SQL-Retriever ODBC


FAQ: Invalid user authorisation specification (IUAS)

The causes of this error message from SQL-Retriever are:
  1. Username and/or password are genuinely wrong: Try logging in using another application, such as Microsoft 'telnet', and check that you can log in using that username and password. Make sure you have typed them both correctly when you configured your Unix host using the Vision Communications (via Control Panel). Usernames and passwords are case-sensitive.
  2. The login account has no password at all. You should ask your System Administrator to give the account a password on your Unix system, then add the password to your host's configuration on your PC.
  3. There is no login shell in the password file for the user. This compromises the security of your Unix system, and so your connection is rejected. Ask your System Administrator to add a shell to the username's entry in the password file.
  4. User's login shell is not secure (not csh or not in /etc/shells). You should ask your System Administrator to add your user shell to /etc/shells.
  5. The SQL-Retriever deamon is not running as root. The SQL-Retriever daemon e.g. sqlr.ing40.d for Ingres and SQL-Retriever 4 is not run/owned by root. You can check this using the command 'ps -ef | grep sqlr' dependent on UNIX ps command arguments.
  6. SCO only: password shadowing active. There was a problem with the SCO shadow password facility which was fixed, but is a good illustration of a generic problem.
  7. Permissions on user's login shell not correct
  8. Shell name. This is really a part of 4) however some UNIX systems' Bourne shells are called bsh, noteably AIX. This file is usually hard-linked to sh, but if being used it NEEDS an entry in /etc/shells.
  9. Don't use su.Be aware that ideally, the user should be logged in as root when starting the SQL-Retriever demon and NOT su'd: there may sometime be some tiny differences between su and root. You should be root to start the SQL-Retriever demon.

The above are the main causes of IUAS; it is very difficult to cover all the causes of IUAS in a prescriptive manner. Very rarely, IUAS occurs and is not covered by the above. These cases would require additional investigation by support. One of the commonest of these is where /etc/passwd has been edited with 'vi' - and not the standard System Administration utility - and this has corrupted /etc/passwd to some extent. There are also some rare ones where some versions of UNIX can run in High Security or Trusted mode which can cause this error.

Debugging IUAS

IUAS is not debugged with the standard SQL-Retriever debug , but with its own debugging methods.

At SQL-R 3.1 (host) and later, you can add the environment variable SQLRAUTH=1 to the shell environment before running the sqlr.[xxx]32.d/rpc.[xxx]sqld as root. You will, of course, have to remove any previously existing root-owned sqlr.[xxx]32.d/rpc.[xxx]sqld. A file called /tmp/vwau[pid].log will be created giving next time the IUAS is created giving a clue as to why IUAS is happening

Debugging IUAS with SQL-Retriever 4

SQLRAUTH is no longer applicable. 32-bit SQL-R 4 IUAS debug uses debug on the authsrv by adding -d4095. Use -d4095 on the authsrv in the /usr/local/vision/etc/servers file, restart the Vision Services and look at the log file (/usr/local/vision/log/vwdebuglog) once the IUAS has been recreated.

vwauth authsrv m -d4095

SQL-R 4 16-bit does not fully use the authsrv debug, therefore one needs to put -d4095 on sqlrinf40.d as well as authsrv in /usr/local/vision/etc/server to get debug, and look at the vwevent debug log as well as vwdebuglog.

vwauth authsrv m -d4095
sqlrinf sqlr.inf40.d m -d4095

A sample output is below, it writes to /usr/local/vision/log/vwdebuglog

Sample debug log for SQL-R 4 16-bit IUAS

Nov 12 15:54:58: [24960] sqlr.inf40.d: checkShell: Invalid shell
Nov 12 15:55:04: [24960] sqlr.inf40.d: fullNameAuth: user=odbc time=847842898 window=300
Nov 12 15:55:04: [24960] sqlr.inf40.d: checkShell: Invalid shell



SQL-Retriever: ODBC driver
Home | Software | Background | Library | Configuration | Versions | Security Manager | Debug | FAQ |
Site Map; Accessibility;

Last modified: Wednesday, 22-Mar-2017 15:51:50 GMT