Databases Reference
In-Depth Information
client$ sqlplus -l ndebes/ secret@ten_tcp.world
SQL*Plus: Release 10.2.0.1.0 - Production on Fri Jul 13 02:06:33 2007
ERROR:
ORA-12537: TNS:connection closed
SP2-0751: Unable to connect to Oracle. Exiting SQL*Plus
Of course, translation of the client host name to an IP address with DNS, NIS, or other
method must be configured. IP addresses may also be used in the list of invited or excluded
hosts. If the TNS Listener trace level is at least USER , an entry like the following, which identifies
the client that was denied, is written to the TNS Listener trace file:
13-JUL-2007 02:21:02:109] nttvlser: valid node check on incoming node 88.215.114.53
13-JUL-2007 02:21:02:109] nttvlser: Denied Entry: 88.215.114.53
Setting the list of invited nodes in such a way that client.oradbpro.com is included and
running another reload enables the client to connect again.
dbserver$ cat sqlnet.ora
tcp.validnode_checking=yes
tcp.invited_nodes=(client.oradbpro.com)
dbserver$ lsnrctl reload
client$ sqlplus -l ndebes/ secret@ten_tcp.world
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
The successful connection by the client is logged as follows in the TNS Listener trace file:
[13-JUL-2007 02:24:44:789] nttvlser: valid node check on incoming node 88.215.114.53
[13-JUL-2007 02:24:44:789] nttvlser: Accepted Entry: 88.215.114.53
If tcp.invited_nodes is set, any node not mentioned in the list is denied access.
dbserver$ cat sqlnet.ora
tcp.validnode_checking=yes
tcp.invited_nodes=(192.168.0.1)
dbserver$ lsnrctl reload
client$ sqlplus -l ndebes/ secret@ten_tcp.world
SQL*Plus: Release 10.2.0.1.0 - Production on Fri Jul 13 02:06:33 2007
ERROR:
ORA-12537: TNS:connection closed
SP2-0751: Unable to connect to Oracle. Exiting SQL*Plus
Of course, the denied hosts also include the system where the TNS Listener is running,
such that subsequent LSNRCTL commands over TCP/IP fail. You need to include the local
system in tcp.invited_nodes to allow LSNRCTL commands over TCP/IP. Another method is to
use an IPC protocol entry as the first ADDRESS of the TNS Listener. This tells the LSNRCTL utility
to communicate with the TNS Listener using IPC, which is obviously exempt from TCP/IP valid
node checking. The next example shows a TNS Listener definition, which uses the IPC protocol
in the first ADDRESS entry:
 
Previous Page
Next Page
Secrets of the Oracle Database
Search WWH ::




Custom Search
Home