[firebird-support] Firebird Security Authentication Configuration Questions

2018-02-02 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
Hi All,


I am wondering about the level of support in Firebird's implementation of 
Win_Sspi as I can not find specific documentation.


If anyone can point me to a source document I would greatly appreciate it.


The situation I have is a heterogeneous  mixture of platforms within a 
corporate environment.


All the machines are joined to a windows active directory domain.

We have a mixture of linux, windows, mac and chrome/android devices that all 
fully support the domain via samba4/pam.


What I am looking to do is to integrate the user authentication in firebird 
into the AD authentication process.


My question is, has anyone been able to authenticate a windows client against a 
linux hosted firebird database using win_sspi?

Is there any documentation? Any help would be appreciated.


best regards


Dalton

[firebird-support] Re: Select Distinct returning multiple rows

2017-12-11 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
Found the issue


distinct and group by compare blobs differently (Don't know if this is by 
design or a bug)


Distinct considers all blobs to be different (I am assuming it compare 
blobid's) while group by appears to compare contents.


casting the blob to a varchar eliminated the issues.




From: firebird-support@yahoogroups.com  on 
behalf of Dalton Calford dcalf...@distributel.ca [firebird-support] 

Sent: December 11, 2017 2:37:39 PM
To: firebird-support@yahoogroups.com
Subject: [firebird-support] Select Distinct returning multiple rows



I have a weird problem.


An over-simplified description of the problem is as follows


select a.FOO, a.BAR from FOOBAR a


returns two rows.


a.FOO   a.BAR
A   124
A   124


select distinct a.FOO, a.BAR from FOOBAR a


returns the same two rows


a.FOO   a.BAR
A   124
A   124

BUT


select a.FOO, a.BAR, count(*) from FOOBAR a group by a.FOO, a.BAR


returns one row


a.FOO   a.BAR   count
A   124 2

So, the group by recognises that the two rows are identical, while distinct 
does not.

The above is an oversimplification of the query (which joins many tables etc)

So, I tried to isolate the distinct clause from the underlying tables using a 
cte

ie,
with MYFOOBAR as (

select a.FOO, a.BAR, count(*) from FOOBAR a group by a.FOO, a.BAR)

select distinct b.FOO, b.BAR from MYFOOBAR b

but, that still returns two rows.

The underlying tables do not have nulls.

What I am trying to understand is what makes the distinct directive consider 
the rows differently from a group by directive.

>From a logical standpoint, both should resolve things the same should they not 
>(one to eliminate duplicates from the result set, the other to count 
>duplicates)

What am I missing here?

[firebird-support] Select Distinct returning multiple rows

2017-12-11 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
I have a weird problem.


An over-simplified description of the problem is as follows


select a.FOO, a.BAR from FOOBAR a


returns two rows.


a.FOO   a.BAR
A   124
A   124


select distinct a.FOO, a.BAR from FOOBAR a


returns the same two rows


a.FOO   a.BAR
A   124
A   124

BUT


select a.FOO, a.BAR, count(*) from FOOBAR a group by a.FOO, a.BAR


returns one row


a.FOO   a.BAR   count
A   124 2

So, the group by recognises that the two rows are identical, while distinct 
does not.

The above is an oversimplification of the query (which joins many tables etc)

So, I tried to isolate the distinct clause from the underlying tables using a 
cte

ie,
with MYFOOBAR as (

select a.FOO, a.BAR, count(*) from FOOBAR a group by a.FOO, a.BAR)

select distinct b.FOO, b.BAR from MYFOOBAR b

but, that still returns two rows.

The underlying tables do not have nulls.

What I am trying to understand is what makes the distinct directive consider 
the rows differently from a group by directive.

>From a logical standpoint, both should resolve things the same should they not 
>(one to eliminate duplicates from the result set, the other to count 
>duplicates)

What am I missing here?

Re: [firebird-support] Triggers - One big or more smaller?

2017-06-28 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
I prefer more smaller triggers with a specified firing order, along with code 
at the beginning of the trigger that checks to see if the trigger should fire 
or not - this allows you to disable a trigger within the scope of a single 
transaction ie.


(a) Update master table that trigger checks - turning off the trigger within 
this transaction

(b) Perform work that would normally be stopped by the trigger
(c) change the value in the master table, turning the trigger back on

(d) commit.


This means you can turn on and off triggers within a large system without 
impacting other users.




From: firebird-support@yahoogroups.com  on 
behalf of 'livius' liviusliv...@poczta.onet.pl [firebird-support] 

Sent: June 28, 2017 12:07:53 PM
To: firebird-support@yahoogroups.com
Subject: Re: [firebird-support] Triggers - One big or more smaller?

Hi,

>>practical benefit to breaking up triggers?
1. separate code logically like procedure
2. you can simply disable it without altering content
3. simplify editing by minimize toxicity

regards,
Karol Bieniaszewski

-Oryginalna wiadomość-
From: Gabor Boros mlngl...@bgss.hu [firebird-support]
Sent: Wednesday, June 28, 2017 2:27 PM
To: firebird-support@yahoogroups.com
Subject: [firebird-support] Triggers - One big or more smaller?

Hi All,

The table have a BEFORE UPDATE trigger. Now I need a check before the
existing trigger code and raise an exception if needed. I can write the
check into the existing trigger before the existing code. But can create
a new trigger with a lower position than the existing one. Is there any
practical benefit to breaking up triggers?

Gabor






++

Visit http://www.firebirdsql.org and click the Documentation item
on the main (top) menu.  Try FAQ and other links from the left-side menu
there.

Also search the knowledgebases at
http://www.ibphoenix.com/resources/documents/

++


Yahoo Groups Links




---
Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie 
antywirusowe Avast.
https://www.avast.com/antivirus







++

Visit http://www.firebirdsql.org and click the Documentation item
on the main (top) menu.  Try FAQ and other links from the left-side menu there.

Also search the knowledgebases at http://www.ibphoenix.com/resources/documents/

++


Yahoo Groups Links

Re: [firebird-support] Digest Number 9396

2016-11-21 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
Yes,


But the new domain is not created for every table, just for every column where 
you are not using a pre-defined domain.


So,


Create table MYTABLE(mycolA integer, mycolB integer, mycolC integer); would 
auto create three separate new domains.


I wish I knew more of what you are trying to do, as Firebird has many features 
that would normally remove any need for regular metadata changes.





From: firebird-support@yahoogroups.com  on 
behalf of tiberiu_horv...@yahoo.com [firebird-support] 

Sent: November 21, 2016 7:13:46 AM
To: firebird-support@yahoogroups.com
Subject: Re: [firebird-support] Digest Number 9396



So, everytime I create a table in FireBird, a new domain is created 
automatically in the database ?

This surely could be an explanation of my problem !

I will try to create domains and use those in DDL .

Is this a correct approach :

create domain MyIntegerDomain Integer ;

create table myTable (id MyIntegerDomain) ;

?






Tiberiu

Re: [firebird-support] Digest Number 9396

2016-11-19 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
Every time you do not define a domain when creating a column in a table, 
firebird creates a new domain.Unless they have changed something 
fundamental, they never purge unused domains.   So, you perform a backup and it 
recreates all the prior domains first, then, proceeds to create new domains.   
It also may have an internal counter that may not be reset to keep track of the 
next internal domain name to use (don't know, have not looked at the code for 
years).


Either way, you need to get your data out of the database and into one that is 
restorable.   You also need to change your create table routines to use 
pre-defined domains.   What you did not realize is that regardless of whether 
you want to use domains, you will be using them.   The difference is whether 
you use a domain you define, or let the system create domains on the fly.


At least with domains you create, you can reuse them and you do not encounter 
the issue you are seeing.


1 GB is not very much, My smallest DB that I maintain is 20 GB.


With FB 3, you can do a few things to speed up the process, but, at this point, 
you may need more help than simple forum list support can give.


Where on the planet are you located?   Perhaps we can get you in touch with a 
FB specialist in your area.


best regards


Dalton



From: firebird-support@yahoogroups.com  on 
behalf of tiberiu_horv...@yahoo.com [firebird-support] 

Sent: November 19, 2016 9:12:59 AM
To: firebird-support@yahoogroups.com
Subject: Re: [firebird-support] Digest Number 9396



I use only

CREATE TABLE   and DROP TABLE  metadata commands in runtime. I populate 
the tables and that's all. I don't create domains, not at all.

I use FB 3.0 on a Linux server (I don't maintain that server) .

The database file is very big - 1+ GB in size, my customers append arround 3000 
records each day.

To try to fix my domain name problem I do as you suggested : I do the restore 
of the new database file with the correct structure and datapump the records. I 
just did that yesterday (I have some 6 million records in a few tables) but 
this process is very time consuming - around 4 hours of work.

I have one possible explanation :  last time I upgraded from FB 2.55 to FB 3.0, 
I did the process on a Windows machine : backup FB 2.55 and restore FB 3.0 on 
the machine. I copied , then, the FDB file in Linux (Samba) , didn't performed 
a normal restore on Linux (because it is very time-consuming and my customer 
couldn't wait). Maybe something bad happened then with those domain names. 
Yesterday I did this :
1. Exported the records (in some XML files)
2. Restored an empty database file (full restore - not copy the FDB file)
3. Datapumped the records (from the XML files) .

I will see the result and keep you informed.


Thank you ,

Tiberiu

Re: [firebird-support] Digest Number 9396

2016-11-18 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
Interesting, only one record.


The RDB$ domains are auto generated by the system - RDB$1297080260861 says that 
it is the 1,297,080,260,861 domain created by the system.

If this is not the only auto-generating domain you have been using, it is 
possible that you have hit the maximum auto-increment.


I personally never use auto-generated domains, always used named/created 
domains.


What version of firebird are you using?   Using earlier versions, you can 
perform clean up on the system tables, while newer versions limit or prevent 
modification of the system tables entirely.


How big is the database in size - can it be zipped up into a smaller, more 
reasonable size for a third party to repair in case you are not comfortable 
with smaking system tables?


Another method, may be, using a tool like flamerobin to extract all the 
metadata, then create a new clean database with pristine structures, then, pump 
the data across.


I would personally, re-evaluate the process that is creating and dropping meta 
data and perhaps use the power of firebird to it's full.


best regards


Dalton




From: firebird-support@yahoogroups.com  on 
behalf of tiberiu_horv...@yahoo.com [firebird-support] 

Sent: November 18, 2016 5:43:56 AM
To: firebird-support@yahoogroups.com
Subject: Re: [firebird-support] Digest Number 9396



Thank you for your answer,

"You have data in your column in that table that no longer fits in the new 
definition"

The data in a table that uses one of those domains has only one record, I do 
not alter that record at all (some document type name default defined).

I create many temporary tables in runtime (with random names) and drop those 
when I leave / close the database. Can this be the problem ?
but I use this structure / program at many other customers ... No problem there.

Anyway, if GBAK could backup those domains (with huge names), why , the same 
GBAK, could not restore those with the same name ?



Tiberiu

Re: [firebird-support] Digest Number 9396

2016-11-17 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
That type of error generally is caused by a utility or process that has changed 
the definition of the column.


You have data in your column in that table that no longer fits in the new 
definition.


When you manually change, or use a utility to smack the system tables, vs 
creating a whole new column and migrating the data over, you can cause these 
types of errors.


Now, you need to find the offending rows and update them to get the data to fit 
into the new column definition.


I have done this in the past by creating a new table and writing a stored 
procedure that inserts the data from the old table into the new, catching the 
errors and logging them so that I can find which rows need to be manipulated.


I also have as a standard part of the backup process, a full restore of the 
database as in the past, it was easy to create circular dependencies and broken 
structures that prevent the data from being restored using normal backup 
procedures.




From: firebird-support@yahoogroups.com  on 
behalf of 'Tiberiu Horvath' tiberiu_horv...@yahoo.com [firebird-support] 

Sent: November 16, 2016 11:04:08 AM
To: firebird-support@yahoogroups.com
Subject: Re: [firebird-support] Digest Number 9396



Support for Users of Firebird ReleasesHi all,

I have a FireBird 3.0 server on a Linux machine, at a customer who appends
arround 3000 records / day in some tables. I have a strange problem that
keeps me from performing normal backup / restore operations. In the database
there are some huge domain names in System Domains (I use IBExpert). For
example : "RDB$1297080260861" (but some other domain names are normal
"RDB$100")

These domains are used by my normal tables and

DROP DOMAIN RDB$1297080260861

gets me to an error, given the fact that the domain is used by one of my
tables.

Also, any temporary table that I create (in runtime) creates these long
domain names.

When I backup my database gbak generates normal fbk file - no error here
But when I restore this file, at the end, it generates an error - see
screenshot :
https://www.dropbox.com/s/dvfoan0xln5rug4/Screenshot%202016-11-16%2017.49.51.png?dl=0

gbak: ERROR: arithetic exception, numeric overflow, or string truncation
gbak: ERROR: numeric value is out of range

I am sure this is connected to the system domain name.

my questions :

1. How can I modify a System Domain name ?
2. For a given Field in a Table , how can I modify the Domain that it
uses - replace with another ?
3. Is there a way to modify the generator that generates these name ?
Probably it is a way to fix this also ...

I have a fbk file and I have the initial FDB file. If somebody could help me
with this I could send the file - I deleted all the data.

In my program I have a procedure that exports the containts of every table
in the database and them imports in a new , empty database - I did this a
few months ago. But in this case, after a few days, the problem repeated.

Thank you ,

Tiberiu

[firebird-support] Unix ODBC with Firebird ODBC and ODBC Manager

2016-11-04 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
I am having difficulties with the latest linux Firebird 64 bit ODBC drivers in 
that they are not working with the latest UnixODBC versions.


When using the ODBC Administrator, (unixODBC-GUI-Qt4) it tells me it can not 
load a property list for Firebird.


Does anyone have a setup guide for ODBC on linux, ubuntu 16.04 or 16.10 
specifically?

Re: [firebird-support] Looking for detailed documentation on the new Firebird 3 security authentication process.

2016-10-21 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
Hi Alain,


For roles and trusted authentication (which is what I am discussing here) you 
use the "set trusted role" command.


With trusted authentication (when you use the OS/network to authenticate the 
user) you are not passing role information and the dba needs to apply trusted 
roles which work in the same way that you can automatically have members of the 
windows administrator/superuser group, log on as the RDB$ADMIN role without 
needing to specify it or having it granted explicitly.


You can even change your current role within the context of a connection via 
the set role command.


With earlier versions of firebird, we had to manipulate user rights using 
example user groups and default users.   The current security enhancements in 
version 3 remove that need and now we want to take it to the next step and 
merge the user authentication methods on the domain, reducing the IT management 
and DBA user management tasks.


best regards


Dalton




From: firebird-support@yahoogroups.com  on 
behalf of Alain Bastien alainbast...@gmail.com [firebird-support] 

Sent: October 21, 2016 4:32:10 AM
To: Dalton Calford
Cc: firebird-support@yahoogroups.com
Subject: Re: [firebird-support] Looking for detailed documentation on the new 
Firebird 3 security authentication process.



And what about ROLES ?

You can maintain USERS easily, else I never delete a USER since it might break 
referential integrity, just a FLAG (BOOL) active or inactive.


Kind Regards

Alain Bastien
34 Dr Ross Avenue
Rose Hill 72102
Mauritius
Mobile Tel: +230  5 719 30 30
Skype:alainbastien
Viber: 7320143





On Thu, Oct 20, 2016 at 6:31 PM, Dalton Calford 
mailto:dcalf...@distributel.ca>> wrote:

Hi Alain,


We use full user authentication at our company, so everyone logs into the 
database using their own credentials.  Currently, each user has an account in 
the firebird security database.   Each user also has a windows domain account.  
 This means each user has, at a minimum, two separate usernames and passwords 
to maintain, while IT staff have to be diligent to clean up users from the 
firebird security database, after a staff member has left the company.


When I log onto a Firebird Database, without providing username or password, on 
a linux host, the Firebird engine uses my local linux username as my Firebird 
username and I have any rights that the SYSDBA has granted to my linux 
username, even though, my linux user name is not in the firebird security 
database.


Firebird on windows, starting with the 2.x version, started to allow this 
behaviour and new security grant commands where created to allow for default 
rights (such as someone with administrative rights on the local machine 
automatically logging in as themselves with sysdba role access rights).   So, 
if you logged into your windows machine as 
"MY_COMPANY_DOMAIN\MY_DOMAIN_WINDOWS_USER_NAME" and opened a firebird 
connection as yourself, then you would see the above when you did a select 
current_user . in the database.


With Firebird 3.0, this has been extended so that trusted rights are passed 
from windows machine to windows machine in the same domain.   This is 
accomplished by the client, who verified the user via the domain 
authentication/password, sending a time/domain sensitive token to the server, 
which the server then uses to get the details about the user and provides the 
user ID to any software that requests it.  This means you only administrate one 
set of user accounts for all your databases and those are the same accounts 
used for machine login and OS/network rights.


So a user changes their domain password and immediately their firebird password 
changes as well.


This works on a windows to windows basis, but, when a windows client, tries to 
attach to a linux server using the same mechanism, the connection fails.   This 
is true even is the linux box is a full member of the domain via samba.


So, that is why Samba is important - it means the Linux User Authentication 
Method is linked to the Windows User Authentication Method and that means that 
the firebird database server does not need to maintain a separate security 
database for authentication as the OS handles that.   Of coarse, SQL rights are 
still managed and maintained within the database itself.


For people who are not familiar with domain trusts, linux or plugin 
authentication modules, could be confused by this.   It also is not needed by 
users who only use the SYSDBA account.


I am looking for as much infomation as I can get, in order to either write a 
module that queries the linux PAM system, by providing the user provided 
USERNAME/PASSWORD or, better yet, have it take care of the handshake with the 
domain for the use of the windows token.


I hope this explains why Samba is needed, why this is different from actual 
grants and what my questions where about.


I am asking here as I am trying to determine if this is already avail

Re: [firebird-support] How non-SYSDBA user can see connections by other users?

2016-10-20 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
You have a few choices in how to do this.


You can either upgrade your users to RDB$ADMIN role rights (not recommended) or 
you can grant the user to have rights to a view that gets it's data from a 
stored procedure that connects back to the database in a separate 
connect/transaction as a user that is a member of the RDB$ADMIN role - and you 
setup the database triggers so that the database prevents that specialized user 
from connecting to the database from any application other than the firebird 
server and the servers ip address (you can get this information from the mon$ 
tables).


This is a better way, but, due to someone being able to read the DDL, they may 
get a way to abuse your system by reading the system tables and getting the 
special users username/password/role.


It is better to have them connect to a different, more secure database, with a 
low end user account that can only run that one view, then that view, connects 
back to the primary database to get the information.   This keeps all the 
private DDL information away from anyone who has read access to the system 
tables.   So, even if they can read the metadata of the primary database, it 
does not give them the right to read the metadata of the second database, thus 
keeping the private credentials away from the user.


Also, you will need to filter the output to not show these hidden/system 
connections to the regular user.


There are a few other ways, but, they rely upon OS specific tricks that are a 
bit too complicated to mention in a simple email.


best regards


Dalton




From: firebird-support@yahoogroups.com  on 
behalf of 'Thomas Steinmaurer' t...@iblogmanager.com [firebird-support] 

Sent: October 20, 2016 10:30:17 AM
To: firebird-support@yahoogroups.com
Subject: Re: [firebird-support] How non-SYSDBA user can see connections by 
other users?



> SYSDBA users can see other connected users using monitoring tables but is it
> possible to implement such feature for non-SYSDBA users? Are there
> event/triggers that act uppon connecting and disconnecting and which can 
> insert
> usual database records. Triggers no MON$ tables are not suitable because MON$
> tables are populated only during query time.

The following users get the full picture when querying monitoring tables:

* Database owner
* SYSDBA
* Users as a member of the special per database RDB$ADMIN role. Role needs to 
be specified at connect time.

--
With regards,
Thomas Steinmaurer
http://www.upscene.com

Professional Tools and Services for Firebird
FB TraceManager, IB LogManager, Database Health Check, Tuning etc.

Re: [firebird-support] Looking for detailed documentation on the new Firebird 3 security authentication process.

2016-10-20 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
Hi Alain,


We use full user authentication at our company, so everyone logs into the 
database using their own credentials.  Currently, each user has an account in 
the firebird security database.   Each user also has a windows domain account.  
 This means each user has, at a minimum, two separate usernames and passwords 
to maintain, while IT staff have to be diligent to clean up users from the 
firebird security database, after a staff member has left the company.


When I log onto a Firebird Database, without providing username or password, on 
a linux host, the Firebird engine uses my local linux username as my Firebird 
username and I have any rights that the SYSDBA has granted to my linux 
username, even though, my linux user name is not in the firebird security 
database.


Firebird on windows, starting with the 2.x version, started to allow this 
behaviour and new security grant commands where created to allow for default 
rights (such as someone with administrative rights on the local machine 
automatically logging in as themselves with sysdba role access rights).   So, 
if you logged into your windows machine as 
"MY_COMPANY_DOMAIN\MY_DOMAIN_WINDOWS_USER_NAME" and opened a firebird 
connection as yourself, then you would see the above when you did a select 
current_user . in the database.


With Firebird 3.0, this has been extended so that trusted rights are passed 
from windows machine to windows machine in the same domain.   This is 
accomplished by the client, who verified the user via the domain 
authentication/password, sending a time/domain sensitive token to the server, 
which the server then uses to get the details about the user and provides the 
user ID to any software that requests it.  This means you only administrate one 
set of user accounts for all your databases and those are the same accounts 
used for machine login and OS/network rights.


So a user changes their domain password and immediately their firebird password 
changes as well.


This works on a windows to windows basis, but, when a windows client, tries to 
attach to a linux server using the same mechanism, the connection fails.   This 
is true even is the linux box is a full member of the domain via samba.


So, that is why Samba is important - it means the Linux User Authentication 
Method is linked to the Windows User Authentication Method and that means that 
the firebird database server does not need to maintain a separate security 
database for authentication as the OS handles that.   Of coarse, SQL rights are 
still managed and maintained within the database itself.


For people who are not familiar with domain trusts, linux or plugin 
authentication modules, could be confused by this.   It also is not needed by 
users who only use the SYSDBA account.


I am looking for as much infomation as I can get, in order to either write a 
module that queries the linux PAM system, by providing the user provided 
USERNAME/PASSWORD or, better yet, have it take care of the handshake with the 
domain for the use of the windows token.


I hope this explains why Samba is needed, why this is different from actual 
grants and what my questions where about.


I am asking here as I am trying to determine if this is already available but 
the documentation is hard to find, or, barring that, I will in turn ask on the 
development list.


best regards


Dalton


From: Alain Bastien 
Sent: October 20, 2016 4:50:34 AM
To: Dalton Calford
Subject: Fwd: [firebird-support] Looking for detailed documentation on the new 
Firebird 3 security authentication process.

May I reply ?

As far as I know and performed the same experience,  Only the Grant function 
SYSDBA gives to the user to a DATABASE and/or specific VIEWS and/or TABLES

are enough.  SAMBA access has nothing to do with.

Is that your issue ?



Kind Regards

Alain Bastien
34 Dr Ross Avenue
Rose Hill 72102
Mauritius
Mobile Tel: +230  5 719 30 30
Skype:alainbastien
Viber: 7320143





-- Forwarded message --
From: Dalton Calford dcalf...@distributel.ca 
[firebird-support] 
mailto:firebird-support@yahoogroups.com>>
Date: Wed, Oct 19, 2016 at 10:03 PM
Subject: [firebird-support] Looking for detailed documentation on the new 
Firebird 3 security authentication process.
To: "firebird-support@yahoogroups.com" 
mailto:firebird-support@yahoogroups.com>>




Hi Everyone.


I have a linux machine (Ubuntu 16.04 64bit Server) with Firebird 3.01 64 bit 
installed.

That machine is a member of our corporate domain and authenticates via 
PAM/Samba4 for all user access.


I want to have Firebird client applications on remote windows machines to use 
the linux user authentication (PAM/DOMAIN) instead of a security database.


Is this currently possible?Is this theorectically possible?   Where can I 
find documentation for this?


best regards


Dalton

[firebird-support] Looking for detailed documentation on the new Firebird 3 security authentication process.

2016-10-19 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
Hi Everyone.


I have a linux machine (Ubuntu 16.04 64bit Server) with Firebird 3.01 64 bit 
installed.

That machine is a member of our corporate domain and authenticates via 
PAM/Samba4 for all user access.


I want to have Firebird client applications on remote windows machines to use 
the linux user authentication (PAM/DOMAIN) instead of a security database.


Is this currently possible?Is this theorectically possible?   Where can I 
find documentation for this?


best regards


Dalton

[firebird-support] Detailed information in regards to Trusted Authentication

2016-06-01 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
Hi,


I am testing Firebird 3 and one of the tests happens to be finding out if it 
supports Active Directory.


I am assuming that trusted user authentication passes the user identity as per 
the local machine to the server.


The question I have is how you would setup a linux box (already part of the 
domain and domain authenticated) to accept trusted user authentication from a 
windows box on the same domain.


I am trying to find any documentation that goes into details about the 
configuration of trusted user authentication.


best regards


Dalton

Re: [firebird-support] Re: Firebird 3 on Kubuntu 16.04

2016-06-01 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
Thanks,


I removed Firebird and tried the downloads from Sourceforge, all is working 
fine now.


From: firebird-support@yahoogroups.com  on 
behalf of peshk...@mail.ru [firebird-support] 
Sent: June 1, 2016 5:19:23 AM
To: firebird-support@yahoogroups.com
Subject: [firebird-support] Re: Firebird 3 on Kubuntu 16.04



Have you tried binaries from SF?

[firebird-support] Firebird 3 on Kubuntu 16.04

2016-05-31 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
Hey All,

Does anyone have the latest install guides for Firebird 3 on systemd  based 
Ubuntu systems?

I installed firebird, gave it the password but the install had output as follows

Created default security3.fdb
Failed to start firebird3.0-server.service: Unit firebird3.0-server.service not 
found.
Firebird 3.0 server not enabled or unable to start
Not setting SYSDBA password
Please run 'dpkg-reconfigure firebird3.0-server'

Tried dpkg-reconfigure, still no startup, so I tried systemctl status 
firebird3.0.service and I got the following in return

● firebird3.0.service - Firebird Database Server ( SuperServer )
   Loaded: loaded (/lib/systemd/system/firebird3.0.service; disabled; vendor 
preset: enabled)
   Active: failed (Result: resources) since Tue 2016-05-31 09:49:39 EDT; 24s ago
  Process: 11352 ExecStart=/usr/sbin/fbguard -pidfile 
/var/run/firebird/3.0default.pid -daemon -forever (code=exited, 
status=0/SUCCESS)

systemd[1]: Starting Firebird Database Server ( SuperServer )...
firebird[11355]: Security database error
systemd[1]: firebird3.0.service: PID file /var/run/firebird/3.0default.pid not 
readable (yet?) after start: No such file or directory
systemd[1]: firebird3.0.service: Daemon never wrote its PID file. Failing.
systemd[1]: Failed to start Firebird Database Server ( SuperServer ).
systemd[1]: firebird3.0.service: Unit entered failed state.
systemd[1]: firebird3.0.service: Failed with result 'resources'.

>From what I am reading, it appears firebird will not startup until the sysdba 
>password is set, yet, the configuration tools won’t set the sysdba password 
>until the server starts?

Does anyone have any indication about what I am doing wrong here?

Best regards


Dalton Calford / Senior Systems Database Administrator, Information Systems
DISTRIBUTEL
56 Aberfoyle Crescent
Toronto(Ontario) M8X 2W4
T  416.969.8154
www.distributel.ca

[firebird-support] Newer null sort order and legacy Applications

2016-04-11 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
I have an cluster of older database formats (32bit firebird 1.5) and I wish to 
see about migrating them to a newer firebird 2.5 64 bit format.


We replicate using older custom C code on telco servers, so redesigning the 
replication code and getting it certified for use is a non-starter.


So, we have to use the existing technology, which, having been designed over 14 
years ago, has some logic holes that we have to make allowances for.


One of those holes happens to be a dependency upon null sort order.


The newer database engine returns nulls with a different precedence than the 
older 1.5 firebird.


I can not change the queries (the client replication apps) to change the null 
sort order.


So, I am wondering if there was some database or server specific configuration 
setting that would change the default null sort order to the older methods.


All ideas welcome.

[firebird-support] Setting up FreeAdhocUDF on an Ubuntu Server

2015-09-03 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
I am attempting to setup FreeAdhocUDF on a standard (apt-get) install of 
firebird 2.5
The server is a 64 bit machine/OS/firebird install.

I am having problems understanding some of the FreeAdhocUDF documentation

For example,  the documentation assumes that firebird is installed under /opt/ 
and that there is a /lib/ directory under firebird.

But, with a standard install of firebird, the firebird directory is spread out 
into various places  see 
(www.firebirdsql.org/manual/ubusetup.html)
 but, it no longer uses a private lib directory.

Doing a LDD on the files as suggested, I find that /usr/lib/x86_64-linux-gnu is 
where the program is expecting the libraries to be, but, at that point, the 
instructions get pretty murky.

Has anyone gotten FreeAdhocUDF up and running with the FAU files linked 
properly?

Thanks guys, it's getting late where I am and I am in need of some help.

Dalton Calford / Senior Systems Database Administrator, Information Systems
DISTRIBUTEL
56 Aberfoyle Crescent
Toronto(Ontario) M8X 2W4
T  416.969.8154
www.distributel.ca

RE: [firebird-support] Re: Getting a list of system users via SQL

2015-09-01 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
Is there a method to remove the restriction on connecting to security2.fdb 
until fb3 goes gold?

From: firebird-support@yahoogroups.com [firebird-support@yahoogroups.com]
Sent: 01 September 2015 11:01
To: firebird-support@yahoogroups.com
Subject: [firebird-support] Re: Getting a list of system users via SQL

01.09.2015 17:24, Dalton Calford wrote:

> With firebird 2.5 we received some wonderful tools that allowed us to create, 
> update and drop users without needlessly mucking about with smacking the 
> security database.  Yea!
>
> But, we also where locked out from reading the security database so  we can 
> no longer see who is defined in the database via sql. Boo!
>
> So, what I want to know is, is it possible to get a list of currently defined 
> users for the system database, via sql.
>
> ie., select * from mon$security2 or some other such method?

Only in FB3, via sec$users.


Dmitry








++

Visit http://www.firebirdsql.org and click the Documentation item
on the main (top) menu.  Try FAQ and other links from the left-side menu there.

Also search the knowledgebases at http://www.ibphoenix.com/resources/documents/

++


Yahoo Groups Links

[firebird-support] Getting a list of system users via SQL

2015-09-01 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
With firebird 2.5 we received some wonderful tools that allowed us to create, 
update and drop users without needlessly mucking about with smacking the 
security database.  Yea!

But, we also where locked out from reading the security database so  we can no 
longer see who is defined in the database via sql. Boo!

So, what I want to know is, is it possible to get a list of currently defined 
users for the system database, via sql.

ie., select * from mon$security2 or some other such method?

[firebird-support] Firebird 2.5.2.26540 superclassic on Ubuntu 14.04 LTS Server

2014-05-14 Thread Dalton Calford dcalf...@distributel.ca [firebird-support] 
Hi Everyone,

I am almost embarrassed to ask, but, I am having a great deal of difficulty 
with setting this up.

I have a brand new installation of Ubuntu LTS Server 14.04

I have installed firebird superclassic.
I have used gbak to restore a database without any problems

I can connect to my newly restored database via isql-fb without the network 
specified.
I can connect to my newly restored database via isql-fb with localhost 
specified.
I can not connect to the machines actual ip address ie 192.168.0.87

The following commands work

isql-fb -user SYSDBA -password masterkey /mnt/raid/firebird/mcf.001
isql-fb -user SYSDBA -password masterkey localhost:/mnt/raid/firebird/mcf.001

But, the following command does not work.
isql-fb -user SYSDBA -password masterkey localhost:/mnt/raid/firebird/mcf.001


I found that /etc/firebird/2.5/firebird.conf had RemoteBindAddress = localhost 
specified.
I first remarked it out, restarted firebird but alas, that did not work.
I then tried to specify RemoteBindAddress = 192.168.0.87, restarted firebird 
but again,  that did not work
I also tried RemoteBindAddress = Any but had no luck as well.

I do not have a firewall installed, I am not using the guardian.

I have tried this on two other installations with identical results.

Has anyone been able to get Firebird 2.5 SuperClassic to work on Ubuntu Server 
14.04?

Best regards


Dalton Calford / Senior Systems Database Administrator, Information Systems
DISTRIBUTEL
56 Aberfoyle Crescent
Toronto(Ontario) M8X 2W4
T  416.969.8154
www.distributel.ca