Add ROA Oracle Database Windows setup scripts with old client support

PowerShell scripts for setting up Oracle 21c/XE with ROA application: - Automated tablespace, user creation and imports - sqlnet.ora config for Instant Client 11g/ODBC compatibility - Oracle 21c read-only Home path handling (homes/OraDB21Home1) - Listener restart + 10G password verifier for legacy auth - Tested on VM 302 with CONTAFIN_ORACLE schema import Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 17:08:02 +02:00
parent 665c2b5d37
commit 989477f7a4
26 changed files with 8972 additions and 0 deletions
--- a/proxmox/lxc108-oracle/roa-windows-setup/config/sqlnet.ora
+++ b/proxmox/lxc108-oracle/roa-windows-setup/config/sqlnet.ora
@@ -0,0 +1,105 @@
+# =============================================================================
+# Oracle sqlnet.ora - Compatibility Configuration for Old Instant Client
+# =============================================================================
+#
+# Purpose: Allow connections from Oracle Instant Client 10g/11g to Oracle 21c
+#
+# IMPORTANT - Oracle 21c Location:
+#   Oracle 21c uses a read-only Oracle Home. Configuration files must go in
+#   the "Oracle Base Home" directory, NOT in ORACLE_HOME.
+#
+#   For Oracle 21c XE, copy to:
+#     %ORACLE_BASE%\product\21c\homes\OraDB21Home1\network\admin\sqlnet.ora
+#   Example:
+#     C:\app\<user>\product\21c\homes\OraDB21Home1\network\admin\sqlnet.ora
+#
+#   For older Oracle versions, copy to:
+#     %ORACLE_HOME%\network\admin\sqlnet.ora
+#
+# After copying:
+#   1. STOP and START listener (not just reload!):
+#      lsnrctl stop
+#      lsnrctl start
+#   2. Wait ~10 seconds for database services to re-register
+#   3. Reset user passwords (required to generate 10G password verifier):
+#      ALTER USER CONTAFIN_ORACLE IDENTIFIED BY ROMFASTSOFT;
+#      ALTER USER <company> IDENTIFIED BY <password>;
+#
+# Note: The password MUST be reset after sqlnet.ora change - this regenerates
+#       the password hash to include the 10G verifier needed by old clients.
+#
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# Authentication Protocol Compatibility
+# -----------------------------------------------------------------------------
+
+# Allow older authentication protocols (required for Instant Client 10/11)
+# Value 8 allows all protocols from Oracle 8i onwards
+# Default in 21c is 12, which blocks clients older than 12c
+SQLNET.ALLOWED_LOGON_VERSION_SERVER=8
+SQLNET.ALLOWED_LOGON_VERSION_CLIENT=8
+
+# -----------------------------------------------------------------------------
+# Password Case Sensitivity (Optional)
+# -----------------------------------------------------------------------------
+
+# Disable password case sensitivity for compatibility with old applications
+# that may send passwords in uppercase
+# Uncomment if needed:
+# SEC_CASE_SENSITIVE_LOGON=FALSE
+
+# -----------------------------------------------------------------------------
+# Name Resolution
+# -----------------------------------------------------------------------------
+
+# Standard name resolution order
+NAMES.DIRECTORY_PATH = (TNSNAMES, EZCONNECT)
+
+# -----------------------------------------------------------------------------
+# Connection Settings (Optional)
+# -----------------------------------------------------------------------------
+
+# Timeout for establishing connection (seconds)
+# SQLNET.INBOUND_CONNECT_TIMEOUT = 60
+
+# Dead connection detection interval (minutes)
+# SQLNET.EXPIRE_TIME = 10
+
+# -----------------------------------------------------------------------------
+# Encryption (Optional - for secure connections)
+# -----------------------------------------------------------------------------
+
+# Enable native encryption (AES256)
+# SQLNET.ENCRYPTION_SERVER = REQUIRED
+# SQLNET.ENCRYPTION_TYPES_SERVER = (AES256)
+# SQLNET.CRYPTO_CHECKSUM_SERVER = REQUIRED
+# SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA256)
+
+# -----------------------------------------------------------------------------
+# Logging (for troubleshooting)
+# -----------------------------------------------------------------------------
+
+# Enable tracing (set to OFF in production)
+# TRACE_LEVEL_CLIENT = OFF
+# TRACE_LEVEL_SERVER = OFF
+
+# Log file locations
+# LOG_DIRECTORY_CLIENT = C:\app\oracle\network\log
+# LOG_DIRECTORY_SERVER = C:\app\oracle\network\log
+
+# =============================================================================
+# After applying this configuration:
+#
+# 1. Reload listener:
+#    lsnrctl reload
+#
+# 2. Reset passwords for users connecting with old clients:
+#    sqlplus sys/romfastsoft@SERVICE as sysdba
+#    ALTER USER CONTAFIN_ORACLE IDENTIFIED BY ROMFASTSOFT;
+#    ALTER USER [COMPANY] IDENTIFIED BY [PASSWORD];
+#
+# 3. Test connection from old client:
+#    sqlplus CONTAFIN_ORACLE/ROMFASTSOFT@//host:1521/SERVICE
+#
+# =============================================================================