Blog - comments

Can someone please forward me all the netbackup commands with detail information I want CLI.

Shekhar D

thanks like it

internet shop
Thanks,I have installed AV server successfully but agent deployment failed on windows2008 OS. After ...
Silvere
Hi Eyal, thanks for your comment. I'm not sure to understand what you mean by predicate here but let...
Hi Greg, thanks for your comment. No, it doesn't matter because dbcc checkdb will issue an internal ...
Blog Gregory Steulet Errors while installing Oracle Database Vault on Oracle 11.2.0.3

dbi services Blog

Welcome to the dbi services Blog! This IT blog focuses on database, middleware, and OS technologies such as Oracle, Microsoft SQL Server & SharePoint, EMC Documentum, MySQL, PostgreSQL, Sybase, Unix/Linux, etc. The dbi services blog represents the view of our consultants, not necessarily that of dbi services. Feel free to comment on our blog postings.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.

Errors while installing Oracle Database Vault on Oracle 11.2.0.3

During one of my last consulting missions, I had to install Oracle Database Vault on an existing Oracle environment. It clearly was not a straigthforward process, since I experienced some weird errors such as: ORA-28003: password verification for the specified password failed, ORA-20001: Password length less than 8, and ORA-01917: user or role 'LBACSYS' does not exist.

After having a look at several log files, I found the root causes of this error. Below, you will find a solution in order to bypass this pitfall.

First of all, let's start by checking that Oracle Database Vault has not been compiled with the current Oracle binaries:

 

SQL> select * from v$option where parameter like '%Oracle Database Vault%'

PARAMETER                 VALUE
------------------------- --------------------------------
Oracle Database Vault      False

 

In order to be able to compile Oracle with the Database Vault option, it is mandatory to install Oracle Label Security first. For both components, we can use chopt:

 

myserver:/users/dba/oracle> chopt enable lbac
myserver:/users/dba/oracle> chopt enable dv

 

For additional information on the chopt command, please have a look on Yann Neuhaus blog.

Once your Oracle binaries are compiled with both components, we can proceed with DBCA (DataBase Configuration Assistant):

 

1. Select "Configure Database Options":

 

Oracle Database Vault installation


2. Select the database where you want to configure Database Vault:

 

Oracle Database Vault installation


3. Tick the radio button "Configure Database for local management":

 

DBCA003

 

4. Select the option that fits your Directory Service needs best - in my case: "No, keep the database registrated":

 

DBCA004

 

5. Select Oracle "Label Security", "Enterprise Manager Repository" and "Oracle Database Vault":

 

Oracle Database Vault installation

 

6. Create a Database Vault Owner with his dedicated password and optionally a Separate Account Manager. You can find more information regarding Database Vault access rights policy on Oracle Documentation on the following address: http://docs.oracle.com/cd/E11882_01/server.112/e23090/getting_started.htm

 

DBCA006

 

7. Set the DBSNMP and SYSMAN passwords:

 

DBCA007

 

8. Select the connection mode that fits your needs best. In my case it is "Dedicated Server Mode":

 

DBCA008

 

9. A first pop-up appears, informing you that the database will be restarted:

 

DBCA009

 

10. A second pop-up appears, informing you about the database where the operations will be performed:

 

confirmation

 

It is possible that you experience the following errors during this installation:

  • ORA-28003: password verification for the specified password failed
  • ORA-20001: Password length less than 8

 

ORA-28003: password verification for the specified password failed


ORA-01917: user or role 'LBACSYS' does not exist

 

ORA-01917: user or role 'LBACSYS' does not exist

 

This error is due to the fact that Oracle is not compliant with its own security policy:

 

myserver:/u00/app/oracle/cfgtoollogs/dbca/souk> more labelSecurity.log

CREATE USER LBACSYS IDENTIFIED BY LBACSYS DEFAULT TABLESPACE SYSTEM*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20001: Password length less than 8

 

If you have such an error simply disable the password_very_function as described below:

 

SQL> alter profile default limit password_very_function NULL;
SQL> select profile, resource_name, limit from dba_profiles where resource_name like '%VERIFY_FUNCTION%';
                     
PROFILE              RESOURCE_NAME                        LIMIT
-----------------  -----------------------------------  ----------
DEFAULT             PASSWORD_VERIFY_FUNCTION   NULL

 

Once the security policy disabled, you can proceed with the Database Vault installation as explained in the beginning of this blog posting. At the end of the installation please simply reactivate the password verify function as described below:

 

SQL> @/u00/app/oracle/product/11.2.0.3.0/rdbms/admin/utlpwdmg.sql

Function created.

Profile altered.

Function created.

 

You should then verify that the password very function really is activated:

 

SQL> select profile, resource_name, limit from dba_profiles where resource_name like '%VERIFY_FUNCTION%';

PROFILE        RESOURCE_NAME              LIMIT

-------------- -------------------------- ----------------------

DEFAULT        PASSWORD_VERIFY_FUNCTION   VERIFY_FUNCTION_11G

 

I hope this will help you to install Oracle Database Vault successfuly!

Rate this blog entry:
1

Grégory Steulet  is Chief Financial Officer (CFO) and Region Manager at dbi services. He has more than ten years of experience in database and infrastructure management, engineering, and optimization. He is specialized in Oracle technologies and high availability solutions (Oracle DataGuard, Data Replication Block Device). His expertise also includes Avaloq banking applications, as well as the open source field (MySQL, Unix/Linux, etc.). Grégory Steulet is "Oracle Certified Professional 10g", "MySQL Cluster 5.1 Certified", and "Avaloq Certified Professional 2.6". Prior to joining dbi services, Grégory Steulet was Senior Consultant at Trivadis in Lausanne. He also worked as IT Administrator at Box Telecom in Miami Beach, Florida (USA). Grégory Steulet has an Executive MBA from the International Institute of Management in Technology, Fribourg (CH). He also holds a Bachelor's Degree in Business Administration and Computer Science from the University of Applied Sciences Western Switzerland. His branch-related experience covers Telecommunications, Financial Services / Banking, Logistics, Pharma etc.

Comments

Leave your comment

Guest Saturday, 23 August 2014
AddThis Social Bookmark Button
Deutsch (DE-CH-AT)   French (Fr)

Contact

Contact us now!

Send us your request!

Our workshops

dbi FlexService SLA - ISO 20000 certified.

dbi FlexService SLA ISO 20000

Expert insight from insiders!

Fixed Price Services

dbi FlexService SLA - ISO 20000 certified.

dbi FlexService SLA ISO 20000

A safe investment: our IT services at fixed prices!

Your flexible SLA

dbi FlexService SLA - ISO 20000 certified.

dbi FlexService SLA ISO 20000

ISO 20000 certified & freely customizable!

dbi services Newsletter