Sqlplus/as sysdba cannot log on

Sqlplus/as sysdba cannot log on

I recently read a question, but it was really strange to see it. It bothered me for a while.
The background of the problem is to help developers solve a database problem. After the problem is solved, I want to perform an OS-level check to help them see what else to pay attention. Then, log on to the database server in the command line China, switch to the Oracle user, check that the database instance is cytj, and then prepare for some checks.
# Ps-ef | grep smon
Root 3657 32596 0 00:00:00 pts/2 grep smon
Oracle 5433 1 0 2015? 00:45:46 ora_smon_cytj
But at this point, a strange problem occurs.
# Su-oracle
-Bash: ulimit: open files: cannot modify limit: Operation not permitted
$ Sqlplus/as sysdba
SQL * Plus: Release 11.2.0.4.0 Production on Mon Mar 7 17:37:56 2016
Copyright (c) 1982,201 3, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
In this case, it seems that there are several common ideas, one of which is to check whether ORACLE_HOME is fully mapped. According to the smon process, the process number is 5433. Under/proc/5433, a list of environment variables is obtained.
$ Cat/proc/5433/environ | xargs-0-n1 | grep ORACLE_HOME
ORACLE_HOME =/U01/app/oracle/product/11.2.0.4
Parses the ORACLE_HOME path.
Then, check the value of the system environment variable $ ORACLE_HOME, and find that it is indeed fully mapped.
$ Echo $ ORACLE_BASE
/U01/app/oracle
$ Echo $ ORACLE_HOME
/U01/app/oracle/product/11.2.0.4
So there is no problem with ORACLE_SID and ORACLE_HOME. Why can't we connect to this instance?
One way to analyze the problem is to check the network configuration and whether it is a/etc/hosts configuration problem. View the database
$ Cat/etc/sysconfig/network
NETWORKING = yes
NETWORKING_IPV6 = no
# GATEWAY =
HOSTNAME = BJ-BX-131-190
$ Cat/etc/hosts
127.0.0.1 localhost. localdomain localhost4 localhost4.localdomain4
: 1 localhost. localdomain localhost6 localhost6.localdomain6
10.127.131.190 BJ-BX-131-190

$ Cat/U01/app/oracle/product/11.2.0.4/network/admin/sqlnet. ora
# Sqlnet. ora Network Configuration File: D: \ oracle \ product \ 11.2.0 \ dbhome_1 \ network \ admin \ sqlnet. ora
# Generated by Oracle configuration tools.

# This file is actually generated by netca. But if MERs choose
# Install "Software Only", this file wont exist and without the native
# Authentication, they will not be able to connect to the database on NT.

SQLNET. AUTHENTICATION_SERVICES = (CNT)

NAMES. DIRECTORY_PATH = (TNSNAMES, EZCONNECT)

No problem was found when tnsping was used to detect the tns connection string. Of course, this place should have no direct relationship with sqlplus/as sysdba, but this can indicate that the network service configuration is reasonable.
[Admin] $ tnsping cytj
TNS Ping Utility for Linux: Version 11.2.0.4.0-Production on 07-MAR-2016 18:02:35
Copyright (c) 1997,201 3, Oracle. All rights reserved.
Used parameter files:
/U01/app/oracle/product/11.2.0.4/network/admin/sqlnet. ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = 10.127.131.190) (PORT = 1521) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = cytj )))
OK (20 msec)

When a common user is used for local connection testing, it is found that the scott user is locked. This also indicates that the connection plays a role.
[Admin] $ sqlplus scott/tiger
SQL * Plus: Release 11.2.0.4.0 Production on Mon Mar 7 18:03:40 2016
Copyright (c) 1982,201 3, Oracle. All rights reserved.
ERROR:
ORA-28000: the account is locked

Then, the tns connection method is changed. The same is true if an error is found, indicating that the network connection method also works.
[Admin] $ sqlplus scott/tiger @ cytj
SQL * Plus: Release 11.2.0.4.0 Production on Mon Mar 7 18:03:40 2016
Copyright (c) 1982,201 3, Oracle. All rights reserved.
ERROR:
ORA-28000: the account is locked

Then I found this error in the system and found that the path was really messy. Two ORACLE_HOME exists,
Currently:
/U01/app/oracle/product/11.2.0.4/dbs
The new ORACLE_HOME found is
/Home/U01/app/oracle/product/11.2.0.4/dbs
However, after some demonstration, we found that this path has no effect on this problem.
Because the ORACLE_HOME configuration is completely unrelated to another ORACLE_HOME configuration.
There are also some problems that may be related to the password file, so I manually changed the sys password and logged on again.
[Dbs] $ sqlplus system/oracle
SQL * Plus: Release 11.2.0.4.0 Production on Mon Mar 7 22:12:11 2016
Copyright (c) 1982,201 3, Oracle. All rights reserved.
Connected:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0-64bit Production
With the Partitioning and Real Application Testing options
SQL> alter user sys identified by oracle;
User altered.
Then log on again. the problem persists.
At this time, we can further eliminate the influence of the password file. For example, if I specified a non-existent instance named test, sqlplus/as sysdba should access an empty instance.
$ Export ORACLE_SID = test
$ Sqlplus/as sysdba
SQL * Plus: Release 11.2.0.4.0 Production on Mon Mar 7 19:28:42 2016
Copyright (c) 1982,201 3, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Then, we further tested and found that there were also problems with dg broker login.
[Dbs] $ dgmgrl/
DGMGRL for Linux: Version 11.2.0.4.0-64bit Production
Copyright (c) 2000,200 9, Oracle. All rights reserved.
Welcome to DGMGRL, type "help" for information.
ORA-01017: invalid username/password; logon denied
The same error occurs when you log on with rman.
[Dbs] $ rman target/
Recovery Manager: Release 11.2.0.4.0-Production on Mon Mar 7 19:29:36 2016
Copyright (c) 1982,201 1, Oracle and/or its affiliates. All rights reserved.
RMAN-00571: ========================================================== ==============================
RMAN-00569: ==================== error message stack follows ==========================
RMAN-00571: ========================================================== ==============================
RMAN-00554: initialization of internal recovery manager package failed
RMAN-04005: error from target database:
ORA-01017: invalid username/password; logon denied
Now, we are sure that the problem lies in the local operating system authentication, and the user group of oracle is correct.
Operating system authentication is also related to $ ORACLE_HOME/network/admin/sqlnet. ora.
Let's see how this file is configured.
[Admin] $ vi sqlnet. ora
# Sqlnet. ora Network Configuration File: D: \ oracle \ product \ 11.2.0 \ dbhome_1 \ network \ admin \ sqlnet. ora
# Generated by Oracle configuration tools.
# This file is actually generated by netca. But if MERs choose
# Install "Software Only", this file wont exist and without the native
# Authentication, they will not be able to connect to the database on NT.

SQLNET. AUTHENTICATION_SERVICES = (CNT)
Xxxx
Seeing this problem, I suddenly understood the problem caused by the following configuration.
SQLNET. AUTHENTICATION_SERVICES = (CNT)
This should be configured in windows. How can I set this in linux? It can be seen that this file was copied from windows at the beginning. How can we further verify it? You can see sqlnet. in the Notes section of ora, the path in the directory is the path of disk D. Note that this parameter is not required in the NT Environment and linux environment.
Comment out.
If you log on again, there will be no problem.