3

Downloaded Firebird database Firebird-3.0.3.32900-0_x64_pdb.zip. Extract folder install_service.bat and able to access EMPLOYEE.FDB database. Also able to access EMPLOYEE.FDB database without install_service. For creating new user for EMPLOYEE.FDB, I have open EMPLOYEE.FDB database in isql using SYSDBA USER. Used below query for create new user: 

create user DEMO password 'demo' GRANT ADMIN ROLE;

After that I am also able to open EMPLOYEE.FDB database using DEMO USER in isql.

I am using third party tool for GUI : https://fishcodelib.com/Database.htm

Using above tool I am not able to access EMPLOYEE.FDB database. Getting below error :

ErrorCode: 335544472 Number: 335544472, Class: 0, Line: 0 ErrorMessage: Your user name and password are not defined. Ask your database administrator to set up a Firebird login.

Firebird configuration parameters are not set properly. Please enable the following parameters in firebird.conf: (For default SRP) WireCrypt = Enabled (For Legacy Auth) WireCrypt = Enabled AuthServer = Legacy_Auth, Srp, Win_Sspi

Set User and Password: Options -> (Global) Additional connection string parameters -> Firebird

I have already applied above configuration in firebird.conf file. Still getting the same exception. So,my question is that, is it correct way to create user for any database ? Means I want to create new database with new user for my c# application.

Example :

Database : Mydb.fdb; Users : SYSDBA (default user), demo

I want to perform all SQL operation using demo user in my C# application. So, Can you please help me how to create multiple users for specific database with different rights and grants.

I have go through :

https://firebirdsql.org/file/documentation/release_notes/html/en/3_0/rnfb30-compat-initsec.html

https://firebirdsql.org/refdocs/langrefupd25-security-rdbadmin.html

Firebird database SYSDBA connection error

But not understand how to do this.

Edit : Firebird.conf file configuration:

AuthServer = Legacy_Auth,srp,Win_Sspi

WireCrypt = Enabled 

AuthClient = Srp, Win_Sspi, Legacy_Auth
Mark Rotteveel
  • 82,132
  • 136
  • 114
  • 158
Hkachhia
  • 4,130
  • 5
  • 35
  • 71
  • What are the values of the firebird.conf settings `WireCrypt`, `AuthServer`, `AuthClient` and `UserManager`. The instructions in that error message from fishbowl is, btw, not entirely correct. – Mark Rotteveel May 26 '18 at 07:04
  • Given that fishbowl is written in C#, do you know which version of the Firebird.net provider it is using? – Mark Rotteveel May 26 '18 at 07:05
  • I have been able to reproduce this problem if the user is setup as legacy authentication, but only when connecting from Fishbowl, for example Flame Robin works fine. This is either specifically a problem of Fishbowl, or maybe with the authentication logic in the Firebird .net provider. This may - possibly - be related to http://tracker.firebirdsql.org/browse/DNET-783 – Mark Rotteveel May 26 '18 at 07:26
  • @MarkRotteveel: here is the value of : AuthServer = Legacy_Auth,srp,Win_Sspi WireCrypt = Enabled AuthClient = Srp, Win_Sspi, Legacy_Auth – Hkachhia May 26 '18 at 10:25
  • @MarkRotteveel: I am using Nuget package of Firebird and it's working fine – Hkachhia May 26 '18 at 10:48
  • And what is the value of `UserManager` and `WireCrypt`? And which version of the NuGet package are you using that is working fine? And please **edit** your question with that info, don't add information through comments. As far as I can tell it is broken in the (recent) 5.x versions if you are using a legacy authentication user. – Mark Rotteveel May 26 '18 at 11:13
  • And what is the value of `UserManager`? – Mark Rotteveel May 26 '18 at 13:13

1 Answers1

2

It looks like you created a Legacy_Auth user, or at least I can reproduce the behaviour you observe when I use a Legacy_Auth user.

The problem is that the Firebird ado.net provider 5.0 and higher, when connecting to Firebird 3 or higher, only supports the Srp (and Win_Sspi) authentication protocol. The Legacy_Auth protocol is not supported when connecting to Firebird 3.

You will need to create a Srp user. To that end, you need to edit firebird.conf, and change (or set) the UserManager setting to:

UserManager = Srp

Or if you also need to create legacy user accounts:

UserManager = Srp, Legacy_UserManager

The first entry is the 'default' user manager. In some cases (eg when using old tools expecting to create legacy users) you may need to reverse the order.

Then create the user using:

create user DEMO password 'demo' GRANT ADMIN ROLE using plugin Srp;

If you leave using plugin Srp off, Firebird will use the default user manager (the first in the list), in your initial setup this was apparently set to Legacy_UserManager.

If you have no tools that require the use of legacy authentication users, I strongly advise to replace all those users with Srp users. This should be as simple as creating new users with the same name using the Srp plugin. Then remove Legacy_Auth from the AuthServer setting in firebird.conf. Consider dropping the legacy auth users with drop user <name> using plugin Legacy_UserManager, to be able to do this, the Legacy_UserManager must be in the UserManager list.

Mark Rotteveel
  • 82,132
  • 136
  • 114
  • 158