Informix

 View Only
Expand all | Collapse all

Trusted remote servers - fail to connect without password

  • 1.  Trusted remote servers - fail to connect without password

    Posted Mon February 28, 2022 05:03 AM

    Hello,

     

    I try to establish a trusted connection between two servers without success.

     

    Server 1 - configuration

    $INFORMIXSERVER         er1

    Hostname                           ids-er1

    IP                                            10.0.50.32

    /etc/hosts                           10.0.50.32      ids-er1

    10.0.50.33      ids-er2

     

    $INFORMIXDIR/etc/sqlhosts

    er1_shm                 onipcshm        ids-er1         er1

    g_er1                   group           -               -               i=1

    er1                     onsoctcp        ids-er1         sqlexec         g=g_er1

     

    g_er2                   group           -               -               i=2

    er2                     onsoctcp        ids-er2         sqlexec         g=g_er2

     

    Server 1 – trusted connection files

     

    ids-er1:/IDS/informix$ll etc/hosts.equiv

    -rw-------. 1 informix informix 9 Feb 27 15:03 etc/hosts.equiv

    ids-er1:/IDS/informix$cat etc/hosts.equiv

    ids-er2

    ids-er1:/IDS/informix$ll .rhosts

    -rw-------. 1 informix informix 8 Feb 27 15:08 .rhosts

    ids-er1:/IDS/informix$cat .rhosts

    ids-er2

    ids-er1:/IDS/informix$ll /etc/hosts.equiv

    -rw-------. 1 root root 17 Feb 27 14:47 /etc/hosts.equiv

    [root@ids-er1 ~]# cat /etc/hosts.equiv

    ids-er2 informix

     

    etc/onconfig

    REMOTE_SERVER_CFG ERtrust

     

    ids-er1:/IDS/informix$ll etc/ERtrust

    -rw-------. 1 informix informix 17 Feb 28 08:27 etc/ERtrust

    ids-er1:/IDS/informix$cat etc/ERtrust

    ids-er2 informix

     

     

    Server 2 - configuration

    $INFORMIXSERVER         er2

    Hostname                           ids-er2

    IP                                            10.0.50.33

    /etc/hosts                           10.0.50.33      ids-er2

    10.0.50.32      ids-er1

     

     

    $INFORMIXDIR/etc/sqlhosts

     

    er2_shm                 onipcshm        ids-er2         er2

    g_er2                   group           -               -               i=2

    er2                     onsoctcp        ids-er2         sqlexec         g=g_er2

     

    g_er1                   group           -               -               i=1

    er1                     onsoctcp        ids-er1         sqlexec         g=g_er1

     

    Server 2 – trusted connection files

     

    ids-er2:/IDS/informix$ll etc/hosts.equiv

    -rw-------. 1 informix informix 8 Feb 27 15:03 etc/hosts.equiv

    ids-er2:/IDS/informix$cat etc/hosts.equiv

    ids-er1

    ids-er2:/IDS/informix$ll .rhosts

    -rw-------. 1 informix informix 8 Feb 27 15:09 .rhosts

    ids-er2:/IDS/informix$cat .rhosts

    ids-er1

    ids-er2:/IDS/informix$ll /etc/hosts.equiv

    -rw-------. 1 root root 17 Feb 27 14:47 /etc/hosts.equiv

    [root@ids-er2 ~]# cat /etc/hosts.equiv

    ids-er1 informix

     

    etc/onconfig

    REMOTE_SERVER_CFG       ERtrust

     

    ids-er2:/IDS/informix$ll etc/ERtrust

    -rw-------. 1 informix informix 17 Feb 28 08:28 etc/ERtrust

    ids-er2:/IDS/informix$cat etc/ERtrust

    ids-er1 informix

     

     

    I added the files one by one.

    After every files I restart Informix (also reboot the system)

    On all files I tried with hostname or hostname + username

    But nothing helps, I can from dbaccess connect the remote db (both directions), but I have to give password.

     

    What I did wrong?

     

    Thanks



    ------------------------------
    Samuel
    ------------------------------

    #Informix


  • 2.  RE: Trusted remote servers - fail to connect without password

    IBM Champion
    Posted Mon February 28, 2022 05:16 AM
    Do you have S6_USE_REMOTE_SERVER_CFG set to 0 or 1?


    ------------------------------
    Mike Walker
    xDB Systems, Inc
    www.xdbsystems.com
    ------------------------------



  • 3.  RE: Trusted remote servers - fail to connect without password

    Posted Mon February 28, 2022 05:41 AM
    It was 0,
    But so why $INFORMIXDIR/etc/hosts.equiv doesn't work

    Anyway i put 1 and it s the same

    Thanks

    ------------------------------
    Sh To
    ------------------------------



  • 4.  RE: Trusted remote servers - fail to connect without password

    IBM Champion
    Posted Mon February 28, 2022 05:27 AM
    Hi Samuel,

    first of all, I think no IDS restart should be required after modifying any of those files.

    Then, "etc/hosts.equiv", which I guess would amount to $INFORMIXDIR/etc/hosts.equiv (?), would not be reckoginzed as anything configuring trust unless you'd point REMOTE_SERVER_CFG to it; but you seem to have this pointing to [$INFORMIXDIR/etc/]ERtrust instead which I'd consider recommended and sufficient (i.e. remove or empty /etc/hosts.equiv as this should be reserved for (nowadays outdated) OS utilities.)

    Can you post the error messages you're getting, in server message logs, when trying pw-less dbaccess connection?
    I'd assume they will contain FQDN, rather than mere host names, which I'd then also recommend putting into that trust file.

    HTH,
     Andreas

    ------------------------------
    Andreas Legner
    ------------------------------



  • 5.  RE: Trusted remote servers - fail to connect without password

    Posted Mon February 28, 2022 05:54 AM
    Hi

    About the restart i just want to be sure...
    It's on testing environment so it s not important.

    Yes, etc/hosts.equiv it's $INFORMIXDIR/etc/hosts.equiv

    Apparently it's not necessary to define the parameter REMOTE_USERS_CFG with $INFORMIXDIR/etc/hosts.equiv.
    (from onconfig about REMOTE_SERVER_CFG) If set to 0 then # the existing behaviour is used ($INFORMIXDIR/etc/hosts.equiv)

    I added /etc/sqlhosts only after it failed at every step before. ($INFORMIXDIR/etc/hosts.equiv , .rhosts)
    I now removed the file /etc/sqlhosts, and it s the same.

    I don't have an error message, as explained here
    https://www.ibm.com/support/pages/how-set-enterprise-replication-first-time
    I do
    dbaccess -> connection -> connect
    and i receive the message "PASSWORD >>" after entering the username

    What is the syntax to connect directly without password
    I should get the error message  with "onstat -m" ?

    Thanks

    ------------------------------
    Sh To
    ------------------------------



  • 6.  RE: Trusted remote servers - fail to connect without password

    Posted Mon February 28, 2022 06:45 AM
    So

    If i
    dbaccess stores_demo@er2
    From er1, it works
    (The other direction also)

    But it doesn't as explain here
    https://www.ibm.com/support/pages/how-set-enterprise-replication-first-time

    All computers involved in ER have a trusted relationship with each other. To determine if your host is trusted by the other host(s) in the ER system, run:
    dbaccess -> connection -> connect
    You should be able to connect to the Group Name and the Servername of the other host(s) without using a password.

    Thanks

    ------------------------------
    Sh To
    ------------------------------



  • 7.  RE: Trusted remote servers - fail to connect without password

    IBM Champion
    Posted Mon February 28, 2022 07:13 AM
    You're right, $INFORMIXDIR/etc/hosts.equiv would be used in addition to either /etc/hosts.equiv or what REMOTE_SERVER_CFG points to under $INFORMIXDIR/etc, unless S6_USE_REMOTE_SERVER_CFG is on in which only REMOTE_SERVER_CFG would be used.

    For passwordless connection testing using dbaccess you need to be the user you want to connect as, then run dbaccess -> connection -> connect -> choose server ->  enter at prompt for user (i.e. don't provide a user name).
    Or you simply run something like this for only establishing a quick short-lived connection:
    $ echo | dbaccess sysmaster@<target_server>

    ------------------------------
    Andreas Legner
    ------------------------------



  • 8.  RE: Trusted remote servers - fail to connect without password

    Posted Mon February 28, 2022 07:24 AM

    So this was my problem !
    >>> enter at prompt for user (i.e. don't provide a user name).

    It works

    Thanks a lot

    ------------------------------
    Sh To
    ------------------------------



  • 9.  RE: Trusted remote servers - fail to connect without password

    Posted Mon February 28, 2022 09:31 AM


    echo >> /etc/hosts  <<"EOF"

    10.0.50.33 ids-er2

    10.0.50.32 ids-er1
    EOF


    #use root user to do:
    cd /etc
    touch  hosts.equiv
    echo >> hosts.equiv <<"EOF"
    ids-er1  informix
    ids-er2  informix
    EOF

    only this is ok

    dbaccess->connect 



    ------------------------------
    ZhiWei Cui
    GBASE
    ------------------------------