RE: Oracle on Windows with Active Directory
Date: Thu, 30 Oct 2008 10:39:23 -0400
Message-ID: <BAY107-W12DCF2684ACEFBFCD5EE7CA1210@phx.gbl>
Bill,
The proper configuration for ADS server is must to run it smoothly.
In our environment, the ADS team has created 2 groups on ADS server. One is server_admin group and other is ORACLE_ADMIN group (to be a part of ORA_DBA) group.
All DBA's are part of both groups. There is no local user ids created. We login to Windows server as ADS\userid.
The Windows database server under ADS domain should also be defined correctly by ADS team. After login to server and connecting to databases as ' sqlplus / as sysdba' without giving password, this setup is ok. If not setup is not correct and this issue has to be resolved.
As regard tns issue you may define your domain in sqlnet.ora file like this on local tnsnames.ora file.
NAMES.DEFAULT_DOMAIN = usgs.gov
SQLNET.AUTHENTICATION_SERVICES= (NTS) ----This is must to login as sysdba without password. It may be NONE,NTS otherwise to avoid any application connectivity issues.
NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)
You may also talk to them to define the usgs.gov naming instead of doi.net in DNS entries.
The following note from Oracle may help for proper setup of Windows database server under ADS domain.
I hope it may help someone on this list.
Regards
Rafiq
OS Authentication for Administrator/Domain user
A new user is created on the NT-domain and added to the local ORA_DBA group of the member server, but connecting to the database AS SYSDBA without any password still fails with ORA-01031 :
- the account on Windows being used is a domain account
- the server (which is a member of a domain) is Windows 2003 or Windows 2000
- the Domain controller is Windows 2000
- by default Windows 2003 and 2000 have a different way of authentication when using domain accounts.
In fact, although Windows 2003 is not pre-Windows 2000, since they all implement the Windows NT way of authentication, the method below is successful:
- Logon to the domain controller (Windows 2000) as administrator
- Run Control Panel / Active Directory Users and Computers
- Click Computers
- Double click the server name of the Windows 2003 or Windows 2000 box
- Select the "Member of" tab
- Add "Pre-Windows 2000 Compatible Access"
> Date: Thu, 30 Oct 2008 06:26:03 -0600> From: wbfergus@gmail.com> To: oracle-l@freelists.org> Subject: Oracle on Windows with Active Directory> > I've been meaning to research this further, but never got around to it.> > I had one server that was placed in AD that gave me all kinds of grief> when I was installing the software. Our AD environment (very poorly> planned), ends with doi.net, yet all of our machines are only (web)> addressable as usgs.gov. When I was running the setup, Oracle always> insisted that the global name end with doi.net and caused all kinds of> other headaches. The easiest way I found around the problem was to> take the machine out of AD and just have it in a workgroup. There were> a couple of Metalink articles that provided some workarounds for an AD> environment, but they were extremely time-consuming, and logging in to> Oracle via SQL*Plus was still problemmatic while in AD. Trying to get> tnsnaming setup so all three servers could communicate was extremely> frustrating as well. Now that all three of my servers are just in a> workgroup, things work smoothly (as far as possible anyway). This was> the only way I could find to easily get Oracle not to use the doi.net> convention, but use the usgs.gov naming instead.> > How do others on this list running Windows Servers in Active> Directory, handle installing and running Oracle software?> > -- > -- Bill Ferguson> --> http://www.freelists.org/webpage/oracle-l> >
See how Windows connects the people, information, and fun that are part of your life. http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Oct 30 2008 - 09:39:23 CDT