admin管理员组文章数量:1648331
ORA-28000: the account is locked.
问题:ORACLE EBS R12,浏览器访问500报错误,查看log发现应用不能建立DB连接
原因现象:
1、DB服务能正常启动。
2、AP服务使用./adstrtal.sh apps/apps无法自动启动,但是可以分别启动单项服务。
3、使用./adautocfg.sh发生error,查log发现ORA-28000: the account is locked.----从此入手
解决办法:
1、手动设置环境变量ORACLE_HOME、ORACLE_SID,否则sqlplus不能启动。
2、到ORACLE_HOME/bin打开终端运行sqlplus / as sysdba
3、对账户解锁,可在数据库管理员账户(sys/system)中使用“alter user”命令的account unlock子句。
alter user username account unlock;
账户解锁后,username 账户再一次被允许连接。
Details:
Oracle Database Version: 11g R1 (11.1.0.7) EBS R12.1.2, OEL 5.5 x86_64bit
Application User: APPS
Error: ORA-28000: the account is locked
Login as SYSDBA
SQL> conn /as sysdba
Check the APPSUSR account status.
SQL> SELECT username, account_status FROM dba_users WHERE username= ‘APPS’;
USERNAME ACCOUNT_STATUS PROFILE
——————– ——————– —————
APPS LOCKED(TIMED) DEFAULT
Here we can see the account status is LOCKED (TIMED) and the default user’s profile is DEFAULT.
Check the resource limits of DEFAULT profile.
SQL> SELECT resource_name,resource_type,limit FROM dba_profiles WHERE profile=’DEFAULT’;
RESOURCE_NAME RESOURCE LIMIT
——————————– ——– ———-
COMPOSITE_LIMIT KERNEL UNLIMITED
SESSIONS_PER_USER KERNEL UNLIMITED
CPU_PER_SESSION KERNEL UNLIMITED
CPU_PER_CALL KERNEL UNLIMITED
LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
LOGICAL_READS_PER_CALL KERNEL UNLIMITED
IDLE_TIME KERNEL UNLIMITED
CONNECT_TIME KERNEL UNLIMITED
PRIVATE_SGA KERNEL UNLIMITED
FAILED_LOGIN_ATTEMPTS PASSWORD 10
PASSWORD_LIFE_TIME PASSWORD UNLIMITED
PASSWORD_REUSE_TIME PASSWORD UNLIMITED
PASSWORD_REUSE_MAX PASSWORD UNLIMITED
PASSWORD_VERIFY_FUNCTION PASSWORD NULL
PASSWORD_LOCK_TIME PASSWORD UNLIMITED
PASSWORD_GRACE_TIME PASSWORD UNLIMITED
All resource limits for DEFAULT profile is set to UNLIMITED, but only for FAILED_LOGIN_ATTEPTS attribute, it’s set to some value (10). Due to this the user account keeps getting locked(timed).When we check in the Oracle Documentations, it’s stated that FAILED_LOGIN_ATTEPTS attribute for DEFAULT profile has been changed since 10.2.0.1 from UNLIMITED to 10.
What we can do is, either we may need to change the resource limit for FAILED_LOGIN_ATTEPTS attribute in DEFAULT profile, or create a new profile for that user with FAILED_LOGIN_ATTEPTS attribute value set to UNLIMITED. But for security reasons, we will not tamper the DEFAULT profile, which is not recommended too. Then let’s go for creating a new profile and assign that profile to the user.
Create a profile.
SQL> CREATE PROFILE APPS_DEFAULT LIMIT
COMPOSITE_LIMIT UNLIMITED
SESSIONS_PER_USER UNLIMITED
CPU_PER_SESSION UNLIMITED
CPU_PER_CALL UNLIMITED
LOGICAL_READS_PER_SESSION UNLIMITED
LOGICAL_READS_PER_CALL UNLIMITED
IDLE_TIME UNLIMITED
CONNECT_TIME UNLIMITED
PRIVATE_SGA UNLIMITED
FAILED_LOGIN_ATTEMPTS UNLIMITED
PASSWORD_LIFE_TIME UNLIMITED
PASSWORD_REUSE_TIME UNLIMITED
PASSWORD_REUSE_MAX UNLIMITED
PASSWORD_VERIFY_FUNCTION NULL
PASSWORD_LOCK_TIME UNLIMITED
PASSWORD_GRACE_TIME UNLIMITED;
Profile created.
Assign the newly created profile to the user as default profile.
SQL> ALTER USER appusr PROFILE appusr_default;
User altered.
Unlock the user account:
SQL> ALTER USER apps ACCOUNT UNLOCK;
User altered.
Now check again the status of APPS user.
SQL> SELECT username, account_status FROM dba_users WHERE username= ‘APPS’;
USERNAME ACCOUNT_STATUS PROFILE
——————– ——————– —————
APPS OPEN APPS_DEFAULT
-- 刘轶鹤转
来源来自网络
版权声明:本文标题:ORA-28000: the account is locked. 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/dongtai/1729495033a1202807.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论