I've just finished installing Virtuoso's opensource package and I'm running the web gui called Conductor.
It requires a login, but I don't think there was anything about setting that up during install.
is there a default un / pass for this? if now, how do I set one?
According to their documentation, you can log in initially as:
username: dba
password: dba
Edit: i also found that there are two different default users setup:
There are two system users of immediate importance:
dba -- the relational data administrative account
dav --the WebDAV adminstrative account.
By default each of these accounts has
its password set the same as its username. It is strongly advised that
you change these as soon as possible for obvious security reasons.
http://ods.openlinksw.com/wiki/main/Main/VOSUbuntuNotes#Using%20Virtuoso
There are supposedly several default users set up, per Section 3.1.1 Default Passwords of their documentation (dba, dav, vad, demo, soap, fori), but dba and dav are the critical ones to change. Note: I don't actually see the other users under the Ubuntu Xenial virtuoso package (version 6.1.6+repack-0ubuntu5)
That page also has the isql syntax to change the password (only for the logged in user, ie, dba) on the command line:
This can be changed using the Interactive SQL utility. When started without parameters, the ISQL tries to log on as dba with the default password. The SQL statement to change a user's password is:
set password <old password> <new password>
The password is an identifier, so take care to use proper quotation.
Related
In the case of implementation of the monitoring database oracle control method requires a standard application username and password explicitly. How to bypass the need to enter in clear text password to log into the database oracle, which is visible in the screen OP5 Monitor and Nagios configuration file system.?
There are several possibilities.
Generic solution
Use the $USERnn$ macros, which are defined in resources.cfg. More information on how to use this feature: https://kb.op5.com/display/DOC/Macros#Macros-Custommacros
The USER macros are not visible in the graphical user interface, but can be read by anyone having access to the resources.cfg configuration file.
For Naemon documentation on user macros see http://www.naemon.org/documentation/usersguide/macrolist.html#user
Specific solution for the check_oracle plugin (if that is what you are using)
Specify the credentials in an auth file. From the help text for the plugin:
-f <auth-file> can be used instead of -u <username> -p <password>. If both
options are used the <auth-file> will override -u/-p. The <authfile> should
be a textfile (readable by the nrpe-user) containing two rows. File format:
username=<username>
password=<password>
Solution specific to OP5 Monitor
Use custom variables prefixed with OP5SECRET. Unfortunately, these are not very well documented, but take a look at the Standalone VMware ESXi virtualization host management pack which uses this feature.
Full disclosure: I work as Development Team Lead at OP5.
I have a requirement of binding linux clients to Windows Server 2012 Active Directory. I have a test environment where I successfully did that both with samba-winbind-kerberos, and with nslcd, using a user to authenticate. However, when using samba-winbind-kerberos, I was able to achieve this without extending the AD schema to include UNIX attributes (UID/GID, Home directory, shell), because smb.conf have an option to idmap, specifying a starting range
idmap config *:range = 11000-20000
and this will take care of unix mapping of UID/GID of AD users.
If I do not enable UNIX attributes in AD, I will get an error in nslcd debug log, that says
uidNumber: missing
Is there any way to use the same feature in nslcd/libnss_ldap, so that I do not have to extend the AD schema on the Windows server 2012? I do not prefer to use samba on a production environment because of its remote code execution vulnerability.
This is not possible right now. There is no id mapping available for nslcd according to their documentation, and this requires your AD schema to be extended to have unix attributes.
Using CentOS Linux release 7.4.1708 (Core) with nslcd version 0.8.13 against Windows 2016 AD without any schema extension, I was able to configure this and get it working properly today.
I've followed mainly the Serverfault article "LDAP authentication on CentOS 7" and had to use in /etc/nslcd.conf the section Alternative mappings for Active Directory and to replace the SIDs in the objectSid mappings with the value for your domain.
To "Get SID by its objectSid using ldapsearch" I've used the linked script.
Other mapping were set to
filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer)))
map passwd uid sAMAccountName
map passwd uidNumber objectSid:<yourValue>
map passwd gidNumber primaryGroupID
map passwd homeDirectory "/home/$sAMAccountName"
map passwd gecos displayName
map passwd loginShell "/bin/bash"
map group gidNumber primaryGroupID
just a simple question...
Is there any possible way to set up firebird so that you don't have to use a user and password
to access the databases on the Server?
I am using Ubuntu Server 14.10 running Firebird superclassic V2.5
Most likely the credentials used by TA+ are not defined in Firebird's user database security2.fdb.
How is Firebird installed on your Windows and your linux system? Did you use a package provided by ScanSafe or is it a vanilla (that is a not modified) Firebird?
Assuming that TA+ uses default Firebird credentials (user SYSDBA password masterkey) there is something to consider on linux installations:
In fact, on Linux a random password is generated for user SYSDBA when installing Firebird on linux.
You can view this password in file SYSDBA.password.
You can change the password of user SYSDBA (to masterkey) by running the scriptfile bin/changeDBAPassword.sh.
Try to set SYSDBA password to masterkey as described.
I simply ran this command:
sudo gsec
GSEC> modify SYSDBA -pw masterkey
the SQL changes automatically masterkey to masterke.
Then I connected TA+ with the syntax mentioned before:
serverip:/path/to/you/file.fdb
The program connects using the default credentials.
Database gets found and everything runs like it should be.
The error I got was caused because I forgot to use modify.
The connection was not possible because Linux uses a random password for firebird databases, Windows uses the standard password.
is it possible to configure the language of openAM 11.0 administration pages (beside setting the default language of my browser/operating system)?
Being new to openAM and trying to learn from tutorials and manuals is confusing when the admin UI is translated into German ;-)
Thanks,
Rainer.
The admin console is always being displayed in the same language as the authentication originally was performed with, so you should be able to see everything in english on the admin console if you authenticate at /openam/console?locale=en
You can change the default language by specifying the following JVM arguments before starting your app server :
-Duser.country=US -Duser.language=en
There is also one reference of the installation language that you might need to change, in the internal OpenDS used by OpenAM. I could not find any user interface to change the setting, so you must change it through LDAP.
Using any LDAP client, connect to the local LDAP on port 50389 using cn=Directory Manager and the password of the amAdmin account
open the following dn :
ou=server-default,ou=com-sun-identity-servers,ou=default,ou=GlobalConfig,ou=1.0,ou=iPlanetAMPlatformService,ou=services,dc=openam,dc=forgerock,dc=org
change the value of one of the sunKeyValue attributes :
serverconfig=com.iplanet.am.locale=en_US
In my case, this worked for me:
-Change in your web browser preferences the order of prefered languages, put the prefered language first (in firefox and Iexplorer there is a option with a list).
-Launch the server with the -Duser.language=en java option. ( JAVA_OPTS in setenvh.sh in my local Tomcat setup)
I had to change both options. Not only one.
See also:
https://backstage.forgerock.com/#!/docs/openam/12.0.0/install-guide/chap-custom-ui#lookup-for-ui-files
I'm struggling with the following error when starting up sqlplus as my regular user - say "scott".
$ sqlplus
SP2-1503: Unable to initialize Oracle call interface
SP2-0152: ORACLE may not be functioning properly
Environment is:
Oracle 11.2.0.2
OpenSuse Linux 11.1 (64bit)
Misc other detail:
Oracle installed and running on localhost
No tnsnames issues as can run sqlplus as oracle admin user
Database up and listener started (11.2.0.2 install).
user scott in database admin group (/etc/group)
user scott references correct 11.2.0.2 installation
This is most bizarre as I can happily run sqlplus as the oracle user (say "oraadmin") and user scott is registered in the oracle admin group. Additionally, I had no such problems with my previous Oracle install (10.2.0.7). My ~scott's $ORACLE_HOME references the 11.2.0.2 installation.
Comparing my 11.2.0.2 and 10.2.0.7 environments, I've noticed several libraries (including $ORACLE_HOME/lib/libsqlplus.so) have group read-only permissions (744) so have chmod'ded these.
Other than that, my $ORACLE_HOME/lib, $ORACLE_HOME/bin, $ORACLE_HOME/oracore and $ORACLE_HOME/rdbms all seem reasonable with sensible permissons.
N.B: There's a plethora of stuff on-line but, as is often the case, there's a lot of case-specific issues and mainly around different versions of Windows. Focusing mainly on comparing my envs. Besides, as far as I can tell, this question doesn't yet exist on SO so could be useful to start collating answers by environment. I'll report back any sensible findings.
If it is Windows 7, You can right click on SQL Plus or whatever software you using, I use Crystal Reports.
so to you would have to right click and Run as Administrator.
it fixed for me.
Fixed my particular issue...
User scott's $PATH still contained the ora11.1.0.7 bin. So, on starting sqlplus, I was running the ora11.1.0.7 sqlplus client against the 11.2.0.2 server. Think there may be more to it than that (i.e. I'd probably expect that client to work with that server) but that is the hub of the problem.
In my defence, my.bashrc sets the $PATH correctly so not yet sure what preempts it with the 11.1.0.7 version. Guess the sensible rule of thumb is to add my $ORACLE_HOME/bin to the front of the $PATH to ensure mine is found first, despite what else is set by whatever other environment config, as in
export PATH=$ORACLE_HOME/bin:$PATH
Yours, a little embarrassed but hopefully will be of help again to someone.
Some of the more useful sites...
Various Windows environments:
https://forums.oracle.com/forums/thread.jspa?threadID=338426
https://www.administrator.de/Zugriff_auf_OracleDB_(10i)_per_sql_plus_von_WTS_2003_(Servicepack_2).html
http://www.orafaq.com/forum/t/100549/2/
Linux environments:
http://databaseoracle.blogspot.com/2006/11/permitting-user-on-unix-linux-to-use.html
In Windows i found the solution ---
Assign the "Create global objects" user right to the non-Administrator account.
Go to Administrative Tools, and then click Local Security Policy.
Expand Local Policies, and then click User Rights Assignment.
In the right pane, double-click Create global objects.
In the Local Security Policy Setting dialog box, click Add.
In the Select Users or Group dialog box, click the user account that you want to add, click Add, and then click OK.
Click OK.