Subject Re: [firebird-support] Firebird 3.0 client does not work with remote Firebird 2.5 database
Author Helen Borrie
Michael Fox wrote:

> It’s the default package of firebird-dev on
> Stretch which doesn’t work.

Ancient. Current sub-release is 3.0.4. Given that there were some
humps and bumps in the early releases, you might well be encountering
bugs that have since been fixed.

> The previous version of firebird-dev
> on Jessie works fine with the same
> credentials (note: I’m using PHP’s Interbase extension to connect
> but I don’t think it’s the cause of the issue).
Maybe, maybe not. There are some bugs around with that driver. But
if it is working OK for you with 2.5.3 (also ancient!!) it might not
be a factor in this issue.

> The config settings are the default ones. For the two settings you mentioned:

> AuthClient = Srp, Win_Sspi, Legacy_Auth
> WireCrypt = Enabled (for client) / Required (for server)

Here's the thing. The defaults shown here for these two parameters
represent the default configs for a Fb3 client and a Fb3 server. Since
they are Fb 3 settings, the 2.5 server doesn't know about them.
Specifically, they are telling the Fb3 client to encrypt the wire
transmissions but of course Fb 2.5 doesn't support wire encryption.
Likewise, Fb 2.5 doesn't support SRP authentication; nor does the
Linux cclient support Win_Sspi at all.

Firebird 3 allows configuration at both client and server for some
parameters, including these two. Changes to these parameters must be
done at the client side for your situation. If you plan to use the
same Firebird setup on the Linus server as a client for databases on
both 2.5 and 3.0 servers, you'll need to configure records there in
databases.conf, specific to each. (You could set them globally in
firebird.conf but that would, of course, restrict the options for
accessing diverse remote databases.)

> I’ve played around with different permutations without success.

So - you have done settings in databases.conf?

> Maybe worth noting that the credentials for the remote server are in the format:

> XX.XXX.X.XXX/45731:d:/Database/P2Gold data.ib

It no longer makes good sense to avoid using aliases.

On the 2.5 server side, have the third party make an alias in
aliases.conf, e.g.,

p2gold = "d:/Database/P2Gold data.ib"

(You may or may not need the double quotes, try it both ways.)

At the Fb3 client side, make an entry in databases.conf for the
same alias. That's just for syntactic completeness: the client
doesn't do anything with the path, though of course this would be an
invalid entry if you tried to use it locally! You can study the notes
in databases.conf for the syntax of an entry. For this alias you will
need to set AuthClient = Legacy_Auth and WireCrpyt = Disabled.

Once saved, the config should work. The same isn't true for reconfigs
of server-side parameters, though - that requires a server restart.
Likewise, on the Fb 2.5 side, the alias should be available once
aliases.conf is saved, whereas anything reconfigured in firebird.conf
will necessitate a server restart before it is visible.

You can find more details in this article:


This email has been checked for viruses by AVG.