPD_PORT variables in the start_peer script, if necessary.
The port number specified for the NEW_SNMPD_PORT variable must be different to the port number specified
for the NEW_TRAPD_PORT variable.
See Also:
Intelligent Agent User's Guide for more information on debugging Tcl scripts.
3. On all platforms except AIX, complete the following steps:
a. If necessary, modify the port number specified in the CONFIG.encap file. The default port number is 1161.
b. If you modified the port number in step a, change the value specified for the NEW_SNMPD_PORT
variable in the start_peer script to this port number.
c. If necessary, modify the value specified for the NEW_TRAPD_PORT variable.
This variable specifies the PEER encapsulator port to which the snmpd agent sends traps. This port number
must be different to the port number specified for the NEW_SNMPD_PORT variable.
Verify the Location of the SNMP Daemon in the start_peer Script
The start_peer script contains a line similar to the following, where snmpd_executable_path is the path of the
snmpd executable:
SNMPD=snmpd_executable_path
Make sure that snmpd_executable_path is the location of the snmpd executable on your system.
Start the SNMP Components
To start the SNMP components, perform the following steps:
1. Enter the following commands to verify that the SNMP components (master_peer, encap_peer, and snmpd) are
not running:
$ ps -aef grep peer
$ ps -aef grep snmp
If any of the components are running, log in as the root user and use the kill command to terminate the
processes before proceeding.
2. On AIX systems only, enter the following command as the root user to start the native AIX SNMP agent:
# startsrc -s snmpd "-f /tmp/snmpd.log"
This command starts the SNMP daemon and logs information in the /tmp/snmpd.log file.
3. On all platforms except AIX, complete the following steps:
a. As the root user, run the start_peer script to start the PEER master agent, PEER encapsulator, and
native UNIX SNMP agent:
# cd $ORACLE_HOME/network/snmp/peer
# ./start_peer -a
Note:
b. Enter the following commands to verify that the SNMP components are running:
# ps -aef grep peer
# ps -aef grep snmp
Configure and Start the Database Subagent
If you do not have the native UNIX SNMP agent on your system, yo must not use
the PEER encapsulator. To start the master agent only, enter start_peer -m.
For information on configuring and starting the database subagent (the Oracle Intelligent Agent), see the Oracle
Enterprise Manager Configuration Guide.
Oracle Advanced Security
When you install Oracle Advanced Security, three .bak files are created: naeet.o.bak, naect.o.bak, and
naedhs.o.bak. These files are located in the $ORACLE_HOME/lib directory. They are required for relinking during
deinstallation of Oracle Advanced Security. Do not delete them.
Calling 32-Bit External Procedures from PL/SQL (AIX, HP, and
Solaris 64-Bit Only)
The 64-bit Extproc executable (extproc) and the 32-bit Extproc executable (extproc32) are installed in the
$ORACLE_HOME/bin directory. By default, the extproc executable is enabled to run 64-bit external procedures. To
enable 32-bit external procedures:
1. Set the value of the PROGRAM parameter in the listener.ora file:
(PROGRAM=extproc32)
2. Include the $ORACLE_HOME/lib32 directory in one of the following environment variables, depending on your
platform:
3. Shut down and restart the listener.
Platform Environment Variable
AIX LIBPATH
HP SHLIB_PATH
Solaris 64-bit LD_LIBRARY_PATH
Note:
You can configure the listener to run either 32-bit or 64-bit external procedures, but not
both at the same time.
No comments:
Post a Comment