User's Manual
Enabling RADIUS Authentication, Authorization, and Accounting
5-18 Oracle Database Advanced Security Administrator's Guide
3.
Add externally identified users and roles.
To configure the Oracle client (where users log in):
Set the RADIUS challenge-response mode to ON for the client if you have not
already done so by following the steps listed in "Configure Challenge-Response" on
page 5-14.
To configure the RADIUS server:
1. Add the following attributes to the RADIUS server attribute configuration file:
2. Assign a Vendor ID for Oracle in the RADIUS server attribute configuration file
that includes the SMI Network Management Private Enterprise Code of 111.
For example, enter the following in the RADIUS server attribute configuration
file:
VALUE VENDOR_SPECIFIC ORACLE 111
3. Using the following syntax, add the ORACLE_ROLE attribute to the user profile
of the users who will use external RADIUS authorization:
ORA_databaseSID_rolename[_[A]|[D]]
where:
■ ORA designates that this role is used for Oracle purposes
■ databaseSID is the Oracle system identifier that is configured in the
database server's init.ora file
■ rolename is the name of role as it is defined in the data dictionary. For
example, SYSDBA
■ A is an optional character that indicates the user has administrator's
privileges for this role
■ D is an optional character that indicates this role is to be enabled by default
ATTRIBUTE NAME CODE TYPE
VENDOR_SPECIFIC 26 Integer
ORACLE_ROLE 1 String