FB4 - Install incomplete

[Hugo Eyng | Datamais]

  Hello Friends.

Until some days ago I was able to connect my database normally.

Now i am getting the message:

"Install incomplete. To complete security database initialization please CREATE USER. For details read doc/README.security_database.txt."

I already read the details and followed the instructions.

Windows 10
64 bits
FB 4.0.1 (Early 4.0)

What should I look for?

[AlexPeshkoff]

Did you get any errors when followed README.security_database.txt?

четверг, 18 августа 2022 г. в 23:59:17 UTC+3, hugo...@gmail.com:

[Mark Rotteveel]

It sounds like you either replaced your security database with an empty
one, or you previously had Legacy_Auth enabled, but now you only have a
variant of Srp, but have no users created with the Srp user manager.

Alternatively, you upgraded a client library which previously supported
Legacy_Auth, or used it by default, but now no longer supports it, or no
longer uses it by default.

So, what are the settings for AuthServer and UserManager in your
firebird.conf (of the server)?

Mark
--
Mark Rotteveel

[Hugo Eyng | Datamais]

Hi Alex.

No erros.

Atenciosamente,

Hugo

--
You received this message because you are subscribed to the Google Groups "firebird-support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebird-suppo...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/firebird-support/7d5a1a35-394f-41a6-8cd1-bfc6931ddc67n%40googlegroups.com.

[Hugo Eyng | Datamais]

Hi Mark.

I think you are right.
Something changed after:

-  I Installed ODBC driver 32 and 64 bits
- I Installed Red Database instead Red Expert (for testing)

I used fbclient.dll :
FB 2.5 32 bits 15/02/2017
FB 2.5 32 bits 05/01/2018
FB  2.5 32 bits 20/06/2019
FB 4.0.2 32 bits 08/08/2022

firebird.conf

ServerMode = Super
DefaultDbCachePages = 20K
FileSystemCacheThreshold = 2M
TempBlockSize = 2M
TempCacheLimit = 1500M
AuthServer = Legacy_Auth, Srp256, Srp
AuthClient = Legacy_Auth, Srp, Win_Sspi
UserManager = Legacy_UserManager, Srp
WireCrypt = Enabled
RemoteServicePort = 3051
LockMemSize = 15M
LockHashSlots = 30011
DefaultTimeZone = -03:00
DataTypeCompatibility = 2.5

In DBEaver  using JDBC 4.0.0 and does not work.

When using an ODBC connection, I can connect to Database.

Atenciosamente,

Hugo

--
You received this message because you are subscribed to the Google Groups "firebird-support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebird-suppo...@googlegroups.com.

To view this discussion on the web, visit https://groups.google.com/d/msgid/firebird-support/8a4f38aa-e04f-412f-b660-0ed927740f44%40lawinegevaar.nl.

[Dimitry Sibiryakov]

Hugo Eyng | Datamais wrote 19.08.2022 16:46:
> No erros.

See? You've added SRP to list of user managers but didn't initialize tables
for it as described in the manual.

Alex, do you still hesitate to create them at need implicitly?

--
WBR, SD.

[Alex Peshkoff]

On 8/19/22 17:46, Hugo Eyng | Datamais wrote:
>
> Hi Alex.
>
> No erros.
>
> image.png
>
> Atenciosamente,
>
> Hugo
>

I see. In that case _carefuly_ read and after it do what Mark suggested.

[Alex Peshkoff]

 Do you also suggest to create in that tables sysdba with masterke ? ;)

[Dimitry Sibiryakov]

'Alex Peshkoff' via firebird-support wrote 19.08.2022 16:57:
>  Do you also suggest to create in that tables sysdba with masterke ? ;)

Surely I don't. "User not defined" is an appropriate error.

--
WBR, SD.

[Alex Peshkoff]

In that case i'ts enough to change firebird.msg. Anyway 'create user' is
needed.

[Mark Rotteveel]

On 19-08-2022 16:47, Hugo Eyng | Datamais wrote:
> firebird.conf
>
[..]

> AuthServer = Legacy_Auth, Srp256, Srp

[..]
> UserManager = Legacy_UserManager, Srp
[..]

>
> In DBEaver  using JDBC 4.0.0 and does not work.

DBeaver uses Jaybird, and Jaybird since 4.0.0 doesn't use Legacy_Auth by
default[1] when connecting to Firebird 3.0 and higher, only Srp256 and
Srp. Given you have Srp256 and Srp in AuthServer, Jaybird will try to
authenticate using those plugins.

Since you seem to have never created a user using the Srp user manager
(as there are no Srp users in the screenshot in the reply to Alex),
Firebird will report the "install incomplete" error.

To be able to connect with Legacy_Auth from DBeaver, add connection
property authPlugins with value Legacy_Auth to the connection properties
in DBeaver (tab Driver properties).

Alternatively, switch to using Srp, create your users with Srp, and drop
the Legacy_Auth users.

To initialize Srp, you need to create a user:
CREATE USER someuser PASSWORD 'somepassword' USING PLUGIN Srp;

(and optionally drop the user again if you only want to initialize Srp,
the error will then change to the normal "Your user name and password
are not defined" error.)

As an aside, your configuration is insecure. Legacy_Auth should be last
in both AuthServer and AuthClient, as your current order leaks the hash
of the first 8 characters of a password even if the user is a Srp user,
and that hash is trivial to crack with rainbow tables. If you switch to
Srp, I recommend switching the order in UserManager to Srp,
Legacy_UserManager as well, so by default CREATE USER creates the more
secure Srp users (when you leave off the USING PLUGIN clause).

Mark

[1]:
https://www.firebirdsql.org/file/documentation/drivers_documentation/java/4.0.x/release_notes.html#default-authentication-plugins
--
Mark Rotteveel