Skip Headers

Oracle9i Database Platform Guide
Release 2 (9.2) for Windows
Part No. B10163-01
Go To Table Of Contents
Contents		 Go To Index
Index

Previous Next

C Oracle Net Services Configuration on Windows

This appendix describes Oracle Net Services configuration for Windows. For more generic information on Oracle Net Services configuration, see Oracle9i Net Services Administrator's Guide.

This appendix contains these topics:

Understanding Oracle Net Services Registry Parameters and Subkeys

The registry contains entries for Oracle Net Services parameters and subkeys. To successfully add or modify Oracle Net Services configuration parameters, you must understand where they are located and the rules that apply to them.

Oracle Net Service Subkeys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services contains subkeys that correspond to services. Depending on what is installed, your Oracle Net Services consist of all or a subset of the following:

  • OracleHOME_NAMEClientCache

  • OracleHOME_NAMECMAdmin

  • OracleHOME_NAMECMan

  • OracleHOME_NAMETNSListener

Each service subkey contains the parameters shown in Table C-1.

Table C-1 Service Subkey Parameters

Parameter Description
DisplayName Specifies service name.
ImagePath Specifies fully qualified path name of executable invoked by service and any command line arguments passed to executable at runtime.
ObjectName Specifies logon user account and computer to which service should log on.

Listener Requirements

In Oracle9i release 2 (9.2), the listener is set to start automatically at system restart. If you intend to use only the listener for all of your databases, ensure that only the Windows service for the listener, as listed in the Control Panel, is set to start automatically.

Oracle Corporation normally recommends that you only have a single net listener service running on a Windows computer at any one time. This single listener can support multiple databases. If you need to have two different net listener services running on a Windows computer at the same time, make sure that they are configured to listen on different TCP/IP port numbers.

If the same IP address and port are used for different listeners, you might expect that the second and subsequent listeners would fail to bind. Instead, Windows allows them all to listen on the same IP address and port, resulting in unexpected behavior of the listeners. This is a suspected Windows operating system problem with TCP/IP and has been reported to Microsoft.

Understanding Optional Configuration Parameters

You can use the following parameters on Windows:

Oracle Net Service first checks for the parameters as environment variables, and uses the values defined. If environment variables are not defined, it searches for these parameters in the registry.

LOCAL

You can use parameter LOCAL to connect to Oracle9i database without specifying a connect identifier in the connect string. The value of parameter LOCAL is any connect identifier, such as a net service name. For example, if parameter LOCAL is specified as finance, you can connect to a database from SQL*Plus with: 

SQL> CONNECT scott/tiger

rather than 

SQL> CONNECT scott/tiger@finance

Oracle Net checks if LOCAL is defined as an environment variable or as a parameter in the registry, and uses finance as the service name. If it exists, Oracle Net connects.

TNS_ADMIN

You can add parameter TNS_ADMIN to change the directory path of Oracle Net Services configuration files from the default location of ORACLE_HOME\network\admin. For example, if you set TNS_ADMIN to ORACLE_BASE\ORACLE_HOME\test\admin, the configuration files are used from ORACLE_BASE\ORACLE_HOME\test\admin.

USE_SHARED_SOCKET

You can set parameter USE_SHARED_SOCKET to true to enable use of shared sockets. If this parameter is set to true, the network listener passes the socket descriptor for client connections to the database thread. As a result, the client does not need to establish a new connection to the database thread and database connection time improves. Also, all database connections share the port number used by the network listener, which can be useful if you are setting up third-party proxy servers.

This parameter only works in dedicated server mode in a TCP/IP environment. If this parameter is set, you cannot use the 9.0 listener to spawn Oracle7 release 7.x databases. To spawn a dedicated server for an Oracle database not associated with the same Oracle home as the listener and have shared socket enabled, you must also set parameter USE_SHARED_SOCKET for both Oracle homes.

Advanced Network Configuration

The following sections describe advanced configuration procedures specifically for Oracle Net Services on Windows operating systems.

Configuring Authentication Method

Oracle Net Services provides authentication methods for Windows operating systems using Windows Native Authentication.

Configuring Security for Named Pipes Protocol

The network listener service may be unable to open the Named Pipe created by Oracle Names unless service OracleHOME_NAMETNSListener has a valid user ID and password associated with it.

To set up the network listener permissions:

  1. From the Control Panel window, double-click Services.

    The Services window appears.

  2. Double-click service OracleHOME_NAMETNSListener.

    The Services dialog appears.

  3. Choose This Account. Then choose "..." next to it.

    The Add User dialog appears.

  4. Select your logon ID (user ID) from the Names list and click Add.

    The user ID appears in the Add Name field.

  5. Click OK.

    The Services dialog appears with the user ID displayed in the This Account field.

  6. Type your password in the Password field.

  7. Retype the same logon password in the Confirm Password field.

  8. Click OK.

Modifying Configuration of External Procedures for Higher Security

This section supplements generic information provided in Oracle9i Net Services Administrator's Guide to configure a listener on Windows operating systems to exclusively handle external procedures.


See Also:

Chapter 15, "Enabling Advanced Features for Oracle Net Services," in Oracle9i Net Services Administrator's Guide for more information on configuring Oracle Net Services for external procedures

For a higher level of security, you are instructed in Oracle9i Net Services Administrator's Guide to start the listener for external procedures from a user account with lower privileges than the oracle user. For Windows operating systems, this requires that you change the user account from LocalSystem to a local, unprivileged user for the OracleHOME_NAMETNSListenerextproc_listener_name service.


Note:

The following instructions assume that you have performed steps 1 through 5 in the section "Modifying Configuration of External Procedures for Higher Security" in Chapter 15 in Oracle9i Net Services Administrator's Guide.

To change the listener account:

  1. Perform steps 1 through 5 in the section "Modifying Configuration of External Procedures for Higher Security" in Chapter 15 in Oracle9i Net Services Administrator's Guide.

  2. Create a new user account and grant it Log on as a Service privilege.

    On Windows 2000 and Windows XP, run the Local Security Settings applet from Start > Programs > Administrative Tools > Local Security Policy.

    On Windows NT, run User Manager from Start > Programs > Administrative Tools > User Manager.


    Note:

    Ensure that this user account does not have general access to files owned by Oracle. Specifically, this user should not have permission to read or write to database files or to the Oracle server address space. In addition, this user should have read access to the listener.ora file, but must not have write access to it.

  3. Open the Services Applet.

    On Windows 2000, choose Start > Settings > Control Panel > Administrative Tools > Services.

    On Windows XP, choose Start > Control Panel > Administrative Tools > Services.

    On Windows NT, choose Start > Settings > Control Panel > Services.

  4. Stop the OracleHOME_NAMETNSListenerextproc_listener_name service by selecting Stop.


    Note:

    If the OracleHOME_NAMETNSListenerextproc_listener_name service does not exist, issue the following command from the command prompt: 
    lsnrctl start extproc_listener_name

    This creates the OracleHOME_NAMETNSListenerextproc_listener_name service. When you return to the list of services, stop this service before proceeding to the next step of this procedure.


  5. Select the OracleHOME_NAMETNSListenerextproc_listener_name service and then display the properties of the service.

    On Windows 2000 and Windows XP, right-click and select Properties.

    On Windows NT, click Startup.

  6. Select This Account and enter the username and password.

  7. Start the listener by clicking Start. You must start the listener in this way because you cannot use the Listener Control utility to start the listener running as an unprivileged local user.


    Note:

    You can also use NET START OracleHOME_NAMETNSListenerextproc_listener_name to start the listener from the command prompt. Running the listener with lower privileges prevents you from using Listener Control utility SET commands to alter the configuration of this listener in file listener.ora. You can perform other administrative tasks on this listener with the Listener Control utility, including stopping the listener. Oracle Corporation recommends that you complete listener.ora file configuration prior to running the listener.

Previous Next
Oracle Logo
Copyright © 2003 Oracle Corporation
All rights reserved | | Ad Choices.
Go To Table Of Contents
Contents		 Go To Index
Index