Connect to Progress database without knowing user and password - database

Setup: Progress 11.5 databases sitting on Linux (CentOS) server, with proenv available.
I'm trying to connect to Progress database through proenv and sqlexp. I'm unable to, since I don't know the user and password. There's no way I can obtain it from someone else, as nobody knows these credentials. I have root access on this server.
How can I connect to this database so that I can later create another account to use through ODBC?
What I've tried already is:
Being on root account, opening up proenv by
/dlcloc/dlc-11.5/bin/proenv
which brings up proenv, and then when I try
sqlexp -db rep -H localhost -S 2502 {-user ?? -password ??}
given that there's a db within
/dbloc/prod/rep/
with files like rep.db, rep.lg, rep.b1, rep.d1 and some other files avilable on localhost under port 2502 (confirmed through ps aux | grep rep)
I get an error even without user and password
Error: [DataDirect][OpenEdge JDBC Driver][OpenEdge] Access denied(Authorisation failed). (8933)
Which is obvious from my side, but there's no way to get user and password. How can I go around this given my environment to be able to establish a successfull connection?
Additional note: There's a special user called progressuser under which database is created, but impersonating that user from root as su progressuser and going through the same process yields the same results.

You could try accessing the database using the native 4GL broker. And possibly try this solution:
https://knowledgebase.progress.com/articles/Article/P9483
First run that proenv-script, it will set paths and environment variables.
Then identify on which port the 4GL broker runs. If you dont know: check your database log file (rep.lg). Look for something like:
[YYYY/MM/DD#HH:MM:SS.sss+TZ] P-XXXX T-YYYY I BROKER 0: (4262) Servicename (-S): NNNN.
The Ns will be your port. It might possibly be a service name to check in /etc/services
Then access the Progress Editor with a connected database:
pro -db rep -H <IP-address/domain name> -S <port number/service name>
You should see a rudimentary editor. To run something you press Ctrl+X or F1. To access the menu F3. To exit something F4.
Access the Menu using F3 and arrow-key your way to Tools -> Datadictionary. Now you should be able to follow the steps in the link provided above.
Perhaps its a good idea to make sure you have a valid backup before you start messing around with the users...

Related

SQL Server on Mac with Docker : Login failed for user 'password too short'

I am trying very simply to download MS SQL Server to my Mac using Docker.
As I was following a video, I reached a road block because my password was too short and Docker exits the program. (I received the error below). Can you please advise on how to change my password using the terminal or elsewhere?
ERROR: Unable to set system administrator password: Password validation failed. The password does not meet SQL Server password policy requirements because it is too short.
The container only accepts SQL auth and you've locked yourself out by making SQL auth impossible for the only SQL auth account that exists. Kind of a catch-22 because you can't log in to make your password long enough so that you can log in. I wish docker recognized this when you first fire up the run command instead of when it is too late, but this is where we are.
While it may be possible to hack into mssql-conf or the mssql-server service to change the password, honestly, the easiest thing for you to do is to start over with a new container. The nice thing about containers is that this is exactly what they're designed for. Run this:
docker ps
This will list the containers you have created; the one in question might be named something like a5de64..., so then just do:
docker stop a5
docker rm a5
Then create a new container with a password that is both long enough and strong enough:
docker run ... -e SA_PASSWORD=d0_n0t_be_l#zy_h3r3 ... mcr.microsoft...

Oracle container database 12c, connecting using JDBC

I'm trying to learn how to use Oracle Container database, and just do basic JDBC connections. I installed a dockerised version of Oracle:
https://hub.docker.com/_/oracle-database-enterprise-edition
Which according to the data sheet comes set up with a CDB database called ORCLCDB and a PDB database called ORCLPDB1.
So I figured out I can connect to it like this:
jdbc:oracle:thin:#localhost:1555:ORCLCDB
with username sys, password Oradoc_db1, and setting the special internal_logon jdbc parameter equal to "sysdba" to avoid the error "local oracle CDB: ORA-28009: connection as SYS should be as SYSDBA or SYSOPER"
And I figured out I can switch to the PDB by entering this:
ALTER SESSION SET CONTAINER=ORCLPDB1
And I can then create a new user:
CREATE USER MYUSER IDENTIFIED BY MYPASSWORD1
But then I'm stuck. I think there should be some way to connect directly to the PDB using a JDBC connect string. Every time I google about this, it talks about tnsnames blah blah, but people who use JDBC connections, are typically using Tomcat on a server, or otherwise don't have the Oracle Client installed. They expect to be able to connect to Oracle just with the thin driver installed, nothing else.
I've tried the obvious using:
jdbc:oracle:thin:#localhost:1555:ORCLPDB1
with username myuser or sys, but I always get:
ORA-12505, TNS:listener does not currently know of SID given in connect descriptor
At this point I'm stuck.
You need to use a SERVICE_NAME in order to connect to an Oracle container database
Please alter your connect string like this:
jdbc:oracle:thin:#localhost:1555/ORCLPDB1
A SERVICE_NAME is denoted by a "/"
A SID (SystemIDentifier) is denoted by a ":" (not to be used)
Note! Default listener port is 1521, not sure why you specifically want a different port.
Best of luck!
Apparently the correct answer is this...
jdbc:oracle:thin:#localhost:1521/ORCLPDB1.localdomain
Then I can connect as SYS using the method above. If I want to connect as the created user, I also need...
grant create session to myuser;
and then, turn off the internal_logon jdbc parameter.

How to shutdown a remote progress (openedge) database

I want to shutdown a remote DB with proshut
https://knowledgebase.progress.com/articles/Article/P20918
i get this error:
"Shutdown request denied because you are an invalid user, remote shutdown is not allowed, or the database is enabled for Failover Clusters. (12566)"
Where can i define the user for the shutdown request?
You're seeing the error because the database was started with the specific flag to disallow remote shutdown. Since you're probably not root, you will not be able to go around that.
More info on the normtshutdown db flag:
https://knowledgebase.progress.com/articles/Article/P94213
dbman -stop -H 192.168.1.123 -port 20931 -u j.verne -db pool_05_xyz
followed by my windows password stops the remote DB
(i dont know why this works...)
The problem seems to be that OpenEdge Explorer starts the DB with SYSTEM and not the user that is logged in.
When i try to stop it remotely my windows login name is used to send it as user to the server. At the moment i dont know how to solve it.
Maybe i can stop the db with DBMAN command, but this rejects my login.
Starting the service with a user account makes it possible to connect and stop it
AdminService for OpenEdge 11.4 Manages Progress OpenEdge servers Wird ausgeführt Automatisch j.verne#treasureIsland.de
But this is my local solution, i dont know if this is ok for the real remote server

Allow remote mysql access on linux (through webmin or shell)

Spec:
Ubuntu 14.04
webmin/virtualmin 1.791
I am using following code to test remote mysql database connection:
<?php
$db_host = "123.456.789";
$db_name = "database";
$db_user = "user";
$db_pass = "password";
$db_table_prefix = "prefix_";
GLOBAL $errors;
GLOBAL $successes;
$errors = array();
$successes = array();
$mysqli = new mysqli($db_host, $db_user, $db_pass, $db_name);
GLOBAL $mysqli;
if(mysqli_connect_errno()) {
echo "Conn Error = " . mysqli_connect_error();
exit();
}
?>
I keep getting this error:
No connection could be made because the target machine actively
refused it.
Research shows this means the server is "not listening". Before I ran the above script I've already tried to allow remote mysql access through webmin gui. What I did is editting "database manage->host permissions" and make it as follows:
This was supposed to allow remote mysql access but it doesn't work. Also I read from somewhere else that to allow remote mysql access I need to edit /etc/mysql/my.cnf; I have thought that after I edit the "host permissions" in webmin this file would be changed, but it was not. On the other hand, I couldn't find the lines I was supposed to edit in my.cnf, so I am stuck here.
Any help is appreciated.
You can do this via webmin too,
Create your user account for remote access
Webmin > Servers > MySQL Database Server > User permissions
Allow the MySQL server to listen to remote requests
Webmin > Servers > MySQL Database Server > MySQL Server Configuration
MySQL server listening address - set it to any
Restart MySQL using service mysql restart or directly from webmin.
Allowing MySQL to listen to any port is not a good idea , unless you are the only one who can access that network ,
Don't leave it like this afterwards , Its better to Allow certain hosts on certain domains , like your IP , Or simply just dont listen on all ports if its not required i.e when you are finished with your session.
You can also do this via /etc/mysql/my.cnf
Just add a binding adress of your choice instead of localhost
I have got it to work, however not through webmin at all.
First I need to comment out the following line in /etc/mysql/my.cnf:
#bind-address = 127.0.0.1
I guess instead of simply commenting it out, I can also change 127.0.0.1 to my local IP address. Many google results stop here, but this is not enough. The next step is to grant the local user privileges: On remote server, I need to run the following commands:
$ mysql -u root -p
Enter password:
mysql> use mysql
mysql> GRANT ALL ON . to user#'localIP' IDENTIFIED BY
'password';
mysql> FLUSH PRIVILEGES;
Actually I have seen this when I was doing google search before I asked the question here, but I just ignored it because I thought I've done it. It turns out I not only need to grant privileges on server side but also need to do it for "local user".
Feel free to comment here if there's still something I missed out or you know how to do it throught webmin(I am still wondering what editting "host permissions" in webmin does).

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' - MS SQL Server - possibility of being unable to solve the issue

Why not asking on dba.stackexchange: the description says it is for professionals, which I am not and SO has its "for enthusiasts" part.
I have an error
"Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
This is a common error with several possible reasons and solutions. The problem is that I have no knowledge of the database and server administration and credentials authentication topics, thus I will need to spend some significant time understanding what is being said and proposed.
Before I do that I would like to ask if it might be possible for me not to be able to solve the problem due to technical limitations. I will describe the situation in more detail now.
There is an MS SQL Server A with database Adb and table dbo.At. I can read from it. There is also an MS SQL Server B. I can read and write here.
I have MS SQL Server Management Studio 2012 open on my computer. I have a connection with server A open with query "select * from Adb.dbo.At" which works just fine. The connection used Windows Authentication.
I have a connection with server B (Windows Authentication as well) with query "select * from A.Adb.dbo.At" which results in the aforementioned error.
At this point I do have read access to A, I have read and write access to B. I can export data from A and then import it to B using my computer, i.e. I can do a kind of a copy paste and I will end up having what I want. There is no insurmountable wall between these 2 servers with me being the middle man. I simply would like to make it easier. Before I dwell on SPNs, delegations, Kerberos, Active Directory and whatnot I would like to ask if, assuming that I have nothing more than read on A and read/write on B, I might not be able to solve the issue?
It seems I have a "double hop" problem.
https://blogs.technet.microsoft.com/askds/2008/06/13/understanding-kerberos-double-hop/
I have found a workaround. I can use Server Agent on server B. Using this I can use the server to perform some actions, for example query other servers. The Agent jobs are of a specific type (like T-SQL script). For specific job types the Agent can run the jobs in "run as" mode (requires a proxy). I created a proxy referring to my normal Windows login. Sadly T-SQL script type job cannot be executed in "run as" mode. But PowerShell type job can. PowerShell can also execute SQL statements. Thus I have created PowerShell job running with proxy with the command being:
SQLCMD -Q "select * into Bdb.dbo.Bt from A.dbA.dbo.At" -E
This solved my problem.

Resources