PRVF-4007 : User equivalence check failed for user “oracle/user” OR Setup ssh User equivalence in 11gR2


[oracle@RACG1 grid]$ ./runcluvfy.sh stage -pre crsinst -n RACG1,RACG2 -r 11gR2 -fixup -verbose


Performing pre-checks for cluster services setup

Checking node reachability…
Check: Node reachability from node “RACG1″

  Destination Node                      Reachable?
  ————————————  ————————
  RACG1                                 yes
  RACG2                                 yes
Result: Node reachability check passed from node “RACG1″

Checking user equivalence…
Check: User equivalence for user “oracle”

  Node Name                             Comment
  ————————————  ————————
  RACG1                                 failed
  RACG2                                 failed
Result: PRVF-4007 : User equivalence check failed for user “oracle”

ERROR:

User equivalence unavailable on all the specified nodes
Verification cannot proceed


Pre-check for cluster services setup was unsuccessful on all the nodes.

 
– TO AVOID 

PRVF-4007 : User equivalence check failed for user “oracle 

 

Setup ssh User equivalence in 11gR2

 

In new 11GR2 ssh User equivalence can be setup as below. 


[oracle@RACG1 grid]$ ll

total 40
drwxrwxrwx  9 oracle oinstall 4096 Apr  1 08:11 doc
drwxrwxrwx  4 oracle oinstall 4096 Apr  1 08:11 install
drwxrwxrwx  2 oracle oinstall 4096 Apr  1 08:11 response
drwxrwxrwx  2 oracle oinstall 4096 Apr  1 08:11 rpm
-rwxrwxrwx  1 oracle oinstall 3795 Apr  1 08:11 runcluvfy.sh
-rwxrwxrwx  1 oracle oinstall 3227 Apr  1 08:11 runInstaller
drwxrwxrwx  2 oracle oinstall 4096 Apr  1 09:05 sshsetup
drwxrwxrwx 14 oracle oinstall 4096 Apr  1 08:11 stage
-rwxrwxrwx  1 oracle oinstall 4228 Apr  1 08:11 welcome.html

 

cd sshsetup
./sshUserSetup.sh -user oracle -hosts NODE1,NODE2 -advanced -exverify -confirm


Below is method to setup ssh Manually step-by-step. 


– ON RACG1 (NODE 1)
[oracle@RACG1 ~]$ mkdir -p ~/.ssh
[oracle@RACG1 ~]$ chmod 700 ~/.ssh
[oracle@RACG1 ~]$ /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):<enter>
Enter passphrase (empty for no passphrase): <enter>
Enter same passphrase again: <enter>
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
b0:a3:85:a1:5b:90:a7:b3:d6:6a:64:54:ca:6d:2e:07 oracle@RACG1.mycropdomain.com
[oracle@RACG1 ~]$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):<enter>
Enter passphrase (empty for no passphrase):<enter>
Enter same passphrase again:<enter>
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
54:34:0f:c9:4f:d4:55:a2:f8:4d:e0:b8:3c:1f:f9:1d oracle@RACG1.mycropdomain.com

– ON RACG2 (NODE 2)
[oracle@RACG2 ~]$ mkdir -p ~/.ssh
[oracle@RACG2 ~]$ chmod 700 ~/.ssh
[oracle@RACG2 ~]$ /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): <enter>
Enter same passphrase again: <enter>
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:<enter> 
bc:6a:fe:d7:31:0e:ad:e7:18:86:c4:2d:af:94:f7:86 oracle@RACG2.mycropdomain.com
[oracle@RACG2 ~]$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):<enter>
Enter passphrase (empty for no passphrase):<enter>
Enter same passphrase again:<enter>
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
16:42:56:41:7e:3f:04:d2:73:82:b7:46:a9:0a:3f:9f oracle@RACG2.mycropdomain.com

– ON RACG1 (NODE 1)
[oracle@RACG1 ~]$ ssh racg1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host ‘racg1 (192.168.80.141)’ can’t be established.
RSA key fingerprint is 8a:8f:1e:14:63:4f:41:0c:20:6f:7c:d1:73:a8:0a:78.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘racg1,192.168.80.141′ (RSA) to the list of known hosts.
oracle@racg1’s password:
[oracle@RACG1 ~]$ ssh racg1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[oracle@RACG1 ~]$ ssh racg2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host ‘racg2 (192.168.80.142)’ can’t be established.
RSA key fingerprint is 8a:8f:1e:14:63:4f:41:0c:20:6f:7c:d1:73:a8:0a:78.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘racg2,192.168.80.142′ (RSA) to the list of known hosts.
oracle@racg2’s password:
[oracle@RACG1 ~]$ ssh racg2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
oracle@racg2’s password:
[oracle@RACG1 ~]$ scp .ssh/authorized_keys racg2:.ssh/
oracle@racg2’s password:
Permission denied, please try again.
oracle@racg2’s password:
Permission denied, please try again.
===TO OVERCOME THIS ERROR.Give below permission on RACG2 (NODE 2)
[oracle@RACG2 ~]$ chmod 700 ~/.ssh
=====
oracle@racg2’s password:
authorized_keys                           100% 1644     1.6KB/s   00:00

—- TEST IT.

[oracle@RACG2 ~]$ ssh RACG1 date

[oracle@RACG2 ~]$ ssh RACG2 date
[oracle@RACG1 ~]$ ssh RACG2 date
[oracle@RACG1 ~]$ ssh RACG1 date
It should Ask for password only first time.
——perform below step on BOTH NODE.
exec /usr/bin/ssh-agent $SHELL
/usr/bin/ssh-add
Identity added: /home/oracle/.ssh/id_rsa (/home/oracle/.ssh/id_rsa)
  • login as root
  • vi /etc/sshd_config
  • mark no instead of yes at line
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s